Quick DNS question

Kevin Darcy kcd at daimlerchrysler.com
Tue Mar 7 17:09:53 UTC 2000

Robert Everland III wrote:

>         Ok the idiots at my ISP are screwing up so many things with my DNS. They
> keep telling me that because they try to run queries on my DNS and it gives
> them the root servers there is something wrong with it. I say it's because I
> put security on my DNS server following the presentation on acmebw.com. Who
> is right? My DNS is NS1.ORLANDO.COM and a domain I have running on it is
> floridatennis.com. I am using Bind 4.9.7 now.

I think the bit about getting root server referrals is probably bogus (if they were
querying a domain for which you aren't authoritative and don't have any data
cached, and you have recursion turned off, what would they expect?), but you have a
genuine problem with www.floridatennis.com:

% dig www.floridatennis.com @ns1.orlando.com

; <<>> DiG 8.2 <<>> www.floridatennis.com @ns1.orlando.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;;      www.floridatennis.com, type = A, class = IN

www.floridatennis.com.  1D IN CNAME

floridatennis.com.      1D IN SOA       ns1.orlando.com. webmaster.orlando.com. (
                                        2000020902      ; serial
                                        3H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

;; Total query time: 86 msec
;; FROM: fxiod01.is.chrysler.com to SERVER: ns1.orlando.com
;; WHEN: Tue Mar  7 12:10:30 2000
;; MSG SIZE  sent: 39  rcvd: 143


Looks like you put an IP address on the right-hand-side of a CNAME...

- Kevin

More information about the bind-users mailing list