host resolving to an IP not in the zone
Danny Mayer
mayer at gis.net
Fri Mar 9 04:18:59 UTC 2001
I did get an SOA for this domain when I specifically asked for it from two
different servers: health.healthcommunites.com and dns.etards.net. However
each one gave me a different answer and the serial numbers disagree. See this:
>dig healthcommunities.com @dns.etards.nt soa
; <<>> DiG 8.3 <<>> healthcommunities.com @dns.etards.net soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUERY SECTION:
;; healthcommunities.com, type = SOA, class = IN
;; ANSWER SECTION:
healthcommunities.com. 23h50m1s IN SOA health.healthcommunities.com. hostmast
r.healthcommunities.com. (
2001030182 ; serial
12H ; refresh
2H ; retry
1w6d ; expiry
15M ) ; minimum
;; AUTHORITY SECTION:
healthcommunities.com. 11h30m46s IN NS health.healthcommunities.com.
healthcommunities.com. 11h30m46s IN NS urology.urologychannel.com.
;; ADDITIONAL SECTION:
health.healthcommunities.com. 1d21h23m23s IN A 63.127.8.210
;; Total query time: 0 msec
;; FROM: tecotoo to SERVER: dns.etards.net 66.31.249.69
;; WHEN: Thu Mar 08 23:08:22 2001
;; MSG SIZE sent: 39 rcvd: 160
>dig healthcommunities.com @health.healthcommunites.com soa
; <<>> DiG 8.3 <<>> healthcommunities.com @health.healthcommunites.com soa
; Bad server: health.healthcommunites.com -- using default server and timer opt
; (3 servers found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; healthcommunities.com, type = SOA, class = IN
;; ANSWER SECTION:
healthcommunities.com. 23h49m8s IN SOA health.healthcommunities.com. hostmast
r.healthcommunities.com. (
2001030173 ; serial
12H ; refresh
2H ; retry
1w6d ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
healthcommunities.com. 1d21h23m IN NS health.healthcommunities.com.
healthcommunities.com. 1d21h23m IN NS WWW.UROLOGYCHANNEL.com.
healthcommunities.com. 1d21h23m IN NS AUTH110.NS.UU.NET.
;; ADDITIONAL SECTION:
health.healthcommunities.com. 1d23h46m36s IN A 63.127.8.210
WWW.UROLOGYCHANNEL.com. 1d23h46m36s IN A 207.121.189.246
AUTH110.NS.UU.NET. 1d23h48m58s IN A 198.6.1.114
;; Total query time: 0 msec
;; FROM: tecotoo to SERVER: default -- 127.0.0.1
;; WHEN: Thu Mar 08 23:08:44 2001
;; MSG SIZE sent: 39 rcvd: 219
Furthermore the name servers listed above are both different and the
urology.urologychannel.com doesn't have an A record listed in the ADDITIONAL
SECTION as it should. There's a good chance that there's a CNAME defined
in the root of domain which is illegal. Get rid of that and things will probably
clear up.
Danny
At 12:09 PM 3/8/01, James A Griffin wrote:
>josephc wrote:
> >
> > Ok, this is just weird:
> >
> > > nslookup -q=a health.healthcommunities.com dns.etards.net
> > Server: h0000c5785fb6.ne.mediaone.net
> > Address: 66.31.249.69
> >
> > Non-authoritative answer:
> > Name: health.healthcommunities.com
> > Address: 192.168.1.10
> >
>[SNIP]
> >
> > The zone for healthcommunities.com contains absolutly no reference to
> > 192.168.1.10. However, that IP is the internal address for
> > health.healthcommunities.com in its home network. But again, that IP
> > address is not stated anywhere in any DNS records and it never, ever has
> > :)
> >
> > So does anyone know where it could be coming from? It does not appear to
> > be cached info, and so far it only happens to queries against that DNS
> > server, but I am worried that it could be happening elsewhere and I just
> > don't know it.
> >
More information about the bind-users
mailing list