Why is stealth secondary queried for address of primary?
Bill Moseley
moseley at hank.org
Thu Jun 15 07:15:07 UTC 2000
After sending my last post I looked at my Bind log file -- I had query
logging enabled on two of my DNS servers, ns1.hank.org and ns2.hank.org.
Note that ns2.hank.org is not a RR in the root servers, only ns1, but ns2
is listed in my zone file.
Right after posting to this list I had a large number of queries to both
servers, but I don't understand what was happening.
ns1.hank.org was logging queries that looked like this:
XX /195.60.31.20/hank.org/A/IN
All were simply A queries for hank.org. This I would expect from various
MTAs that saw my mail come through.
But, on ns2.hank.org almost all of the queries looked like this:
XX /132.177.128.99/ns1.hank.org/A/IN
ns2.hank.org was being asked for ns1.hank.org's IP address.
Is it possible that the MTA isn't trusting the lookup on ns1, so it's
asking ns2 for the IP of ns1, just to make sure it asked the right server?
But that doesn't make sense since the MTA wouldn't even know about
ns2.hank.org (since all requests on ns1 were only for A records, not NS
records).
Besides, although the requests on both servers came in at the same time, it
didn't look (by IP number) that requests on one server had a corresponding
request on the other server.
I'm sure there's a simple explanation.
Thanks,
Bill Moseley
mailto:moseley at hank.org
More information about the bind-users
mailing list