FW: Authoritative answer "no data" 50% of the time
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Jun 6 22:12:44 UTC 2001
>
>
> hi all,
>
> I am a messaging administrator having a intermittent (50% of every day for
> a few hour intervals) problem sending to a few sub domains at army.mil. On
> e of which is lee.army.mil. Our DNS server is the only DNS server we can que
> ry behind our firewall. It some-times gives the correct response when lookin
> g up the mx records for these domains. and the other 50% of the time it retu
> rns this response:
>
> Query:All records (ALL):lee.army.mil
> Authoritative Answer
> Server has no data for this query
>
> However; if I direct dial the Internet and query any other DNS server I alway
> s (99.8%) get the correct response. especially if I query all the NS servers
> listed for these domains. ns01.army.mil ns02.army.mil and ns03.army.mil.
>
The nameservers are returning the wrong counts for the number of
records in the answer and authority sections. The answer section
below should be 5 and the authority section should be 3.
Mark
; <<>> DiG 8.3 <<>> any lee.army.mil @ns01.army.mil
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 4
;; QUERY SECTION:
;; lee.army.mil, type = ANY, class = IN
;; ANSWER SECTION:
lee.army.mil. 1H IN SOA ns01.army.mil. DOMAIN-REQUEST.AIMS7.army.mil. (
10000 ; serial
10M ; refresh
1S ; retry
10M ; expiry
1H ) ; minimum
lee.army.mil. 1H IN NS ns01.army.mil.
;; AUTHORITY SECTION:
lee.army.mil. 1H IN NS ns03.army.mil.
lee.army.mil. 1H IN NS ns02.army.mil.
lee.army.mil. 57m59s IN MX 10 lee-imc-100.lee.army.mil.
lee.army.mil. 1H IN NS ns01.army.mil.
lee.army.mil. 1H IN NS ns03.army.mil.
lee.army.mil. 1H IN NS ns02.army.mil.
;; ADDITIONAL SECTION:
ns01.army.mil. 52m44s IN A 140.153.43.44
ns03.army.mil. 52m32s IN A 130.114.200.6
ns02.army.mil. 52m29s IN A 192.82.113.7
lee-imc-100.lee.army.mil. 30m53s IN A 132.159.126.52
;; Total query time: 324 msec
;; FROM: drugs.dv.isc.org to SERVER: ns01.army.mil 140.153.43.44
;; WHEN: Thu Jun 7 08:07:19 2001
;; MSG SIZE sent: 30 rcvd: 286
> We are using Bind on Unix with the latest version. Our DNS- Unix admin is ne
> w and did not set up and configure the server server My questions are:
>
> 1. Is there a config file that can be listing an old bogus or (lame) server
> as authoritative for these domains that would respond back with an incorrect
> answer? What could make another server believe it is Authoritative for anoth
> er domain if it is not?
> 2. What does it mean when a resolver receives an authoritative answer from a
> DNS server?
> 3. is there a trouble shooting utility (debug or dig) that could tell me wh
> ere this answer is coming from, or where our server is getting this answer?
> something like trace-route for DNS queries?
> 4. Any other ideas about how to isolate this issue?
>
> thanks in advanced!!
>
> -John
>
>
>
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list