FW: Authoritative answer "no data" 50% of the time

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Jun 6 22:12:44 UTC 2001 

>  
>  
> hi all,
>  
>    I am a messaging administrator having a intermittent (50% of every day for
>  a few hour intervals)  problem sending to a few sub domains at army.mil.  On
> e of which is lee.army.mil.  Our DNS server is the only DNS server we can que
> ry behind our firewall.  It some-times gives the correct response when lookin
> g up the mx records for these domains.  and the other 50% of the time it retu
> rns this response:  
>  
> Query:All records (ALL):lee.army.mil
> Authoritative Answer
> Server has no data for this query
>  
> However; if I direct dial the Internet and query any other DNS server I alway
> s (99.8%) get the correct response.  especially if I query all the NS servers
>  listed for these domains. ns01.army.mil ns02.army.mil and ns03.army.mil.  
>  

	The nameservers are returning the wrong counts for the number of
	records in the answer and authority sections.  The answer section
	below should be 5 and the authority section should be 3.

	Mark

; <<>> DiG 8.3 <<>> any lee.army.mil @ns01.army.mil 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 4
;; QUERY SECTION:
;;	lee.army.mil, type = ANY, class = IN

;; ANSWER SECTION:
lee.army.mil.		1H IN SOA	ns01.army.mil. DOMAIN-REQUEST.AIMS7.army.mil. (
					10000		; serial
					10M		; refresh
					1S		; retry
					10M		; expiry
					1H )		; minimum

lee.army.mil.		1H IN NS	ns01.army.mil.

;; AUTHORITY SECTION:
lee.army.mil.		1H IN NS	ns03.army.mil.
lee.army.mil.		1H IN NS	ns02.army.mil.
lee.army.mil.		57m59s IN MX	10 lee-imc-100.lee.army.mil.
lee.army.mil.		1H IN NS	ns01.army.mil.
lee.army.mil.		1H IN NS	ns03.army.mil.
lee.army.mil.		1H IN NS	ns02.army.mil.

;; ADDITIONAL SECTION:
ns01.army.mil.		52m44s IN A	140.153.43.44
ns03.army.mil.		52m32s IN A	130.114.200.6
ns02.army.mil.		52m29s IN A	192.82.113.7
lee-imc-100.lee.army.mil.  30m53s IN A  132.159.126.52

;; Total query time: 324 msec
;; FROM: drugs.dv.isc.org to SERVER: ns01.army.mil  140.153.43.44
;; WHEN: Thu Jun  7 08:07:19 2001
;; MSG SIZE  sent: 30  rcvd: 286

> We are using Bind on Unix with the latest version.  Our DNS- Unix admin is ne
> w and did not set up and configure the server server    My questions are:
>  
> 1.  Is there a config file that can be listing an old bogus or (lame) server 
> as authoritative for these domains that would respond back with an incorrect 
> answer?  What could make another server believe it is Authoritative for anoth
> er domain if it is not?
> 2.  What does it mean when a resolver receives an authoritative answer from a
>  DNS server?   
>  3. is there a trouble shooting utility (debug or dig)  that could tell me wh
> ere this answer is coming from, or where our server is getting this answer?  
> something like trace-route for DNS queries?
> 4.  Any other ideas about how to isolate this issue? 
>  
> thanks in advanced!!
>  
> -John
>  
>  
>  
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list