DNS Problem - What is the Master?
Kevin Darcy
kcd at daimlerchrysler.com
Fri May 11 22:35:28 UTC 2001
ns[012].verio.net, the delegated nameservers for 36.107.209.in-addr.arpa, have
delegated the 100.36.107.209.in-addr.arpa domain (among others, presumably) to
b.ns.verio.net, but b.ns.verio.net does not consider itself authoritative for
that domain, it appears to be authoritative for a *different* version of
36.107.209.in-addr.arpa instead. So it answers from that zone. Hence the
inconsistent SOA and/or NS records.
Apparently Verio has been seduced by this pernicious notion of "redelegation",
the misconception that it's possible to "redirect" a domain to a different set
of servers at the same level of the namespace. This is technically a lame
delegation and some interested party should inform Verio of this fact.
- Kevin
Barry Finkel wrote:
> I am having a problem with an ISP, verio.net, and with the discussion
> yesterday of finding the master, I decided to ask this group. The
> problem concerns the reverse pointer
>
> 209.107.36.100 ===> isdn.denver.anl.gov
>
> The question is this - is this reverse pointer registered in DNS
> correctly? Here is some output of dig, with my comments enclosed in <>:
>
> britaine% dig -x 209.107.36.100 soa
>
> ; <<>> DiG 8.3 <<>> -x soa
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; 100.36.107.209.in-addr.arpa, type = SOA, class = IN
>
> ;; AUTHORITY SECTION:
> 36.107.209.in-addr.arpa. 4H IN SOA b.ns.verio.net. dns.verio.net. (
> 2001041300 ; serial
> 1D ; refresh
> 1H ; retry
> 4w2d2s ; expiry
> 4H ) ; minimum
>
> ;; Total query time: 3512 msec
> ;; FROM: britaine.ctd.anl.gov to SERVER: default -- 146.139.254.5
> ;; WHEN: Fri May 11 10:07:50 2001
> ;; MSG SIZE sent: 45 rcvd: 99
>
> britaine%
> <The master AUTHORITATIVELY appears to be b.ns.verio.net.>
> ------------------------------
> britaine% dig 36.107.209.in-addr.arpa soa
>
> ; <<>> DiG 8.3 <<>> 36.107.209.in-addr.arpa soa
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
> ;; QUERY SECTION:
> ;; 36.107.209.in-addr.arpa, type = SOA, class = IN
>
> ;; ANSWER SECTION:
> 36.107.209.in-addr.arpa. 4H IN SOA ns2.verio.net. hostmaster.verio.net. (
> 2001051100 ; serial
> 1D ; refresh
> 1H ; retry
> 4w2d ; expiry
> 4H ) ; minimum
>
> ;; AUTHORITY SECTION:
> 36.107.209.in-addr.arpa. 4H IN NS ns0.verio.net.
> 36.107.209.in-addr.arpa. 4H IN NS ns1.verio.net.
> 36.107.209.in-addr.arpa. 4H IN NS ns2.verio.net.
>
> ;; ADDITIONAL SECTION:
> ns0.verio.net. 4H IN A 129.250.15.61
> ns1.verio.net. 16H IN A 204.91.99.140
> ns2.verio.net. 16H IN A 129.250.31.190
>
> ;; Total query time: 91 msec
> ;; FROM: britaine.ctd.anl.gov to SERVER: default -- 146.139.254.5
> ;; WHEN: Fri May 11 10:08:17 2001
> ;; MSG SIZE sent: 41 rcvd: 199
>
> britaine%
> <The master AUTHORITATIVELY appears to be ns2.verio.net. But should
> this query have returned the same information as the previous query?
> Or are these two different queries? See the next query below.>
> ------------------------------
> britaine% dig
> 100.36.107.209.in-addr.arpa soa
>
> ; <<>> DiG 8.3 <<>> 100.36.107.209.in-addr.arpa soa
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; 100.36.107.209.in-addr.arpa, type = SOA, class = IN
>
> ;; AUTHORITY SECTION:
> 36.107.209.in-addr.arpa. 2h51m7s IN SOA b.ns.verio.net. dns.verio.net. (
> 2001041300 ; serial
> 1D ; refresh
> 1H ; retry
> 4w2d2s ; expiry
> 4H ) ; minimum
>
> ;; Total query time: 3 msec
> ;; FROM: britaine.ctd.anl.gov to SERVER: default -- 146.139.254.5
> ;; WHEN: Fri May 11 10:16:43 2001
> ;; MSG SIZE sent: 45 rcvd: 99
>
> britaine%
> <Does this mean that the
>
> 36.107.209.in-addr.arpa
>
> zone is mastered on
>
> ns0.verio.net
>
> but Verio has delegated the one
>
> 100.36.107.209.in-addr.arpa
>
> address to a different master
>
> b.ns.verio.net?>
> ------------------------------
> britaine% dig -x 209.107.36.100 @ns2.verio.net
>
> ; <<>> DiG 8.3 <<>> -x @ns2.verio.net
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; 100.36.107.209.in-addr.arpa, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> 100.36.107.209.in-addr.arpa. 4H IN NS b.ns.verio.net.
> 100.36.107.209.in-addr.arpa. 4H IN NS t.ns.verio.net.
>
> ;; AUTHORITY SECTION:
> 100.36.107.209.in-addr.arpa. 4H IN NS b.ns.verio.net.
> 100.36.107.209.in-addr.arpa. 4H IN NS t.ns.verio.net.
>
> ;; ADDITIONAL SECTION:
> b.ns.verio.net. 1D IN A 129.250.35.32
> t.ns.verio.net. 1D IN A 192.67.14.16
>
> ;; Total query time: 59 msec
> ;; FROM: britaine.ctd.anl.gov to SERVER: ns2.verio.net 129.250.31.190
> ;; WHEN: Fri May 11 10:08:43 2001
> ;; MSG SIZE sent: 45 rcvd: 149
>
> britaine%
> <ns2.verio.net gives me an UNAUTHORITATIVE answer for the reverse
> pointer; it points me to two other nameservers.>
> ------------------------------
> britaine% dig -x 209.107.36.100 @b.ns.verio.net
>
> ; <<>> DiG 8.3 <<>> -x @b.ns.verio.net
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
> ;; QUERY SECTION:
> ;; 100.36.107.209.in-addr.arpa, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> 100.36.107.209.in-addr.arpa. 1D IN PTR isdn.denver.anl.gov.
>
> ;; AUTHORITY SECTION:
> 36.107.209.in-addr.arpa. 4H IN NS DNS1.CO.VERIO.NET.
> 36.107.209.in-addr.arpa. 4H IN NS NS1.VERIO.NET.
> 36.107.209.in-addr.arpa. 4H IN NS b.ns.VERIO.NET.
>
> ;; ADDITIONAL SECTION:
> DNS1.CO.VERIO.NET. 15M IN A 209.107.32.11
> NS1.VERIO.NET. 10h17m18s IN A 204.91.99.140
> b.ns.VERIO.NET. 1D IN A 129.250.35.32
>
> ;; Total query time: 41 msec
> ;; FROM: britaine.ctd.anl.gov to SERVER: b.ns.verio.net 129.250.35.32
> ;; WHEN: Fri May 11 10:09:10 2001
> ;; MSG SIZE sent: 45 rcvd: 194
>
> britaine%
> <One of those two nameservers gives the correct information
> AUTHORITATIVELY.>
> ------------------------------
> britaine% dig -x 209.107.36.100 @t.ns.verio.net
>
> ; <<>> DiG 8.3 <<>> -x @t.ns.verio.net
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
> ;; QUERY SECTION:
> ;; 100.36.107.209.in-addr.arpa, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> 100.36.107.209.in-addr.arpa. 1D IN PTR isdn.denver.anl.gov.
>
> ;; AUTHORITY SECTION:
> 36.107.209.in-addr.arpa. 4H IN NS DNS1.CO.VERIO.NET.
> 36.107.209.in-addr.arpa. 4H IN NS NS1.VERIO.NET.
> 36.107.209.in-addr.arpa. 4H IN NS b.ns.VERIO.NET.
>
> ;; ADDITIONAL SECTION:
> DNS1.CO.VERIO.NET. 15M IN A 209.107.32.11
> NS1.VERIO.NET. 9h16m53s IN A 204.91.99.140
> b.ns.VERIO.NET. 1D IN A 129.250.35.32
>
> ;; Total query time: 36 msec
> ;; FROM: britaine.ctd.anl.gov to SERVER: t.ns.verio.net 192.67.14.16
> ;; WHEN: Fri May 11 10:14:18 2001
> ;; MSG SIZE sent: 45 rcvd: 194
>
> britaine%
> <The other nameserver also gives a correct AUTHORITATIVE answer.>
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-9689
> Building 221, Room B236 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4844 IBMMAIL: I1004994
More information about the bind-users
mailing list