Weird TLD in China

I was reading about a recent Gmail hack from China and they actually showed the IP used to access the account. Since I was fairly curious, I decided to take a look into the IP – 125.45.96.89 – and I was surprised with the result.

inetnum: 125.40.0.0 - 125.47.255.255
netname: UNICOM-HA
descr: China Unicom Henan province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: WW444-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HA
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20051011
changed: [email protected] 20051020
changed: [email protected] 20090507
changed: [email protected] 20090508
source: APNIC

Nothing surprising here since the IP reports itself as being allocated to a Chinese ISP – China Unicom in Henan.

; <> DiG 9.7.0-P1 <> -x 125.45.96.89
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60982
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;89.96.45.125.in-addr.arpa. IN PTR

;; ANSWER SECTION:
89.96.45.125.in-addr.arpa. 85865 IN PTR hn.kd.ny.adsl.

;; Query time: 23 msec

Now, this totally caught my eye. Notice the PTR record shows that the name for that IP is hn.kd.ny.adsl – an uncommon TLD. So, I checked Wikipedia for a list of available TLDs and fair enough, the ADSL TLD does not seem to exist. If I were to try to ping hn.kd.ny.adsl, the address would not even resolve through the normal DNS system.

ping: unknown host hn.kd.ny.adsl

Now, this indicates to me that China is running its own root-servers, which does not surprise me one bit as it uses it to implement the Great Firewall of China. Since it does this, it is free to implement its own list of TLDs that nobody else uses in the rest of the world. This is all fine and dandy until ICANN decides to approve the use of an ADSL TLD in the future.

With the recent WikiLeaks fiasco, people are already talking about fragmenting the Internet. This is proof that the Internet is already fragmented – we just need to take it to the next level. Zero-One-Infinity, anyone?

Advertisements

Published by

Shawn Tan

Chip Doctor, Chartered Engineer, Entrepreneur, Law Graduate.

2 thoughts on “Weird TLD in China”

  1. This is nothing unusual and does not indicate anything about China using it’s own root servers.

    What you must realize is that many ISPs use PTR records for a very different purpose than it was designed in the first place. There is no glue between the PTR and the actual A record (if there is any for that particular IP address).

    To verify this claim, you need to do something like this :

    1- Find the authority record for the reverse domain :

    Asking dns1.chinaunicom.com.hk about 125.45.96.89 returns that information :

    AUTHORITY RECORDS:
    -> 45.125.in-addr.arpa
    type = NS, class = IN, dlen = 19
    nameserver = ns.halyptt.net.cn
    ttl = 86400 (1 day)

    This means that the server that holds the rights to provide authorized information about that request is ns.halyptt.net.cn.

    2- Ask that server about the same IP address :

    Name : hn.kd.ny.adsl
    Address: 125.45.96.89

    3- Try that same server with what it just gave as a PTR :

    > hn.kd.ny.adsl
    *** ns.halyptt.net.cn : Query refused

    This means that this server is made to only accept PTR requests. Other ISPs do the same thing, sometimes with custom TLDs, sometime not. For example, tracing to aol.com returns one of the following hop from my location :

    te0-1-0-1.ccr21.ymq02.atlas.cogentco.com

    However, when trying to forward-request the IP of that PTR, cogentco’s own DNS system refuses the query.

    Why do they remove the glue? I don’t know, but I also don’t know why they would provide it. For ISPs, the PTR records are a way to enable more verbose traceroutes. On the other hand, public A records would not provide any benefit. Most (if not all) ISPs have their own internal management infrastructure that is not only inaccessible from the Internet itself, but also relies on private DNS and IP networks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s