DNS probs

Brad Knowles brad.knowles at skynet.be
Mon Mar 5 09:41:16 UTC 2001 

At 8:29 PM -0700 3/4/01, Jeremy Gardner wrote:

>  I do have one question about this then.
>
>  Depending on where mail is being sent from, some goes directly to
>  pierna.quetico.net, some goes to argo.quetico.net (the backup mail server
>  for my domain).

	In all likelihood, that's because some of those servers were 
unable to contact your primary mail server, and therefore they sent 
the mail to your backup.

>  How come some servers are referencing the incorrect entries
>  in sleepy.giant.net, whereas other servers dont' seem to pick up any
>  reference to sleepy.giant.net at all?

	You haven't checked your delegations, or the way your domain is 
set up on the avalon.net nameservers, have you?

	Here's what a typical root nameserver think about your domain:

$ dig @a.gtld-servers.net. quetico.net. any

; <<>> DiG 8.1 <<>> @a.gtld-servers.net. quetico.net. any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      quetico.net, type = ANY, class = IN

;; ANSWER SECTION:
quetico.net.            2D IN NS        DNS1.AVALON.NET.
quetico.net.            2D IN NS        DNS2.AVALON.NET.

;; AUTHORITY SECTION:
quetico.net.            2D IN NS        DNS1.AVALON.NET.
quetico.net.            2D IN NS        DNS2.AVALON.NET.

;; ADDITIONAL SECTION:
DNS1.AVALON.NET.        2D IN A         204.71.106.8
DNS2.AVALON.NET.        2D IN A         204.71.106.2

;; Total query time: 73 msec
;; WHEN: Mon Mar  5 04:51:45 2001
;; MSG SIZE  sent: 29  rcvd: 137

	However, when you ask the avalon.net nameservers, they provide a 
different answer:

$ dig @dns1.avalon.net. quetico.net. any

; <<>> DiG 8.1 <<>> @dns1.avalon.net. quetico.net. any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 5, ADDITIONAL: 7
;; QUERY SECTION:
;;      quetico.net, type = ANY, class = IN

;; ANSWER SECTION:
quetico.net.            12H IN MX       10 pierna.quetico.net.
quetico.net.            12H IN MX       20 argo.quetico.net.
quetico.net.            12H IN NS       dns1.avalon.net.
quetico.net.            12H IN NS       dns2.avalon.net.
quetico.net.            12H IN NS       dns3.avalon.net.
quetico.net.            12H IN NS       dns4.avalon.net.
quetico.net.            12H IN NS       sleepy.giant.net.
quetico.net.            12H IN A        198.76.15.10
quetico.net.            12H IN SOA      pierna.quetico.net. 
jeremy.quetico.net. (
                                         2001030300      ; serial
                                         3H              ; refresh
                                         1H              ; retry
                                         1W              ; expiry
                                         12H )           ; minimum


;; AUTHORITY SECTION:
quetico.net.            12H IN NS       dns1.avalon.net.
quetico.net.            12H IN NS       dns2.avalon.net.
quetico.net.            12H IN NS       dns3.avalon.net.
quetico.net.            12H IN NS       dns4.avalon.net.
quetico.net.            12H IN NS       sleepy.giant.net.

;; ADDITIONAL SECTION:
pierna.quetico.net.     12H IN A        198.76.15.10
argo.quetico.net.       12H IN A        204.71.106.169
dns1.avalon.net.        12H IN A        204.71.106.8
dns2.avalon.net.        12H IN A        204.71.106.2
dns3.avalon.net.        12H IN A        205.140.160.8
dns4.avalon.net.        12H IN A        205.140.160.9
sleepy.giant.net.       12H IN A        204.71.106.3

;; Total query time: 182 msec
;; WHEN: Mon Mar  5 04:53:45 2001
;; MSG SIZE  sent: 29  rcvd: 424

	You need to go back to the folks who operate the avalon.net 
nameservers and get them to fix the way they're serving your zone, 
and you should also get the delegation from the root nameservers 
fixed so as to at least match the list of nameservers provided by 
avalon.net.


	If you had run the DNS debugging tool "doc" on this zone, you 
would have quickly found out these differences, and you would have 
been able to start working on getting them fixed immediately.

	You can find the latest official version of "doc" that I have at 
<http://www.shub-internet.org/brad/dns/index.html>.  I haven't yet 
updated "doc" to work with BINDv9, but I hope to be able to do this 
soon.  I also hope to be able to fully integrate all the 
functionality of "doc" into Dave Barr's program "dnswalk" (another 
good DNS debugging tool, although it requires the ability to do a 
zone transfer of your data), so that we can reduce by one the number 
of DNS debugging tools you need to be aware of.

--
======================================================================
Brad Knowles, <brad.knowles at skynet.be>

More information about the bind-users mailing list