Petro-canada.ca issues

From Federal Burro of Information
Jump to navigationJump to search

Where I work petro points is a partner.

We use one of their online APIs at retail.petro-canada.ca

Let me show you something

Date: Thu Jun 6 14:37:46 UTC 2019

Basic: 

$ dig retail.petro-canada.ca +short
156.44.144.39

Name servers? 

$ dig petro-canada.ca NS +short
dns1.cidc.telus.com.
dns2.cidc.telus.com.
secondary-ns1.allstream.com.
secondary-ns2.allstream.com.

Interesting: two large Canadian providers doing DNS for this domain. From time to time issues arise because not all name server have the same information. Let check that: 

$ for i in `dig petro-canada.ca NS +short`; do echo $i; dig @$i retail.petro-canada.ca +short; done
secondary-ns1.allstream.com.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @secondary-ns1.allstream.com. retail.petro-canada.ca +short
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
secondary-ns2.allstream.com.
156.44.144.39
dns1.cidc.telus.com.
156.44.144.39
dns2.cidc.telus.com.
156.44.144.39

I think found a problem.

I think there is no NS record for secondary-ns2.allstream.com. Dig more.

Also let do a whois to se how many of the name servers in the NS record are in the whois record, do they match?

$ whois petro-canada.ca ... Name Server: dns1.cidc.telus.com Name Server: dns2.cidc.telus.com Name Server: ns1.business.allstream.net Name Server: ns2.business.allstream.net ...

So that looks good. Awesome to see them using DNS across providers, this will hopefully protect again failures.

Allstream and Telus are competitors.

Alltream owned by Zayo, which bought integra, now watch the trace on the allstream name server: 

$ dig +trace secondary-ns1.allstream.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace secondary-ns1.allstream.com
;; global options: +cmd
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
;; Received 239 bytes from 172.31.0.2#53(172.31.0.2) in 0 ms

com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.                    86400   IN      RRSIG   DS 8 1 86400 20190619050000 20190606040000 25266 . nFS1hYhpxWx3r5qHS43rfwH2nPEyhPc3snMWzj09906ChGf6394ooyLL b2BDcYGuMVsRxtgj/hAASqMjeREcHDffGVv8pIF9HCC/4Fsfl5Z0N6Oo dBJkSKPxfKOZE+6exy9VL0DGlvDQs9uceUNT3ihi2Fza7k6BuU5JPPzZ XhVlv8iDgjlVJ2/ubT0ajz85YkZddEfU10Yti+zkEwtPddj5iNNDC1fE dBZr75ihfVwD34Km7KSGcA/5qHqwv0isMLc8MsJ+CruVqmnf302lCrKv lN3bLeDVcMj+NJXs2Kjwan1XidX3Dw/BZ63k8rMQnoIDTEIJdQDn3Zei IO/qmQ==
;; Received 1187 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 10 ms

allstream.com.          172800  IN      NS      ns2.integraonline.com.
allstream.com.          172800  IN      NS      ns.integraonline.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190612044518 20190605033518 3800 com. kK+DBXFO++94SBlrVrUiVcRHsgFXS3D2cyHXxwRMSxcLGVriUL9aRk/j gAqDPO0w8p40ZZGHBBODE7Mjd+W712VTgxzOqOnbnnzz6PDyDDosTy+e 8pSkZjFDNK9nhkl4VzsSVeB40iR8jMt0FT+vbtKJoINyPVsNk0zTpqYT b+8=
62ME9GSLT93STMGRSC1ACVAERKPJ6D5E.com. 86400 IN NSEC3 1 1 0 - 62MFO8KAMRIJV41BFCPO9JF6IVB4PEI8 NS DS RRSIG
62ME9GSLT93STMGRSC1ACVAERKPJ6D5E.com. 86400 IN RRSIG NSEC3 8 2 86400 20190612050910 20190605035910 3800 com. CKmGoykkEQLEMMOrTAoatTStkW+PLd4B5O+ofGnR6K9W35sUkte+SZ4J hP/c0ANVWnBq5SGi3QQIng/yVZeaUH7+29zGpvm+0dHLP0M7jZKAcPNQ 8KhPqaboy+IxRO2us//IQJAURCi+mIsLNEXql+UH04lKFJqkIqmahXNp UBQ=
;; Received 622 bytes from 192.55.83.30#53(m.gtld-servers.net) in 11 ms

secondary-ns1.allstream.com. 7200 IN    A       216.13.122.23
;; Received 72 bytes from 204.130.255.2#53(ns.integraonline.com) in 67 ms

blue@kubernetescluster:~$

and yet: 

$ dig allstream.com NS

; <<>> DiG 9.10.3-P4-Ubuntu <<>> allstream.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18669
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;allstream.com.                 IN      NS

;; AUTHORITY SECTION:
allstream.com.          60      IN      SOA     ns.integraonline.com. hostmaster.integraonline.com. 2008081201 2800 7200 604800 7200

;; Query time: 1 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Thu Jun 06 14:51:05 UTC 2019
;; MSG SIZE  rcvd: 106

blue@kubernetescluster:~$

So why can't I get a NS recorf for allstream.com ? I'll ask both integra name servers: 

$ dig @ns2.integraonline.com allstream.com ANY

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns2.integraonline.com allstream.com ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35006
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;allstream.com.                 IN      ANY

;; ANSWER SECTION:
allstream.com.          7200    IN      A       104.196.2.112
allstream.com.          7200    IN      MX      0 allstream-com.mail.protection.outlook.com.
allstream.com.          7200    IN      TXT     "ciscocidomainverification=7fb3a7a0860ddb6383d374e858964b5042df0a456da77d1f0392be39afd8355b"
allstream.com.          7200    IN      TXT     "v=spf1 mx a:s2-mx.globysonline.com a:s4-mx.globysonline.com include:spf.protection.outlook.com include:email-od.com" " ip4:216.16.244.248 ip4:216.16.244.227 ip4:199.175.0.1/24 ip4:64.122.164.17 ip4:38.117.68.132 ip4:72.0.201.12 ip4:38.117.68.134 ip4:72.0.201.24 ~all"
allstream.com.          7200    IN      TXT     "MS=ms85585496"
allstream.com.          7200    IN      SOA     ns.integraonline.com. hostmaster.integraonline.com. 2008081201 2800 7200 604800 7200

;; Query time: 77 msec
;; SERVER: 209.63.0.2#53(209.63.0.2)
;; WHEN: Thu Jun 06 14:51:58 UTC 2019
;; MSG SIZE  rcvd: 582

blue@kubernetescluster:~$

^ No NS records!!!!!! 

$ dig @ns.integraonline.com allstream.com ANY

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns.integraonline.com allstream.com ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47625
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;allstream.com.                 IN      ANY

;; ANSWER SECTION:
allstream.com.          7200    IN      A       104.196.2.112
allstream.com.          7200    IN      MX      0 allstream-com.mail.protection.outlook.com.
allstream.com.          7200    IN      SOA     ns.integraonline.com. hostmaster.integraonline.com. 2008081201 2800 7200 604800 7200
allstream.com.          7200    IN      TXT     "v=spf1 mx a:s2-mx.globysonline.com a:s4-mx.globysonline.com include:spf.protection.outlook.com include:email-od.com" " ip4:216.16.244.248 ip4:216.16.244.227 ip4:199.175.0.1/24 ip4:64.122.164.17 ip4:38.117.68.132 ip4:72.0.201.12 ip4:38.117.68.134 ip4:72.0.201.24 ~all"
allstream.com.          7200    IN      TXT     "ciscocidomainverification=7fb3a7a0860ddb6383d374e858964b5042df0a456da77d1f0392be39afd8355b"
allstream.com.          7200    IN      TXT     "MS=ms85585496"
allstream.com.          86400   IN      NS      ns.integraonline.com.
allstream.com.          86400   IN      NS      ns2.integraonline.com.

;; AUTHORITY SECTION:
allstream.com.          86400   IN      NS      ns.integraonline.com.
allstream.com.          86400   IN      NS      ns2.integraonline.com.

;; Query time: 63 msec
;; SERVER: 204.130.255.2#53(204.130.255.2)
;; WHEN: Thu Jun 06 14:52:42 UTC 2019
;; MSG SIZE  rcvd: 642

blue@kubernetescluster:~$

^ Has NS records

OK now what ?

ned to call allstream which might be integra online .

Allstream ISP group 866 871 1114

Retrieved from "https://wiki.quadratic.net/index.php?title=Petro-canada.ca_issues&oldid=4415"