need help with domain and non auth servers...

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed May 10 14:26:39 UTC 2000


	You need to use a nameserver that offers recursive service.
	Nslookup contains a stub resolver as does the resolver library.

	Note the lack of "ra" (recursion available) in the flags section
	below.

; <<>> DiG 8.2 <<>> www.eiec.org.illicom.net @63.250.64.66 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;;	www.eiec.org.illicom.net, type = A, class = IN

;; AUTHORITY SECTION:
ILLICOM.net.		1d8h56m41s IN NS  CBRU.BR.NS.ELS-GMS.ATT.net.
ILLICOM.net.		1d8h56m41s IN NS  CMTU.MT.NS.ELS-GMS.ATT.net.
ILLICOM.net.		1d8h56m41s IN NS  NS2.ILLICOM.net.
ILLICOM.net.		1d8h56m41s IN NS  NS1.ILLICOM.net.

;; ADDITIONAL SECTION:
CBRU.BR.NS.ELS-GMS.ATT.net.  1d1h2m50s IN A  199.191.128.105
CMTU.MT.NS.ELS-GMS.ATT.net.  19h41m28s IN A  12.127.16.69
NS2.ILLICOM.net.	6h44m17s IN A	12.15.125.7
NS1.ILLICOM.net.	6h44m17s IN A	12.15.125.5

;; Total query time: 424 msec
;; FROM: bsdi.dv.isc.org to SERVER: 63.250.64.66
;; WHEN: Thu May 11 00:24:38 2000
;; MSG SIZE  sent: 42  rcvd: 212

	Also you have a *old* nslookup that does not try the name "as is"
	first when it contains periods.  This is a security issue (see
	RFC 1535) and *may* indicate that the resolver library also contains
	the same security flaw.

	Mark

> Hello
> 
> I believe this domain and my nameservers are setup correctly but something
> is wrong somewhere...
> domain: eiec.org ; auth nameservers: ns1.illicom.net ns2.illicom.net
> 
> ZONE file:
> 
> ;; zone eiec.org (hostmaster at illicom.net)
> 
> $TTL                            86400   ; default host ttl (1 day)
> @       IN      SOA     ns1.illicom.net. hostmaster.illicom.net.  (
>                                 8       ; serial number
>                                 43200   ; refresh by slave (12 hours)
>                                 3600    ; retry by slave (1 hour)
>                                 604800  ; expire by slave (1 week)
>                                 86400 ) ; minimum zone ttl (1 day)
> 
> ;; authoritative nameservers for eiec.org
> 
>                         IN      NS      ns1.illicom.net.
>                         IN      NS      ns2.illicom.net.
> 
> ;; domain information
> 
>                         IN      A       207.174.186.4
>                         IN      MX  10  mail.eiec.org.
> 
> ;; hostname information
> 
> ftp                     IN      CNAME   www.eiec.org.
> mail                    IN      A       207.174.186.4
> proxy                   IN      A       12.15.125.251
> ;www                    IN      A       207.174.186.4
> www                     IN      A       12.15.125.227
> 
> -----------------------
> problem on non auth server: ???  DID I MISS A TRAILING DOT SOMEWHERE???
> 
> > server kingman.net66.com
> Default Server:  kingman.net66.com
> Address:  63.250.64.66
> 
> > www.eiec.org
> Server:  kingman.net66.com
> Address:  63.250.64.66
> 
> Name:    www.eiec.org.illicom.net
> Served by:
> - CBRU.BR.NS.ELS-GMS.ATT.net
>           199.191.128.105
>           ILLICOM.net
> - CMTU.MT.NS.ELS-GMS.ATT.net
>           12.127.16.69
>           ILLICOM.net
> - NS2.ILLICOM.net
>           12.15.125.7
>           ILLICOM.net
> - NS1.ILLICOM.net
>           12.15.125.5
>           ILLICOM.net
> 
> > mail.eiec.org
> Server:  kingman.net66.com
> Address:  63.250.64.66
> 
> Name:    mail.eiec.org.illicom.net
> Served by:
> - CBRU.BR.NS.ELS-GMS.ATT.net
>           199.191.128.105
>           ILLICOM.net
> - CMTU.MT.NS.ELS-GMS.ATT.net
>           12.127.16.69
>           ILLICOM.net
> - NS2.ILLICOM.net
>           12.15.125.7
>           ILLICOM.net
> - NS1.ILLICOM.net
>           12.15.125.5
>           ILLICOM.net
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-users mailing list