Our ISP's name server went down and brought our DNS down

Kevin Darcy kcd at daimlerchrysler.com
Thu Jun 15 18:42:03 UTC 2000 

Brent Bolin wrote:

> A couple of days ago our ISP's name servers went down.
>
> This brought our DNS for addresses in the world down also.  Local names
> worked fine.

> Here is the dig info -
>
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
> ;; QUERY SECTION:
> ;;      www.dspi.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> www.dspi.com.           4H IN A         216.233.10.162
>
> ;; AUTHORITY SECTION:
> dspi.com.               4H IN NS        auth1.ns.eni.net.
> dspi.com.               4H IN NS        auth2.ns.eni.net.
> dspi.com.               4H IN NS        auth3.ns.eni.net.
>
> ;; ADDITIONAL SECTION:
> auth1.ns.eni.net.       4H IN A         205.214.45.6
> auth2.ns.eni.net.       4H IN A         155.229.2.181
> auth3.ns.eni.net.       4H IN A         155.229.126.67
>
> ;; Total query time: 58 msec
> ;; FROM: pheonix.dbprograms.com to SERVER: default -- 216.233.79.154
> ;; WHEN: Thu Jun 15 09:43:41 2000
> ;; MSG SIZE  sent: 30  rcvd: 172
>
> What is the order that our DNS looks for addresses?.  Dosen't it look
> for the name server that is authorative for that domain?

Yes, it'll try to query servers that are listed (with NS records) as
serving the zone. Whether those servers are "authoritative" or not, of
course, depends on whether they are configured correctly or not. If a
server is listed for the zone, but is not authoritative, then we refer to
it as a "lame server".

> When we do a query does it get the answer from the servers listed by
> whois?

The WHOIS-listed nameservers match the delegations from "com", "net",
"org" or whatever. But this delegation information is not the final word
on what servers serve the zone -- the NS records from the delegated
servers themselves is considered more "credible" than the delegations from
the parent, and that's what BIND will use if it has a choice.

> Our ISP's DNS servers are not configured in named.boot files.  DNS is
> primed only from root servers.
>
> Does anybody know why this happed?

Doesn't make any sense to me, unless they have some nifty router software
that redirects DNS packets to their caching servers and then spoofs the
responses to look like they come from Internet servers (presumably to
decrease query latency and conserve a tiny amount of their Internet
bandwidth).

Why don't you ask them?


- Kevin

More information about the bind-users mailing list