Strange response for dlci.co.uk.
Ted Rule
Ted_Rule at flextech.co.uk
Mon Nov 29 18:21:24 UTC 1999
It's not just that zone - I think it's the whole server.
My best guess was some broken RFC2308 handling.
Sad thing is that bind doesn't catch the bug, but that's for another day.
Ted
Spotted a while ago... but not mentioned till now:
Nov 12 08:58:20 intranot (dnsserver): gethostby*.getanswer: asked for "thebrit.co.uk
IN A", got type "SOA"
Investigating further, we find:
$ dig thebrit.co.uk ns
; <<>> DiG 8.2 <<>> thebrit.co.uk ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;; thebrit.co.uk, type = NS, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 3h47m46s IN NS map1.dns.gxn.net.
thebrit.co.uk. 3h47m46s IN NS map2.dns.gxn.net.
thebrit.co.uk. 3h47m46s IN NS map3.dns.gxn.net.
thebrit.co.uk. 3h47m46s IN NS map4.dns.gxn.net.
;; ADDITIONAL SECTION:
map1.dns.gxn.net. 23h59m46s IN A 195.224.255.22
map2.dns.gxn.net. 23h59m46s IN A 195.224.255.26
map3.dns.gxn.net. 23h59m46s IN A 195.224.255.30
map4.dns.gxn.net. 23h59m46s IN A 195.224.255.34
;; Total query time: 7 msec
;; FROM: homer.flextech.co.uk to SERVER: default -- 195.188.171.98
;; WHEN: Fri Nov 12 10:40:15 1999
;; MSG SIZE sent: 31 rcvd: 182
$ dig thebrit.co.uk
; <<>> DiG 8.2 <<>> thebrit.co.uk
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; thebrit.co.uk, type = A, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net.
hostmaster.freenetname.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; Total query time: 32 msec
;; FROM: homer.flextech.co.uk to SERVER: default -- 195.188.171.98
;; WHEN: Fri Nov 12 10:40:37 1999
;; MSG SIZE sent: 31 rcvd: 106
It would appear that the DNS server on the 4 map servers are all incorrectly
responding with
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
RATHER than:
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
which would correspond to a proper DNS NOERROR/NODATA condition for the A record
in the "thebrit.co.uk" domain. As such, the DNS server appears to partially
violate standard RFC2308 -ve responses.
Chris Thompson wrote:
> A few weeks ago, someone asked on comp.unix.solaris about messages from nscd
> of the shape
>
> gethostby*.getanswer: asked for "dlci.co.uk IN A", got type "SOA"
>
> There's no great mystery in this because that's what the official servers for
> dlci.co.uk (map[1-4].dns.gxn.net) are doing: responding to a request for an
> A record with an SOA record in the answer section. (See below for an example.)
>
> However, I am still intrigued by what sort of buggy named or configuration
> could cause this, as it's something I don't recall having seen before.
>
> Any ideas?
>
> ; <<>> DiG 2.1 <<>> +norecurse a dlci.co.uk. @map4.dns.gxn.net.
> ; (1 server found)
> ;; res options: init defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr aa; Ques: 1, Ans: 1, Auth: 0, Addit: 0
> ;; QUESTIONS:
> ;; dlci.co.uk, type = A, class = IN
>
> ;; ANSWERS:
> dlci.co.uk. 86400 SOA map1.dns.gxn.net. hostmaster.freenetname.co.uk. (
> 1 ; serial
> 2800 ; refresh (46 mins 40 secs)
> 7200 ; retry (2 hours)
> 604800 ; expire (7 days)
> 300 ) ; minimum (5 mins)
>
> ;; Total query time: 184 msec
> ;; FROM: taurus.cus.cam.ac.uk to SERVER: map4.dns.gxn.net. 195.224.255.34
> ;; WHEN: Mon Nov 29 15:26:31 1999
> ;; MSG SIZE sent: 28 rcvd: 108
>
> BTW, I tried to report this to the SOA.rname (mail bounces, of course), and
> to some likely addresses @dlci.co.uk (which were met only by incomprehesion).
> I mention this only to save others the trouble of trying that themselves. :-)
>
> Chris Thompson
> Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list