failing lookups
Brad Knowles
brad.knowles at skynet.be
Tue Jun 26 22:56:01 UTC 2001
At 6:19 PM -0400 6/26/01, Bob Puff at NLE wrote:
> A domain I am currently having trouble with is: smsocs.com. There
> are a number of errors with their setup; however, I can dig through
> and get the info.
Here's what the latest version of "doc" thinks of this domain:
% doc -d smsocs.com
Doc-2.2.2: doc -d smsocs.com
Doc-2.2.2: Starting test of smsocs.com. parent is com.
Doc-2.2.2: Test date - Tue Jun 26 18:43:23 EDT 2001
DEBUG: digging @a.gtld-servers.net. for soa of com.
soa @a.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @b.gtld-servers.net. for soa of com.
soa @b.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @c.gtld-servers.net. for soa of com.
soa @c.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @d.gtld-servers.net. for soa of com.
soa @d.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @e.gtld-servers.net. for soa of com.
soa @e.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @f.gtld-servers.net. for soa of com.
soa @f.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @g.gtld-servers.net. for soa of com.
soa @g.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @h.gtld-servers.net. for soa of com.
soa @h.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @i.gtld-servers.net. for soa of com.
soa @i.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @j.gtld-servers.net. for soa of com.
soa @j.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @k.gtld-servers.net. for soa of com.
soa @k.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @l.gtld-servers.net. for soa of com.
soa @l.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @m.gtld-servers.net. for soa of com.
soa @m.gtld-servers.net. for com. has serial: 2001062600
SOA serial #'s agree for com. domain
Found 3 NS and 3 glue records for smsocs.com. @a.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @b.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @c.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @d.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @e.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @f.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @g.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @h.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @i.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @j.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @k.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @l.gtld-servers.net. (non-AUTH)
Found 3 NS and 3 glue records for smsocs.com. @m.gtld-servers.net. (non-AUTH)
DNServers for com.
=== 0 were also authoritatve for smsocs.com.
=== 13 were non-authoritative for smsocs.com.
Servers for com. (not also authoritative for smsocs.com.)
=== agree on NS records for smsocs.com.
DEBUG: domserv = dns1.ncal.verio.net. dns2.ncal.verio.net. ns1.verio.net.
NS list summary for smsocs.com. from parent (com.) servers
== dns1.ncal.verio.net. dns2.ncal.verio.net. ns1.verio.net.
digging @dns1.ncal.verio.net. for soa of smsocs.com.
soa @dns1.ncal.verio.net. for smsocs.com. serial:
ERROR: no SOA record for smsocs.com. from dns1.ncal.verio.net.
digging @dns2.ncal.verio.net. for soa of smsocs.com.
soa @dns2.ncal.verio.net. for smsocs.com. serial:
ERROR: no SOA record for smsocs.com. from dns2.ncal.verio.net.
digging @ns1.verio.net. for soa of smsocs.com.
soa @ns1.verio.net. for smsocs.com. serial: 2001021600
ERROR: NS list from smsocs.com. authoritative servers does not
=== match NS list from parent (com.) servers
NS list summary for smsocs.com. from authoritative servers
== godzilla.smsocs.com. ns2.aimnet.com.
ERROR: ns1.verio.net. claims to be authoritative, but does not appear in
NS list from authoritative servers
Checking 1 potential addresses for hosts at smsocs.com.
== 207.20.135.10
in-addr PTR record found for 207.20.135.10
Summary:
ERRORS found for smsocs.com. (count: 4)
Done testing smsocs.com. Tue Jun 26 18:43:48 EDT 2001
Now, here's what "dnswalk" says:
% dnswalk -alF smsocs.com.
Checking smsocs.com.
Getting zone transfer of smsocs.com. from godzilla.smsocs.com...done.
SOA=godzilla.smsocs.com contact=postmaster.godzilla.smsocs.com
FAIL: Cannot get SOA record for smsocs.com from ns2.aimnet.com
(lame?): No route to host
WARN: extrasrv.smsocs.com A 207.20.135.20: no PTR record
WARN: www.smsocs.com A 207.20.123.45: no PTR record
1 failures, 2 warnings, 0 errors.
Here's what "DNS Expert" from Men & Mice has to say:
DNS Expert
Detailed Report for smsocs.com.
6/27/01, 12:52 AM, using the analysis setting "Minimal"
======================================================================
Information
----------------------------------------------------------------------
Serial number: 2001021600
Primary name server: godzilla.smsocs.com.
Primary mail server: godzilla.smsocs.com.
Number of records: N/A
Errors
----------------------------------------------------------------------
o The server "dns2.ncal.verio.net." did not reply
The server "dns2.ncal.verio.net." did not reply when it was
queried for the name "smsocs.com.". This indicates that the
server is not running, or it is currently unreachable.
o The server "dns1.ncal.verio.net." did not reply
The server "dns1.ncal.verio.net." did not reply when it was
queried for the name "smsocs.com.". This indicates that the
server is not running, or it is currently unreachable.
o The server "godzilla.smsocs.com." did not reply
The server "godzilla.smsocs.com." did not reply when it was
queried for the name "smsocs.com.". This indicates that the
server is not running, or it is currently unreachable.
o The server "ns2.aimnet.com." did not reply
The server "ns2.aimnet.com." did not reply when it was queried
for the name "smsocs.com.". This indicates that the server is
not running, or it is currently unreachable.
o The name server "ns1.verio.net." is only listed in delegation data
The server "ns1.verio.net." is listed as being authoritative for
the zone according to the delegation data, but there is no NS
record for that server in the zone data. Delegation data and
zone data should always match.
o The name server "godzilla.smsocs.com." is not listed in delegation
data
The server "godzilla.smsocs.com." is listed as being
authoritative for the zone according to the zone data, but there
is no NS record for that server in the delegation data.
Delegation data and zone data should always match.
Warnings
----------------------------------------------------------------------
o Zone transfer from authoritative servers not possible
It was not possible to perform a zone transfer from any of the
authoritative name servers for the zone. This will limit the
range of tests performed for the zone.
----------------------------------------------------------------------
end of report
> My problem right now is that my ISP won't talk to
> dns2.ncal.verio.net, which is one of their nameservers. Also, one
> of their other nameservers is down (that is listed in their record).
> However, there are a couple that ARE up that WILL give the correct
> info.. just my Bind won't seem to query them. It gives up after it
> tries querying one of the dead servers.
It's obviously very seriously screwed up. All three of the
delegated nameservers are lame, and two of those three don't even
answer at all. The one that does hands out non-authoritative
information referencing two other servers, one of which also doesn't
answer at all.
The problem is that they are so badly screwed up that you can't
depend on getting any information from them, and only by following
the chain manually (using methods that are very similar to the ones
automatically used, but not quite exactly the same), can you get any
resolution at all.
Have them fix their domain, and once that is done, you should no
longer have problems talking to their machines or getting the right
answers back.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list