Stale MX Records
Brad Knowles
brad.knowles at skynet.be
Fri Jun 15 19:49:56 UTC 2001
At 3:16 PM -0400 6/15/01, Kris Haight wrote:
>> - ns.mindsprung.net (208.176.94.126)
>> does not answer authorativly for firespout.com
In addition, it appears that this machine is running recursively
and caching, so there is the chance of cache pollution problems.
Worse, it appears that this machine is running BIND 8.2.2-P7, which
would mean that it is vulnerable to known attacks to gain root
privileges. I would strongly encourage you to at least upgrade to
BIND 8.2.4-REL, if not 9.1.2-REL or the latest release candidate for
9.1.3.
> And how can I make it authorative? I followed The O'Reilly Book DNS & BIND
> to a T so now I am totally lost.
It's hard to say. What is in the log files for this machine
about this zone?
>> - Default TTL in firespout.com'a SOA is 1 hour, way to low
>
> Recommendation? I am relatively new to DNS and I am learning as I go along.
> I've had a home server setup for a while, but havent had issues with it, so
> this is a first for me.
Default TTLs for things like this should almost always be at
least a day, and possibly as large as a week. You should only exceed
these values on one side or the other if you have a known reason that
you need/want to do so.
>> Your REAL problem seems to be that chhost.com still thinks they
>> are auth for firespout.com, thus givin out faulty records :
>> > dig firespout.com mx @NS2.cihost.com.
From what I see, dns1.nhvt.net is a lame delegation from the gTLD servers:
% dig @a.gtld-servers.net. firespout.com. any
; <<>> DiG 9.1.2 <<>> @a.gtld-servers.net. firespout.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17879
;; flags: qr rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;firespout.com. IN ANY
;; ANSWER SECTION:
firespout.com. 172800 IN NS NS.MINDSPRUNG.NET.
firespout.com. 172800 IN NS DNS1.NHVT.NET.
firespout.com. 172800 IN NS VOON.FS.MINDSPRUNG.NET.
;; AUTHORITY SECTION:
firespout.com. 172800 IN NS NS.MINDSPRUNG.NET.
firespout.com. 172800 IN NS DNS1.NHVT.NET.
firespout.com. 172800 IN NS VOON.FS.MINDSPRUNG.NET.
;; ADDITIONAL SECTION:
NS.MINDSPRUNG.NET. 172800 IN A 208.176.94.126
DNS1.NHVT.NET. 172800 IN A 216.107.205.2
VOON.FS.MINDSPRUNG.NET. 172800 IN A 199.103.224.130
;; Query time: 7 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net.)
;; WHEN: Fri Jun 15 15:47:25 2001
;; MSG SIZE rcvd: 198
% dig @DNS1.NHVT.NET. DNS1.NHVT.NET. any
; <<>> DiG 9.1.2 <<>> @DNS1.NHVT.NET. DNS1.NHVT.NET. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2967
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;DNS1.NHVT.NET. IN ANY
;; ANSWER SECTION:
DNS1.NHVT.NET. 172800 IN A 216.107.205.2
;; AUTHORITY SECTION:
NHVT.NET. 172800 IN NS DNS1.NHVT.NET.
NHVT.NET. 172800 IN NS ns1.seg.NET.
;; ADDITIONAL SECTION:
DNS1.NHVT.NET. 172800 IN A 216.107.205.2
ns1.seg.NET. 156371 IN A 206.34.181.15
;; Query time: 99 msec
;; SERVER: 216.107.205.2#53(DNS1.NHVT.NET.)
;; WHEN: Fri Jun 15 15:47:37 2001
;; MSG SIZE rcvd: 115
This would also be a problem that needs to be fixed. In
particular, the delegation records should be fixed at the
InterNIC/Network Solutions, so that only the appropriate nameservers
within mindsprung.net are referenced.
> I think so too. I've asked them on several occasions to take us out of DNS
> and they claim they've taken it out. Maybe they havent. I will give them a
> call again.
Change the delegation records, and this becomes a moot point.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list