failing lookups

Brad Knowles brad.knowles at skynet.be
Tue Jun 26 22:56:01 UTC 2001 

At 6:19 PM -0400 6/26/01, Bob Puff at NLE wrote:

>  A domain I am currently having trouble with is: smsocs.com.  There
>  are a number of errors with their setup; however, I can dig through
>  and get the info.

	Here's what the latest version of "doc" thinks of this domain:

% doc -d smsocs.com
Doc-2.2.2: doc -d smsocs.com
Doc-2.2.2: Starting test of smsocs.com.   parent is com.
Doc-2.2.2: Test date - Tue Jun 26 18:43:23 EDT 2001
DEBUG: digging @a.gtld-servers.net. for soa of com.
soa @a.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @b.gtld-servers.net. for soa of com.
soa @b.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @c.gtld-servers.net. for soa of com.
soa @c.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @d.gtld-servers.net. for soa of com.
soa @d.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @e.gtld-servers.net. for soa of com.
soa @e.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @f.gtld-servers.net. for soa of com.
soa @f.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @g.gtld-servers.net. for soa of com.
soa @g.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @h.gtld-servers.net. for soa of com.
soa @h.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @i.gtld-servers.net. for soa of com.
soa @i.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @j.gtld-servers.net. for soa of com.
soa @j.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @k.gtld-servers.net. for soa of com.
soa @k.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @l.gtld-servers.net. for soa of com.
soa @l.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @m.gtld-servers.net. for soa of com.
soa @m.gtld-servers.net. for com. has serial: 2001062600
SOA serial #'s agree for com. domain
Found 3 NS and 3 glue records for smsocs.com. @a.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @b.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @c.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @d.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @e.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @f.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @g.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @h.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @i.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @j.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @k.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @l.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @m.gtld-servers.net. (non-AUTH)
DNServers for com.
    === 0 were also authoritatve for smsocs.com.
    === 13 were non-authoritative for smsocs.com.
Servers for com. (not also authoritative for smsocs.com.)
    === agree on NS records for smsocs.com.
DEBUG: domserv = dns1.ncal.verio.net. dns2.ncal.verio.net. ns1.verio.net.
NS list summary for smsocs.com. from parent (com.) servers
   == dns1.ncal.verio.net. dns2.ncal.verio.net. ns1.verio.net.
digging @dns1.ncal.verio.net. for soa of smsocs.com.
soa @dns1.ncal.verio.net. for smsocs.com. serial:
ERROR: no SOA record for smsocs.com. from dns1.ncal.verio.net.
digging @dns2.ncal.verio.net. for soa of smsocs.com.
soa @dns2.ncal.verio.net. for smsocs.com. serial:
ERROR: no SOA record for smsocs.com. from dns2.ncal.verio.net.
digging @ns1.verio.net. for soa of smsocs.com.
soa @ns1.verio.net. for smsocs.com. serial: 2001021600
ERROR: NS list from smsocs.com. authoritative servers does not
   === match NS list from parent (com.) servers
NS list summary for smsocs.com. from authoritative servers
   == godzilla.smsocs.com. ns2.aimnet.com.
ERROR: ns1.verio.net. claims to be authoritative, but does not appear in
NS list from authoritative servers
Checking 1 potential addresses for hosts at smsocs.com.
   == 207.20.135.10
in-addr PTR record found for 207.20.135.10
Summary:
    ERRORS found for smsocs.com. (count: 4)
Done testing smsocs.com.  Tue Jun 26 18:43:48 EDT 2001

	Now, here's what "dnswalk" says:

% dnswalk -alF smsocs.com.
Checking smsocs.com.
Getting zone transfer of smsocs.com. from godzilla.smsocs.com...done.
SOA=godzilla.smsocs.com contact=postmaster.godzilla.smsocs.com
FAIL: Cannot get SOA record for smsocs.com from ns2.aimnet.com 
(lame?): No route to host
WARN: extrasrv.smsocs.com A 207.20.135.20: no PTR record
WARN: www.smsocs.com A 207.20.123.45: no PTR record
1 failures, 2 warnings, 0 errors.

	Here's what "DNS Expert" from Men & Mice has to say:

                               DNS Expert
                    Detailed Report for smsocs.com.
        6/27/01, 12:52 AM, using the analysis setting "Minimal"
======================================================================

Information
----------------------------------------------------------------------
Serial number:           2001021600
Primary name server:     godzilla.smsocs.com.
Primary mail server:     godzilla.smsocs.com.
Number of records:       N/A


Errors
----------------------------------------------------------------------
o The server "dns2.ncal.verio.net." did not reply
     The server "dns2.ncal.verio.net." did not reply when it was
     queried for the name "smsocs.com.".  This indicates that the
     server is not running, or it is currently unreachable.

o The server "dns1.ncal.verio.net." did not reply
     The server "dns1.ncal.verio.net." did not reply when it was
     queried for the name "smsocs.com.".  This indicates that the
     server is not running, or it is currently unreachable.

o The server "godzilla.smsocs.com." did not reply
     The server "godzilla.smsocs.com." did not reply when it was
     queried for the name "smsocs.com.".  This indicates that the
     server is not running, or it is currently unreachable.

o The server "ns2.aimnet.com." did not reply
     The server "ns2.aimnet.com." did not reply when it was queried
     for the name "smsocs.com.".  This indicates that the server is
     not running, or it is currently unreachable.

o The name server "ns1.verio.net." is only listed in delegation data
     The server "ns1.verio.net." is listed as being authoritative for
     the zone according to the delegation data, but there is no NS
     record for that server in the zone data.  Delegation data and
     zone data should always match.

o The name server "godzilla.smsocs.com." is not listed in delegation
   data
     The server "godzilla.smsocs.com." is listed as being
     authoritative for the zone according to the zone data, but there
     is no NS record for that server in the delegation data.
     Delegation data and zone data should always match.


Warnings
----------------------------------------------------------------------
o Zone transfer from authoritative servers not possible
     It was not possible to perform a zone transfer from any of the
     authoritative name servers for the zone.  This will limit the
     range of tests performed for the zone.


----------------------------------------------------------------------
end of report

>                     My problem right now is that my ISP won't talk to
>  dns2.ncal.verio.net, which is one of their nameservers.  Also, one
>  of their other nameservers is down (that is listed in their record).
>  However, there are a couple that ARE up that WILL give the correct
>  info.. just my Bind won't seem to query them.  It gives up after it
>  tries querying one of the dead servers.

	It's obviously very seriously screwed up.  All three of the 
delegated nameservers are lame, and two of those three don't even 
answer at all.  The one that does hands out non-authoritative 
information referencing two other servers, one of which also doesn't 
answer at all.

	The problem is that they are so badly screwed up that you can't 
depend on getting any information from them, and only by following 
the chain manually (using methods that are very similar to the ones 
automatically used, but not quite exactly the same), can you get any 
resolution at all.

	Have them fix their domain, and once that is done, you should no 
longer have problems talking to their machines or getting the right 
answers back.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list