OSCON Network

By Ask Bjørn Hansen on July 26, 2004 12:14 AM | 2 Comments

Eeek. The OSCON network seems to be misbehaving in new and interesting ways this year.

First, port 5222 and 5223 (jabber) seems to be blocked. At least I can't connect to my jabber server from the wireless network. Other ports on the same box are working. We have our jabber server setup with SSL so we can have our secret IMs encrypted to the server.

Second, the reverse dns is spectacularly messed up. The executive summary:

  • the servers who are delegated the reverse lookup zone don't know that and give a confused answer rather than just "don't know about that, go away".
  • queried from the outside they are just dropping requests.

It looks like they are recursive servers for their customers only and they shouldn't have real zones delegated to them.

$ dig +norecursive -x 198.145.31.2 @henna.ARIN.NET.
145.198.in-addr.arpa.   86400   IN      NS      NS2.IINET.COM.
145.198.in-addr.arpa.   86400   IN      NS      NS3.IINET.COM.
145.198.in-addr.arpa.   86400   IN      NS      NS4.IINET.COM.
145.198.in-addr.arpa.   86400   IN      NS      NS1.IINET.COM.

$ dig +norecursive -x 198.145.31.2 @NS2.IINET.COM.
31.145.198.in-addr.arpa. 5      IN      NS      ns2.pacifier.net.145.198.in-addr.arpa.
31.145.198.in-addr.arpa. 5      IN      NS      ns3.pacifier.net.
31.145.198.in-addr.arpa. 5      IN      NS      ns4.pacifier.net.
31.145.198.in-addr.arpa. 5      IN      NS      ns1.pacifier.net.

But the pacifier DNS servers can only be reached from the internal network, and they are just referring to themselves (looks like they are recursive servers rather than properly configured authoritative servers).

$ dig +norecursive -x 198.145.31.2 @ns3.pacifier.net.
;; AUTHORITY SECTION:
31.145.198.in-addr.arpa. 5      IN      NS      ns2.pacifier.net.145.198.in-addr.arpa.
31.145.198.in-addr.arpa. 5      IN      NS      ns3.pacifier.net.
31.145.198.in-addr.arpa. 5      IN      NS      ns4.pacifier.net.
31.145.198.in-addr.arpa. 5      IN      NS      ns1.pacifier.net.

;; ADDITIONAL SECTION:
ns1.pacifier.net.       60      IN      A       64.255.237.240
ns3.pacifier.net.       60      IN      A       209.20.130.79
ns4.pacifier.net.       60      IN      A       206.55.147.14

(the additional section tells the recursive server to go there and look again).

Tags:

2 Comments

Derek | July 26, 2004 8:18 AM | Reply

Also dead:

Yahoo Messenger
MSP (tcp/587)

Anonymous | July 26, 2004 12:25 PM | Reply

All ports mentioned above should be GTG. Our ISP is working on the DNS issue.

Thanks

Leave a comment

Search

About this Entry

This page contains a single entry by Ask Bjørn Hansen published on July 26, 2004 12:14 AM.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.33-en
/* bf */