bad referral

Kevin Darcy kcd at daimlerchrysler.com
Mon Jun 26 23:44:12 UTC 2000 

Bill Moseley wrote:

> At 08:04 PM 06/26/00 GMT, Barry Margolin wrote:
> >>  bad referral (AMAZON.com !< www.amazon.com)
>
> >It's probably a Cisco Distributed Director.  You can configure A and SOA
> >records on them, but they don't have NS records on them.
> >
> >They've always had some problems implementing the DNS protocol fully.
> >However, the problems don't impact the queries they're designed to support,
> >so it's not usually a problem.  For instance, there's no reason for you to
> >ask it explicitly for NS records.  When you're trying to connect to
> >www.amazon.com, you should ask it for the A record.
>
> Hum.  Are you saying the "bad referral (AMAZON.com !< www.amazon.com)"
> message should only happen if I'm doing an NS RR lookup?  But the log
> message was a result of a Netscape lookup request, which I'd assume would
> be A RR lookups.
>
> Anyway, I'm stil curious:  what is the process that bind is going through
> to generate the "bad referral (AMAZON.com !< www.amazon.com)" message?
>
> Thanks very much for the help,
>
> BTW -- I though I was at a page that had bind error messages explained, but
> could nt' find it again.  Anyone have that URL?

When you follow a referral, the response you get back should either be an
actual answer to the question (which could be NXDOMAIN -- no such name), or it
should refer you closer to the answer. If it refers you to the same level or
further away from the answer than your previous referral, then obviously
something is screwed up. In this case, following a referral for www.amazon.com
apparently referred you back up to amazon.com. That's why it was a
"bad" referral. Nameservers need to watch out for these so they don't end up
chasing their tails endlessly in a referral loop.

The root cause of the bad referral message? Barry already sleuthed the fact
that the packet was improperly formatted. I suspect that named was misreading
the Answer section for the Authority section and the "bad referral" code was
triggered before named realized that the packet as a whole was messed up. In
other words, the "bad referral" message was just collateral damage of an even
more pernicious problem with the remote server.


- Kevin

More information about the bind-users mailing list