Strange problems
Tim Pushor
timp at gice.com
Sat Nov 18 21:39:55 UTC 2000
Comments below ..
-----
>>One problematic name server is an ns1.eds.com
>>
>>ns1.eds.com reports hercules.crossthread.com at 139.142.137.200 (which was
>>the old address):
>why is ns1.eds.com answering non-recursive queries for your zone when
>it is not in the delegation data? :
No clue - I have nothing to do with this server
># dig +norec @ns1.eds.com hercules.crossthread.com any
>; <<>> DiG 8.2 <<>> +norec @ns1.eds.com hercules.crossthread.com any
>; (1 server found)
>;; res options: init defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9246
>;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>;; QUERY SECTION:
>;; hercules.crossthread.com, type = ANY, class = IN
>;; ANSWER SECTION:
>hercules.crossthread.com. 1d8h7m28s IN A 139.142.137.200
>and your NS has no A rec for crossthread.com:
Yes, I do realize this. Is an A record for the domain required? I didn't
think it was. What should the A record point to? In the past, I had always
used an A record that pointed to the primary mail relay for that domain for
mailers that did not understand MX. I didn't think this was neccesary any
longer..
># dig +norec @ICEtray.GICe.com crossthread.com a
>; <<>> DiG 8.2 <<>> +norec @ICEtray.GICe.com crossthread.com a
>; (1 server found)
>;; res options: init defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52372
>;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>;; QUERY SECTION:
>;; crossthread.com, type = A, class = IN
>;; AUTHORITY SECTION:
>crossthread.com. 1D IN SOA icecube.gice.com. root.orion.ab.ca.
(
> 12 ; serial
> 4H ; refresh
> 1H ; retry
> 1W ; expiry
> 1D ) ; minimum
>Qlso, you should restrict zone trnsfers (eds does) with "allow-transfer":
I do :) I relaxed this so fellow troubleshooters would have access to the
zone data
># dig +norec @ICEtray.GICe.com crossthread.com axfr
>; <<>> DiG 8.2 <<>> +norec @ICEtray.GICe.com crossthread.com axfr
>; (1 server found)
>$ORIGIN crossthread.com.
>@ 1D IN SOA icecube.gice.com. root.orion.ab.ca.
(
> 12 ; serial
> 4H ; refresh
> 1H ; retry
> 1W ; expiry
> 1D ) ; minimum
> 1D IN NS icecube.gice.com.
> 1D IN NS icetray.gice.com.
> 1D IN MX 10 hercules
> 1D IN MX 15 icecube.gice.com.
>mail 1D IN CNAME hercules
>ftp 1D IN CNAME hercules
>grammabev 1D IN A 24.72.35.232
>hercules 1D IN A 139.142.137.241
>www 1D IN CNAME hercules
>As a rule, I recommend replacing CNAME's with A's unless the ns
>admin can articulate the few situations where they are useful and
>worth the risk of error. Most can't and most screw up the zones with
>CNAME-related errors. (not your case)
I never subscribed to that philosophy. I always thought that a HOST had both
a single A record and single PTR record for every valid IP address, and
everything else CNAME's. It just kept things clearer for me.
I dont believe that has anything to do with why this is happening though..
Do you have any idea why this is happening? Here are some other DNS servers
around the Internet that report incorrect addresses for
hercules.crossthread.com:
> hercules.crossthread.com
Server: ns1.nucleus.com
Address: 199.45.65.8
Non-authoritative answer:
Name: hercules.crossthread.com
Address: 139.142.137.200
> hercules.crossthread.com
Server: ottubsmtp01.shl.com
Address: 209.135.106.229
Non-authoritative answer:
Name: hercules.crossthread.com
Address: 139.142.137.200
Of course, there are DNS servers which this is working, but the problem now
is so bad that I can't receive email from Network Solutions, so I can't even
make changes to my domain (I would like to get it onto name servers that I
control).
Thanks for any advice.
Tim
More information about the bind-users
mailing list