subdomain delegation, bad referral

Ingo T. Storm it at computerbild.de
Thu Nov 25 19:26:32 UTC 1999 

Hi,

I want to apologize right away: I MUST be missing s.th. really stupid
here... The posting is longish, too, but I wanted to give all the
relevant data.

I run an internal name server cbnt1.combi.de (NT BIND 4.9.7) being
master for domain combi.de. The master zone file contains the lines

sub.combi.de.   IN NS  cbnt2
cbnt2           IN A 192.168.0.4

cbnt2 runs NT BIND 4.9.7, too. It's named.boot contains the line

primary sub.combi.de db.sub.combi.de

db.sub.combi.de reads

@      SOA cbnt2.combi.de. postmaster.combi.de. (
        1999112504
             21600
              3600
            691200
             86400 )
       IN NS cbnt2.combi.de.

mail   IN A 192.168.0.2
www    IN A 192.168.0.2

I reloaded, later restarted both servers. DIGging cbnt2 yields:

; <<>> DiG 2.2 <<>> www.sub.combi.de @cbnt2
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd ra; Ques: 1, Ans: 1, Auth: 1, Addit: 1
;; QUESTIONS:
;;      www.sub.combi.de, type = A, class = IN

;; ANSWERS:
www.sub.combi.de.       86400   A       192.168.0.2

;; AUTHORITY RECORDS:
sub.combi.de.   86400   NS      cbnt2.combi.de.

;; ADDITIONAL RECORDS:
cbnt2.combi.de. 3600    A       192.168.0.4

;; Total query time: 10 msec
;; FROM: dukat to SERVER: cbnt2  192.168.0.4
;; WHEN: Thu Nov 25 20:04:36 1999
;; MSG SIZE  sent: 34  rcvd: 98

i.e. cbnt2 does think it is authoritative for sub.combi.de. DIGging
cbnt1 for sub.combi.de yields

; <<>> DiG 2.2 <<>> sub.combi.de @cbnt1 NS
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 0, Addit: 1
;; QUESTIONS:
;;      sub.combi.de, type = NS, class = IN

;; ANSWERS:
sub.combi.de.   3600    NS      cbnt2.combi.de.

;; ADDITIONAL RECORDS:
cbnt2.combi.de. 3600    A       192.168.0.4

;; Total query time: 10 msec
;; FROM: dukat to SERVER: cbnt1  192.168.0.2
;; WHEN: Thu Nov 25 20:11:33 1999
;; MSG SIZE  sent: 30  rcvd: 74

i.e. it does know that cbnt2 is authoritative for sub.combi.de. Alas,
digging for an RR in that zone yields

; <<>> DiG 2.2 <<>> www.sub.combi.de @cbnt1
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
;; QUESTIONS:
;;      www.sub.combi.de, type = A, class = IN

;; AUTHORITY RECORDS:
combi.de.       86400   SOA     ns1.combi.de. postmaster.combi.de. (
                        1998121501      ; serial
                        21600   ; refresh (6 hours)
                        3600    ; retry (1 hour)
                        691200  ; expire (8 days)
                        86400 ) ; minimum (1 day)

;; Total query time: 12428 msec
;; FROM: dukat to SERVER: cbnt1  192.168.0.2
;; WHEN: Thu Nov 25 20:06:13 1999
;; MSG SIZE  sent: 34  rcvd: 93

i.e. it seems to think it is not authoritative and it logs a

bad referral (combi.de !< sub.combi.de)

What am I missing?

Cheers,
Ingo

More information about the bind-users mailing list