Authoritative answer "no data" 50% of the time

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Fri Jun 8 00:27:18 UTC 2001


	Try some different queries using dig against the authoritative
	servers.

	e.g.
		 dig lee.army.mil any @ns01.army.mil
		 dig lee.army.mil ns @ns01.army.mil

	Just because the particular query you made got a correct
	answer doesn't mean they are all correct.

	Mark

> 
> You should only use the advertised servers (ns01,ns02,ns03).   They are the o
> nly ones intended to answer queries from outside the army.mil domain.
> 
> Use nslookup to look for the SOA...
> 
> lee.army.mil.
>         origin = ns01.army.mil
>         mail addr = DOMAIN-REQUEST.AIMS7.army.mil
>         serial = 10000
>         refresh = 600 (10M)
>         retry   = 1 (1S)
>         expire  = 600 (10M)
>         minimum ttl = 3600 (1H)
> 
> Authoritative answers can be found from:
> lee.army.mil    nameserver = ns01.army.mil
> lee.army.mil    nameserver = ns03.army.mil
> lee.army.mil    nameserver = ns02.army.mil
> ns01.army.mil   internet address = 140.153.43.44
> ns03.army.mil   internet address = 130.114.200.6
> ns02.army.mil   internet address = 192.82.113.7
> 
> 
> "Despujols, John (WT Chen)" wrote:
> 
> > hi all,
> >
> >    I am a messaging administrator having a intermittent (50% of every day f
> or a few hour intervals)  problem sending to a few sub domains at army.mil.  
> One of which is lee.army.mil.  Our DNS server is the only DNS server we can q
> uery behind our firewall.  It some-times gives the correct response when look
> ing up the mx records for these domains.  and the other 50% of the time it re
> turns this response:
> >
> > Query:All records (ALL):lee.army.mil
> > Authoritative Answer
> > Server has no data for this query
> >
> > However; if I direct dial the Internet and query any other DNS server I alw
> ays (99.8%) get the correct response.  especially if I query all the NS serve
> rs listed for these domains. ns01.army.mil ns02.army.mil and ns03.army.mil.
> >
> > We are using Bind on Unix with the latest version.  Our DNS- Unix admin is 
> new and did not set up and configure the server server    My questions are:
> >
> > 1.  Is there a config file that can be listing an old bogus or (lame) serve
> r as authoritative for these domains that would respond back with an incorrec
> t answer?  What could make another server believe it is Authoritative for ano
> ther domain if it is not?
> > 2.  What does it mean when a resolver receives an authoritative answer from
>  a DNS server?
> >  3. is there a trouble shooting utility (debug or dig)  that could tell me 
> where this answer is coming from, or where our server is getting this answer?
>   something like trace-route for DNS queries?
> > 4.  Any other ideas about how to isolate this issue?
> >
> > thanks in advanced!!
> >
> > -John
> >
> >
> >
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com


More information about the bind-users mailing list