Petro-canada.ca issues
Where I work petro points is a partner.
We use one of their online APIs at retail.petro-canada.ca
Let me show you something
Date: Thu Jun 6 14:37:46 UTC 2019
Basic:
$ dig retail.petro-canada.ca +short 156.44.144.39
Name servers?
$ dig petro-canada.ca NS +short secondary-ns2.allstream.com. dns1.cidc.telus.com. dns2.cidc.telus.com. secondary-ns1.allstream.com.
Intersting, two large canadian providers doing DNS for this domain. From time to time issues arrise beucase not all name server have the same information. Let check that:
$ for i in `dig petro-canada.ca NS +short`; do echo $i; dig @$i retail.petro-canada.ca +short; done secondary-ns1.allstream.com. ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @secondary-ns1.allstream.com. retail.petro-canada.ca +short ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached secondary-ns2.allstream.com. 156.44.144.39 dns1.cidc.telus.com. 156.44.144.39 dns2.cidc.telus.com. 156.44.144.39
I think found a problem.
there is no NS record for secondary-ns2.allstream.com
That's problematic.
Also let do a whois to se how many of the name servers in the NS record are in the whois record, do they match?
$ whois petro-canada.ca ... Name Server: dns1.cidc.telus.com Name Server: dns2.cidc.telus.com Name Server: ns1.business.allstream.net Name Server: ns2.business.allstream.net ...
So that looks good. Awesome to see them using DNS across providers, this will hopefully protect again failures.
Allstream and Telus are competitors.
Alltream owned by Zayo, which bought integra, now watch the trace on the allstream name server:
$ dig +trace secondary-ns1.allstream.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace secondary-ns1.allstream.com ;; global options: +cmd . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. ;; Received 239 bytes from 172.31.0.2#53(172.31.0.2) in 0 ms com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20190619050000 20190606040000 25266 . nFS1hYhpxWx3r5qHS43rfwH2nPEyhPc3snMWzj09906ChGf6394ooyLL b2BDcYGuMVsRxtgj/hAASqMjeREcHDffGVv8pIF9HCC/4Fsfl5Z0N6Oo dBJkSKPxfKOZE+6exy9VL0DGlvDQs9uceUNT3ihi2Fza7k6BuU5JPPzZ XhVlv8iDgjlVJ2/ubT0ajz85YkZddEfU10Yti+zkEwtPddj5iNNDC1fE dBZr75ihfVwD34Km7KSGcA/5qHqwv0isMLc8MsJ+CruVqmnf302lCrKv lN3bLeDVcMj+NJXs2Kjwan1XidX3Dw/BZ63k8rMQnoIDTEIJdQDn3Zei IO/qmQ== ;; Received 1187 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 10 ms allstream.com. 172800 IN NS ns2.integraonline.com. allstream.com. 172800 IN NS ns.integraonline.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190612044518 20190605033518 3800 com. kK+DBXFO++94SBlrVrUiVcRHsgFXS3D2cyHXxwRMSxcLGVriUL9aRk/j gAqDPO0w8p40ZZGHBBODE7Mjd+W712VTgxzOqOnbnnzz6PDyDDosTy+e 8pSkZjFDNK9nhkl4VzsSVeB40iR8jMt0FT+vbtKJoINyPVsNk0zTpqYT b+8= 62ME9GSLT93STMGRSC1ACVAERKPJ6D5E.com. 86400 IN NSEC3 1 1 0 - 62MFO8KAMRIJV41BFCPO9JF6IVB4PEI8 NS DS RRSIG 62ME9GSLT93STMGRSC1ACVAERKPJ6D5E.com. 86400 IN RRSIG NSEC3 8 2 86400 20190612050910 20190605035910 3800 com. CKmGoykkEQLEMMOrTAoatTStkW+PLd4B5O+ofGnR6K9W35sUkte+SZ4J hP/c0ANVWnBq5SGi3QQIng/yVZeaUH7+29zGpvm+0dHLP0M7jZKAcPNQ 8KhPqaboy+IxRO2us//IQJAURCi+mIsLNEXql+UH04lKFJqkIqmahXNp UBQ= ;; Received 622 bytes from 192.55.83.30#53(m.gtld-servers.net) in 11 ms secondary-ns1.allstream.com. 7200 IN A 216.13.122.23 ;; Received 72 bytes from 204.130.255.2#53(ns.integraonline.com) in 67 ms blue@kubernetescluster:~$
and yet:
$ dig allstream.com NS ; <<>> DiG 9.10.3-P4-Ubuntu <<>> allstream.com NS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18669 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;allstream.com. IN NS ;; AUTHORITY SECTION: allstream.com. 60 IN SOA ns.integraonline.com. hostmaster.integraonline.com. 2008081201 2800 7200 604800 7200 ;; Query time: 1 msec ;; SERVER: 172.31.0.2#53(172.31.0.2) ;; WHEN: Thu Jun 06 14:51:05 UTC 2019 ;; MSG SIZE rcvd: 106 blue@kubernetescluster:~$
I'm pretty sure that SN record is cached. And that there is no NS record at the integra name servers:
$ dig @ns2.integraonline.com allstream.com ANY ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns2.integraonline.com allstream.com ANY ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35006 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;allstream.com. IN ANY ;; ANSWER SECTION: allstream.com. 7200 IN A 104.196.2.112 allstream.com. 7200 IN MX 0 allstream-com.mail.protection.outlook.com. allstream.com. 7200 IN TXT "ciscocidomainverification=7fb3a7a0860ddb6383d374e858964b5042df0a456da77d1f0392be39afd8355b" allstream.com. 7200 IN TXT "v=spf1 mx a:s2-mx.globysonline.com a:s4-mx.globysonline.com include:spf.protection.outlook.com include:email-od.com" " ip4:216.16.244.248 ip4:216.16.244.227 ip4:199.175.0.1/24 ip4:64.122.164.17 ip4:38.117.68.132 ip4:72.0.201.12 ip4:38.117.68.134 ip4:72.0.201.24 ~all" allstream.com. 7200 IN TXT "MS=ms85585496" allstream.com. 7200 IN SOA ns.integraonline.com. hostmaster.integraonline.com. 2008081201 2800 7200 604800 7200 ;; Query time: 77 msec ;; SERVER: 209.63.0.2#53(209.63.0.2) ;; WHEN: Thu Jun 06 14:51:58 UTC 2019 ;; MSG SIZE rcvd: 582 blue@kubernetescluster:~$
$ dig @ns.integraonline.com allstream.com ANY ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns.integraonline.com allstream.com ANY ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47625 ;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;allstream.com. IN ANY ;; ANSWER SECTION: allstream.com. 7200 IN A 104.196.2.112 allstream.com. 7200 IN MX 0 allstream-com.mail.protection.outlook.com. allstream.com. 7200 IN SOA ns.integraonline.com. hostmaster.integraonline.com. 2008081201 2800 7200 604800 7200 allstream.com. 7200 IN TXT "v=spf1 mx a:s2-mx.globysonline.com a:s4-mx.globysonline.com include:spf.protection.outlook.com include:email-od.com" " ip4:216.16.244.248 ip4:216.16.244.227 ip4:199.175.0.1/24 ip4:64.122.164.17 ip4:38.117.68.132 ip4:72.0.201.12 ip4:38.117.68.134 ip4:72.0.201.24 ~all" allstream.com. 7200 IN TXT "ciscocidomainverification=7fb3a7a0860ddb6383d374e858964b5042df0a456da77d1f0392be39afd8355b" allstream.com. 7200 IN TXT "MS=ms85585496" allstream.com. 86400 IN NS ns.integraonline.com. allstream.com. 86400 IN NS ns2.integraonline.com. ;; AUTHORITY SECTION: allstream.com. 86400 IN NS ns.integraonline.com. allstream.com. 86400 IN NS ns2.integraonline.com. ;; Query time: 63 msec ;; SERVER: 204.130.255.2#53(204.130.255.2) ;; WHEN: Thu Jun 06 14:52:42 UTC 2019 ;; MSG SIZE rcvd: 642 blue@kubernetescluster:~$