Skip to Content.
Sympa Menu

isn-discuss - Re: [isn-discuss] Problems with ITAD zone delegation

Subject: Discussion List for Freenum/ITAD Subscriber Number (ISN) Project

List archive

Re: [isn-discuss] Problems with ITAD zone delegation


Chronological Thread 
  • From: Paulo Ferreira <>
  • To:
  • Cc:
  • Subject: Re: [isn-discuss] Problems with ITAD zone delegation
  • Date: Fri, 13 Dec 2013 14:04:19 +0000

Hi Jonh, please see in line.

On 13-12-2013 13:49, John Todd wrote:
Paulo -
   I need to update that documentation (and will in a few hours) - the IP address is incorrect for that resolver.  The current correct IP address is 64.62.236.143 (which is www.freenum.org.)  It's a special resolver shim (called "shotgund" for historical reasons) that will convert an ENUM query including "*" characters into a correct ISN response.  It also does a bunch of other interesting things, like parallel ENUM tree resolution, and domain re-writing.  For a better explanation, see my "dig" example below.  The ENUM query is incorrect as far as the RFC is concerned - it includes the "*" character - but I found that at least a few years ago, most ENUM libraries would include the "*" character when sending out queries externally to resolvers, so this hack can work.

I tried to use the resolver you sent to me, as you can see bellow, but no success, maybe it is filtering some IP traffic from this part of the world :)




  I can get you the source code for shotgund if you're interested in running a local resolver, but it's only marginally well documented and you may have to tweak some settings to make it work for your system.
Yes, I'm interesting to test it if possible and to get more info online if exist. I tried to do a quick google search but I didn't find any useful info regarding this daemon.


JT


#dig @64.62.236.143 NAPTR 4.6.7.1.\*.8.7.1.5.freenum.org

; <<>> DiG 9.9.2-P1 <<>> @64.62.236.143 NAPTR 4.6.7.1.*.8.7.1.5.freenum.org
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Regards,
PF



Example looking up "1234*256" with an ENUM query format:

# dig @www.freenum.org NAPTR 6.5.2.\*.4.3.2.1.freenum.org.

; <<>> DiG 9.4.2-P2 <<>> @www.freenum.org NAPTR 6.5.2.*.4.3.2.1.freenum.org.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44780
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Messages has 287 extra bytes at end

;; QUESTION SECTION:
;6.5.2.*.4.3.2.1.freenum.org.   IN      NAPTR

;; ANSWER SECTION:
6.5.2.*.4.3.2.1.freenum.org. 86400 IN   NAPTR   100 10 "u" "E2U+web:http" "!^.*$!http://loligo.com/!" .
6.5.2.*.4.3.2.1.freenum.org. 86400 IN   NAPTR   100 10 "u" "E2U+sip" "!^\\+*([^\\*]*)!sip:\\!" .
6.5.2.*.4.3.2.1.freenum.org. 86400 IN   NAPTR   100 10 "u" "E2U+iax2" .

;; Query time: 29 msec
;; SERVER: 64.62.236.143#53(64.62.236.143)
;; WHEN: Fri Dec 13 13:42:38 2013
;; MSG SIZE  rcvd: 516

#


On Dec 13, 2013, at 3:24 AM, Paulo Ferreira <> wrote:

Hi,
first of all, thanks Jonh, the zone is already ok. William, I will reply to your call when I have outbound calls configured with ISN queries and thanks for the test :).

Secondly, I have one more question regarding the resolver system that are described in the freenum documentation that simply converts ENUM like queries in ISN (IP: 216.218.159.179.). I tried to test it, but it seems that is not answering queries. If possible, I would like know more technical information regarding it, more specifically which software is performing this kind of proxy DNS, if it is opensource or if it is proprietary and if we can have access to it to test it in a more specific environment.

Best regards,
Paulo


On 12-12-2013 17:27, Paulo Ferreira wrote:
Hi Jonh,
thanks for the quick reply.

Strange that your first dig failed, because I already had the zone configured in both name servers since last week.

Regarding a number for dig testing purposes (it isn't configured yet on my testing environment systems), for example, you may use 5178*1764 as you can see bellow.

Best regards,
PF

#dig @ns01.voip.fccn.pt NAPTR 8.7.1.5.1764.freenum.org

; <<>> DiG 9.9.2-P1 <<>> @ns01.voip.fccn.pt NAPTR 8.7.1.5.1764.freenum.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34486
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;8.7.1.5.1764.freenum.org.    IN    NAPTR

;; ANSWER SECTION:
8.7.1.5.1764.freenum.org. 3600    IN    NAPTR    101 10 "u" "E2U+SIP" .

;; AUTHORITY SECTION:
1764.freenum.org.    3600    IN    NS    ns01.voip.fccn.pt.
1764.freenum.org.    3600    IN    NS    ns02.voip.fccn.pt.

;; Query time: 29 msec
;; SERVER: 2001:690:a00:4001::132#53(2001:690:a00:4001::132)
;; WHEN: Thu Dec 12 17:22:38 2013
;; MSG SIZE  rcvd: 170





On 12-12-2013 17:15, John Todd wrote:

On Dec 12, 2013, at 7:14 AM, Paulo Ferreira wrote:

Hi,
my name is Paulo Ferreira and I'm working in VoIP team at the Portuguese NREN and I'm testing ISN numbering method in some trial environments.

I'm not sure that this is the right place to post this issue, but because I'm not getting any answers from other channels from freenum.org, I'm sending this email to ask you if you already faced this problem and how to solve it.
Sorry about the no reply to the address - it was marked as spam for some reason.  I've cleared the flags on that mail.

I've configured my ITAD zone in freenum.org app to delegate it to my name servers. When I click in "View DNS", the app show me the configuration of my ITAD zone ok, pointing it to my name servers as configured, but when I query freenum.org name servers I cannot get poositive answers to that configuration. I already sent an email to in the past week but I got no answer.
There were two problems with the zone:

1) The zone had not yet been manually approved for inclusion into the DNS.  All new entries get a human approval process before they are permitted to be added to the zonefile (this is not clearly documented, and I apologize for the confusion - even though you were able to log into the web interface, the entries are held until approved.)

2) The zone didn't appear to be correct on your nameservers, or was somehow missing.  I just looked at your configuration this morning, actually, and noticed it was a bit unusually configured.  Here's what I get when I looked at your zone earlier today:

zot9:jtodd$ dig @ns01.voip.fccn.pt. SOA 1764.freenum.org.

; <<>> DiG 9.8.5-P1 <<>> @ns01.voip.fccn.pt. SOA 1764.freenum.org.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55563
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Messages has 2 extra bytes at end

;; QUESTION SECTION:
;1764.freenum.org.        IN    SOA

;; ANSWER SECTION:
1764.freenum.org.    50    IN    A    169.254.1.1

;; Query time: 75 msec
;; SERVER: 193.136.192.132#53(193.136.192.132)
;; WHEN: Thu Dec 12 06:07:24 PST 2013
;; MSG SIZE  rcvd: 52

zot9:jtodd$


There didn't seem to be a correct SOA in there.  Now, looking at the same zone just a few moments ago shows what I think is the correct answer for the zone:


zot9:jtodd$ dig @ns01.voip.fccn.pt. SOA 1764.freenum.org.

; <<>> DiG 9.8.5-P1 <<>> @ns01.voip.fccn.pt. SOA 1764.freenum.org.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26660
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;1764.freenum.org.        IN    SOA

;; ANSWER SECTION:
1764.freenum.org.    3600    IN    SOA    ns01.voip.fccn.pt. gestao.voip.fccn.pt. 2013120401 21600 7200 1209600 3600

;; AUTHORITY SECTION:
1764.freenum.org.    3600    IN    NS    ns01.voip.fccn.pt.
1764.freenum.org.    3600    IN    NS    ns02.voip.fccn.pt.

;; Query time: 156 msec
;; SERVER: 193.136.192.132#53(193.136.192.132)
;; WHEN: Thu Dec 12 07:35:51 PST 2013
;; MSG SIZE  rcvd: 127

zot9:jtodd$


I'd need to know a "valid" number to fully test to see if your nameserver has the right records.  If you had an NAPTR entry for 1234*1764, I would do a "dig" like this:

zot9:jtodd$ dig @ns01.voip.fccn.pt. NAPTR 4.3.2.1.1764.freenum.org.


Currently, that query returns no values but that's OK since I don't know if that is a valid number.  If you were going to be putting a wildcard in there, then it should reply back with a valid NAPTR result.

JT



Did someone had issues like this one?

Best regards,
PF

-- 
-------------------------------------------
Paulo Ferreira
VoIP@RCTS - Segurança e Serviços à Comunidade
FCCN
http://www.fccn.pt/
Av. do Brasil, n.º 101
1700-066 Lisboa - Portugal
Telefone|Phone: +351 218440100; Fax: +351 218472167




-- 
-------------------------------------------
Paulo Ferreira
VoIP@RCTS - Segurança e Serviços à Comunidade
FCCN
http://www.fccn.pt/
Av. do Brasil, n.º 101
1700-066 Lisboa - Portugal
Telefone|Phone: +351 218440100; Fax: +351 218472167

 
Aviso de Confidencialidade/Disclaimer
Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha rececionado indevidamente esta mensagem,solicitamos-lhe que nos comunique esse mesmo facto por esta via ou para o telefone +351 218440100 devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail or by telephone +351 218440100 and delete it immediately.




-- 
-------------------------------------------
Paulo Ferreira
VoIP@RCTS - Segurança e Serviços à Comunidade
FCCN
http://www.fccn.pt/
Av. do Brasil, n.º 101
1700-066 Lisboa - Portugal
Telefone|Phone: +351 218440100; Fax: +351 218472167

 
Aviso de Confidencialidade/Disclaimer
Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha rececionado indevidamente esta mensagem,solicitamos-lhe que nos comunique esse mesmo facto por esta via ou para o telefone +351 218440100 devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail or by telephone +351 218440100 and delete it immediately.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.16.

Top of Page