[Outages-discussion] Mixed Case of.mil MX Servers?
Tom Perrine
tom.perrine at gmail.com
Tue Oct 28 01:11:09 EDT 2014
Well, that was all completely wrong. That'll teach me to answer
without doing the real analysis!
Look at the NS records for .MIL, they are doing something that looks
geo related, eg they have name servers that look like they are
intended for use by (or are hosted in) various regions. See
comments...
mil. 172800 IN NS con1.nipr.mil. ;; guessing this is CONUS?
mil. 172800 IN NS con2.nipr.mil.
mil. 172800 IN NS eur1.nipr.mil. ;; guessing this is EU?
mil. 172800 IN NS eur2.nipr.mil.
mil. 172800 IN NS pac1.nipr.mil. ;; guessing this is APAC?
mil. 172800 IN NS pac2.nipr.mil.
These are not anycast - same last octet, different /24s all from the same /16:
eur1.nipr.mil. 1803 IN A 199.252.154.234
pac2.nipr.mil. 14340 IN A 199.252.155.234
con1.nipr.mil. 5456 IN A 199.252.157.234
con2.nipr.mil. 4820 IN A 199.252.162.234
eur2.nipr.mil. 10861 IN A 199.252.143.234
pac1.nipr.mil. 3736 IN A 199.252.180.234
The NS for Navy.MIL are all over:
navy.mil. 11340 IN NS utindo02.csd.disa.mil.
navy.mil. 11340 IN NS guv10m01.mont.disa.mil.
navy.mil. 11340 IN NS uphb0fda05.csd.disa.mil.
navy.mil. 11340 IN NS upbd0fda02.csd.disa.mil.
navy.mil. 11340 IN NS upbd0fda01.csd.disa.mil.
navy.mil. 11340 IN NS uphb0fda06.csd.disa.mil.
navy.mil. 11340 IN NS guv10m02.mont.disa.mil.
These don't appear to be anycast, but they come in pairs on common
/24s, plus one extra:
guv10m01.mont.disa.mil. 11540 IN A 214.3.160.20
guv10m02.mont.disa.mil. 5688 IN A 214.3.160.21
upbd0fda01.csd.disa.mil. 5027 IN A 215.65.40.37
upbd0fda02.csd.disa.mil. 5132 IN A 215.65.40.38
uphb0fda05.csd.disa.mil. 3086 IN A 207.133.239.155
uphb0fda06.csd.disa.mil. 1449 IN A 207.133.239.156
utindo02.csd.disa.mil. 4877 IN A 152.229.110.236
The DNS server eur1.nipr.mil gave me this answer from San Diego, which
actually exits Cox at San Jose, but looks like it *might* then hit the
east coast MIL gateway. Go fig, from the US west coast I got an
answer from something that is allegedly EU-related :-)
navy.mil. 53943 IN MX 20 sec-jeemsg.eemsg.mail.MIl.
navy.mil. 85048 IN MX 30 mx14.nmci.nAVy.MIl.
navy.mil. 85048 IN MX 30 mx13.nmci.nAVy.MIl.
navy.mil. 85048 IN MX 10 pri-jeemsg.eemsg.mail.MIl.
navy.mil. 85048 IN MX 30 mx15.nmci.nAVy.MIl.
;; Received 167 bytes from 199.252.154.234#53(eur1.nipr.mil) in 103 ms
This is AV+M which matched your Atlanta results.
So, I still think they're trying to somehow indicate which DNS server
gives you any particular answer, probably for their own debugging...
Complex DNS is.... complex :-)
On Mon, Oct 27, 2014 at 9:32 PM, Tom Perrine <tom.perrine at gmail.com> wrote:
> Looks like they're trying to encode information to tell where the DNS
> lookup came from OR which server answered, if there are multiple DNS
> servers in an anycast configuration. Useful for debugging perhaps.
>
> AV+M for the MXs and M for the sec-jeemsg from US east coast
> V+L for the MXs and L for the sec-jeemsg from US west coast
> A+L for the MXs and L for the sec-jeemsg from EU
>
> They all claim to be responses from the same DNS server
> (199.252.154.234), which could either be using some kind of geo or
> other lookup on the source IP of the lookup to pick the response, OR
> these could be responses from 2 or more different DNS servers (in
> different datacenter) if there's anycast DNS involved.
>
> traceroutes to the DNS server IP address from the different sources
> might be interesting.
>
> Also, look at the response times - west coast is 80ms, east coast is
> 30 and EU is 20 ms. That's.... interesting :-)
>
>
>
> On Mon, Oct 27, 2014 at 6:47 PM, Jim Popovitch <jimpop at gmail.com> wrote:
>> On Mon, Oct 27, 2014 at 7:58 PM, Jeremy Chadwick via Outages
>> <outages at outages.org> wrote:
>>> Is it possible for someone to provide output from something like
>>> "dig mx navy.mil. +trace" ?
>>
>> Here's some relevant bits of interest from USA and EU queries in which
>> I see 3 different cases for the word "navy" (nAVy, naVy, nAvy) (also:
>> .MIL and .miL). What's up with the case sensitivity?
>>
>> Atlanta:
>> MX 20 sec-jeemsg.eemsg.mail.MIl. from server 199.252.180.234 in 30 ms.
>> MX 30 mx14.nmci.nAVy.MIl. from server 199.252.180.234 in 30 ms.
>> MX 30 mx13.nmci.nAVy.MIl. from server 199.252.180.234 in 30 ms.
>> MX 10 pri-jeemsg.eemsg.mail.MIl. from server 199.252.180.234 in 30 ms.
>> MX 30 mx15.nmci.nAVy.MIl. from server 199.252.180.234 in 30 ms.
>>
>> Seattle:
>> MX 10 pri-jeemsg.eemsg.mail.miL. from server 199.252.155.234 in 80 ms.
>> MX 20 sec-jeemsg.eemsg.mail.miL. from server 199.252.155.234 in 80 ms.
>> MX 30 mx15.nmci.naVy.miL. from server 199.252.155.234 in 80 ms.
>> MX 30 mx14.nmci.naVy.miL. from server 199.252.155.234 in 80 ms.
>> MX 30 mx13.nmci.naVy.miL. from server 199.252.155.234 in 80 ms.
>>
>> Netherlands:
>> MX 30 mx13.nmci.nAvy.miL. from server 199.252.154.234 in 20 ms.
>> MX 30 mx15.nmci.nAvy.miL. from server 199.252.154.234 in 20 ms.
>> MX 20 sec-jeemsg.eemsg.mail.miL. from server 199.252.154.234 in 20 ms.
>> MX 10 pri-jeemsg.eemsg.mail.miL. from server 199.252.154.234 in 20 ms.
>> MX 30 mx14.nmci.nAvy.miL. from server 199.252.154.234 in 20 ms.
>>
>> -Jim P.
>> _______________________________________________
>> Outages-discussion mailing list
>> Outages-discussion at outages.org
>> https://puck.nether.net/mailman/listinfo/outages-discussion
More information about the Outages-discussion
mailing list