Hashemian Blog: DNS Mystery, NameServers, IP addresses

Today I was trying to reach 1&1's home page, but the browser kept failing to pull up the site. Mysteriously I was able to reach 1&1's home page when I changed my DNS servers to those of OpenDNS.org. Feeling curious I decided to investigate the matter in depth. My default DNS server was reporting the IP address of www.1and1.com to be 217.160.232.1. While that address belongs to 1&1, it's really one of their routers or gateways and not a Web server. No wonder I was unable to access the site. the working IP address reported by OpenDNS.org and a number of other DNS servers was 217.160.226.203. That is indeed the correct IP address for www.1and1.com. So why was I seeing different results from different DNS servers?

As you may know the job of translating a host name to an IP address falls on a program known as the resolver which queries its designated DNS server for the answer. If the DNS server can not produce the translation (from its cache or authority zone), it issues what it's know as a recursive query to the DNS network on the Internet. The host name is broken to its fragments and each fragment from right to left is queried successively. The results generally consists of hosts known as NameServers, which get the query one step closer to the final result. The final NameServers produce the IP address translation. However, if any of the NameServers along the way can produce the translation, the query stops and the IP address is sent back to the resolver.

Using the Unix/Linux dig command I followed the name resolution for www.1and1.com one step at a time. Results are shown here and shortened for brevity.

This command displays the root servers:

# dig
;; ANSWER SECTION:
.                       451081  IN      NS      M.ROOT-SERVERS.NET.
.                       451081  IN      NS      A.ROOT-SERVERS.NET.
.                       451081  IN      NS      B.ROOT-SERVERS.NET.
.                       451081  IN      NS      C.ROOT-SERVERS.NET.

This command queries one of the root servers and produces NameServers for "com." TLD (Top Level Domain):

# dig +norec @A.ROOT-SERVERS.NET www.1and1.com
;; AUTHORITY SECTION:
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.

This command queries one of the "com." NameServers:

# dig +norec @A.GTLD-SERVERS.NET www.1and1.com
;; ANSWER SECTION:
www.1and1.com.          172800  IN      A       217.160.232.1
;; AUTHORITY SECTION:
1and1.com.              172800  IN      NS      ns27.1and1.com.
1and1.com.              172800  IN      NS      ns28.1and1.com.

Generally the previous command shouldn't produce and IP address, instead the authority section would prompt a final query to one of the 1and1.com NameServers (which by the way have the correct IP translation.) Instead somehow an IP address is produced at this level and the query ends with this inaccurate IP translation. I've tried the same query with the homepage URL's of Microsoft, Google, Yahoo and a few other sites and none return an IP address at this level.

It remains to be seen if this erroneous translation would eventually spread around, causing 1&1's homepage to become widely inaccessible. Anyone knows how that IP translation ended up in of the "com." NameServers? Am I making wrong assumptions here? Feel free to let me know.

dns,nameservers,domain names,ip addresses,internet

Labels: internet, networks, web

// posted by rh

1 comments

1 Comments:

By Michael Carr, at 31/8/08 6:07 PM

It probably has to do with the fact that 1and1.com are bad eggs. Although their domain name registration services are cheap, they like to have complete control of your domain and offer little to keep you informed of your domain r status. Unlike other registrars, 1and1.com's domain status web pages fail to tell you the expiration date of your domains. Then, out of the blue they charge your credit card for renewals for up to a year in advance, yet they do not actually update the domain registration until the actual day it's due, in effect using your money in the interim. Worse, it means you are in limbo if you decide to move to another registrar and your domains are not up to date -- shall you pay them twice? This is no way to conduct business. 1and1.com conducts outright theft in that if you sign up with a domain paid a few years in advance, they will charge you again fort he same time period. Plainly 1and1.com does not want you to see your domain registration expiration dates, that's why they are not shown on your control panel. Shame on 1and1.com !!