Jerry 🦙💝🦙Oct 6, 2024

I just transferred infosec.exchange from gandi to dnsimple and it took maybe 4 hours from start to finish. That used to be a much more painful process.

Also, does anyhow know how domain transfers are handled where the domain to be transferred has several years of pre-payment left?

Show threadWladimir PalantOct 6, 2024

@jerry Sorry to be a spoil, but are you aware of media.infosec.exchange not resolving?

$ host media.infosec.exchange
Host media.infosec.exchange not found: 2(SERVFAIL)

https://downforeveryoneorjustme.com/media.infosec.exchange

Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant its definitely up and working (that is bunny.net). I am wondering it this is because I recently enabled dnssec on infosec.exchange.
Show threadWladimir PalantOct 6, 2024

@jerry I tried going to the authoritative server directly. What I get then:

$ host infosec.exchange ns1.dnsimple.com
Using domain server:
Name: ns1.dnsimple.com
Address: 2400:cb00:2049:1::a29f:1804#53
Aliases:

infosec.exchange has address 151.101.195.52
infosec.exchange has address 151.101.3.52
infosec.exchange has address 151.101.67.52
infosec.exchange has address 151.101.131.52
infosec.exchange has IPv6 address 2a04:4e42::820
infosec.exchange has IPv6 address 2a04:4e42:200::820
infosec.exchange has IPv6 address 2a04:4e42:400::820
infosec.exchange has IPv6 address 2a04:4e42:600::820
infosec.exchange mail is handled by 0 dino.llama.one.

$ host media.infosec.exchange ns1.dnsimple.com
Using domain server:
Name: ns1.dnsimple.com
Address: 2400:cb00:2049:1::a29f:1804#53
Aliases:

media.infosec.exchange is an alias for infosecexchange.b-cdn.net.
Host infosecexchange.b-cdn.net not found: 5(REFUSED)
Host infosecexchange.b-cdn.net not found: 5(REFUSED)

$ host infosecexchange.b-cdn.net ns1.bunnydns.com
Using domain server:
Name: ns1.bunnydns.com
Address: 157.53.226.1#53
Aliases:

infosecexchange.b-cdn.net has address 138.199.37.225
infosecexchange.b-cdn.net has IPv6 address 2400:52e0:1e00::722:1

Weird… Maybe there is some bad cached state…

Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant yeah, dnsimple isn’t authoritive for bunny.net’s cdn domain and it isn’t a recursive name server, so it’ll not resolve those
Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant in any event, I switched registrars today for infosec.exchange and switched dns hosting and turned on dnssec. I guess it’s remarkable it works at all. I am poking at it to see if anything is wrong though
Show threadWladimir Palant

@jerry Ok, I could establish that the problem isn’t local, it’s my provider’s DNS server (Deutsche Telekom). It can resolve infosecexchange.b-cdn.net but it won’t resolve either infosec.exchange or media.infosec.exchange. I guess I can only access infosec.exchange because its IP address is cached…

I do think that they support DNSSec. But maybe they didn’t get the memo that they need to query a different authoritative DNS server now.

Oct 6, 2024 at 6:36amWeb
Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant that’s not so good. Hopefully it is a dns authority propagation delay that will resolve soon. Everything I can check, like this: https://www.whatsmydns.net/#A/infosec.exchange shows that it’s answering correctly all over the world.
DNS Propagation Checker - Global DNS Checker Tool

Instant DNS Propagation Check. Global DNS Propagation Checker - Check DNS records around the world.

Show threadWladimir PalantOct 6, 2024
@jerry I’ve added the IP address to the hosts file for now. And – yes, I hope that this will correct itself in a few hours.
Show threadWladimir PalantOct 6, 2024
@jerry Actually, now I get a response from the provider’s DNS server for media.infosec.exchange. Still nothing for infosec.exchange but they should get it eventually…
Show threadWladimir PalantOct 6, 2024
@jerry Yep, now infosec.exchange resolves as well, all good.
Show threadAlexander BochmannOct 6, 2024
@WPalant @jerry Telekom resolvers have been known to ignore such details as TTLs and do their own thing, at least ages ago when I was dealing with such stuff...