Strange problems

Tim Pushor timp at gice.com
Mon Nov 20 05:55:57 UTC 2000 

Just want to thank everyone who replied and helped me out of my BIND :)

First of all, I wasn't sure what exactly happened when you register a host.
I guess this is the only time the root servers should have RR's?

Also, I wasn't aware that this WAS registered, as this host has never been a
DNS server on the net. I must have done it and forgotten about it.

Thanks again,
Tim

-----Original Message-----
From: Jim Romary [mailto:jromary at kane.jsouth.com]
Sent: Saturday, November 18, 2000 3:39 PM
To: Tim Pushor
Subject: Re: Strange problems


There is probably a host record at the roots whose glue is
old:

kane:~$ dig @a.root-servers.net hercules.crossthread.com  a

; <<>> DiG 8.2 <<>> @a.root-servers.net hercules.crossthread.com a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      hercules.crossthread.com, type = A, class = IN

;; ANSWER SECTION:
hercules.crossthread.com.  2D IN A  139.142.137.200


Roots should have only delegation, not RR, unless there is a host
entry for an old NS.


|
|
|Comments below ..
|
|-----
|
|>>One problematic name server is an ns1.eds.com
|>>
|>>ns1.eds.com reports hercules.crossthread.com at 139.142.137.200 (which
was
|>>the old address):
|
|>why is ns1.eds.com answering non-recursive queries for your zone when
|>it is not in the delegation data? :
|
|No clue - I have nothing to do with this server
|
|># dig +norec @ns1.eds.com hercules.crossthread.com any
|
|>; <<>> DiG 8.2 <<>> +norec @ns1.eds.com hercules.crossthread.com any
|>; (1 server found)
|>;; res options: init defnam dnsrch
|>;; got answer:
|>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9246
|>;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
|>;; QUERY SECTION:
|>;;      hercules.crossthread.com, type = ANY, class = IN
|
|>;; ANSWER SECTION:
|>hercules.crossthread.com.  1d8h7m28s IN A  139.142.137.200
|
|>and your NS has no A rec for crossthread.com:
|
|Yes, I do realize this. Is an A record for the domain required? I didn't
|think it was. What should the A record point to? In the past, I had always
|used an A record that pointed to the primary mail relay for that domain for
|mailers that did not understand MX. I didn't think this was neccesary any
|longer..
|
|># dig +norec @ICEtray.GICe.com crossthread.com a
|
|>; <<>> DiG 8.2 <<>> +norec @ICEtray.GICe.com crossthread.com a
|>; (1 server found)
|>;; res options: init defnam dnsrch
|>;; got answer:
|>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52372
|>;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
|>;; QUERY SECTION:
|>;;      crossthread.com, type = A, class = IN
|
|>;; AUTHORITY SECTION:
|>crossthread.com.        1D IN SOA       icecube.gice.com.
root.orion.ab.ca.
|(
|>                                         12              ; serial
|>                                         4H              ; refresh
|>                                         1H              ; retry
|>                                         1W              ; expiry
|>                                         1D )            ; minimum
|
|
|>Qlso, you should restrict zone trnsfers (eds does) with "allow-transfer":
|
|I do :) I relaxed this so fellow troubleshooters would have access to the
|zone data
|
|># dig +norec @ICEtray.GICe.com crossthread.com axfr
|
|>; <<>> DiG 8.2 <<>> +norec @ICEtray.GICe.com crossthread.com axfr
|>; (1 server found)
|>$ORIGIN crossthread.com.
|>@                       1D IN SOA       icecube.gice.com.
root.orion.ab.ca.
|(
|>                                         12              ; serial
|>                                         4H              ; refresh
|>                                         1H              ; retry
|>                                         1W              ; expiry
|>                                         1D )            ; minimum
|
|>                         1D IN NS        icecube.gice.com.
|>                         1D IN NS        icetray.gice.com.
|>                         1D IN MX        10 hercules
|>                         1D IN MX        15 icecube.gice.com.
|>mail                    1D IN CNAME     hercules
|>ftp                     1D IN CNAME     hercules
|>grammabev               1D IN A         24.72.35.232
|>hercules                1D IN A         139.142.137.241
|>www                     1D IN CNAME     hercules
|
|
|>As a rule, I recommend  replacing CNAME's with A's unless the ns
|>admin can articulate the few situations where they are useful and
|>worth the risk of error. Most can't and most screw up the zones with
|>CNAME-related errors. (not your case)
|
|I never subscribed to that philosophy. I always thought that a HOST had
both
|a single A record and single PTR record for every valid IP address, and
|everything else CNAME's. It just kept things clearer for me.
|
|I dont believe that has anything to do with why this is happening though..
|
|Do you have any idea why this is happening? Here are some other DNS servers
|around the Internet that report incorrect addresses for
|hercules.crossthread.com:
|
|> hercules.crossthread.com
|Server:  ns1.nucleus.com
|Address:  199.45.65.8
|
|Non-authoritative answer:
|Name:    hercules.crossthread.com
|Address:  139.142.137.200
|
|> hercules.crossthread.com
|Server:  ottubsmtp01.shl.com
|Address:  209.135.106.229
|
|Non-authoritative answer:
|Name:    hercules.crossthread.com
|Address:  139.142.137.200
|
|Of course, there are DNS servers which this is working, but the problem now
|is so bad that I can't receive email from Network Solutions, so I can't
even
|make changes to my domain (I would like to get it onto name servers that I
|control).
|
|Thanks for any advice.
|
|Tim
|
|
|

More information about the bind-users mailing list