Odd Root Server Issue?
Marc.Thach at radianz.com
Marc.Thach at radianz.com
Mon Nov 19 12:38:30 UTC 2001
Cricket,
I've missed something here, what is GRS? and how does it cause a GTLD
server to have this A record?
rgds
Marc TXK
"Cricket Liu"
<cricket at menand To: "mofo" <mofo at thirddimension.net>, <bind-users at isc.org>
mice.com> cc:
Sent by: Subject: RE: Odd Root Server Issue?
bind-users-boun
ce at isc.org
14/11/2001
20:27
> I have the domain 'northroute.net' with DNS of icewall.vianet.ca
> (209.91.128.10) and gwn.vianet.ca (204.187.88.10). The MX for this
domain
> pointed to mail.northroute.net (209.91.181.2).
>
> There is a domain 'ottawahostel.com' with DNS of ***mail.northroute.net
> (207.210.113.4)*** and another server of no relevance.
>
> Now here's the issue. When I had northroute.net MX pointed to
> mail.northroute.net with a local IP, my name servers reported the correct
> IP, so did the rest of the 'net. But then all of sudden, name
> server after
> name server started picking up the mail.northroute.net as being the
> 207.210.113.4 which was the old server! But why? I had my A record for
> mail.northroute.net pointing to 209.91.181.2! It WAS working? When I
> created a new A record it would appear, but mail.northroute.net is
> constantly poisoned.
>
> Here's my assumption. I think for some reason the ottawahostel.com name
> server entries on the root servers of the 'net were causing bind
> on caching
> servers of the 'net to be poisoned with the wrong IP. This barely makes
> sense to me since the root servers - a.gtld-servers.net for example
showed
> icewall and gwn as the authoritive servers for northroute.net. <sigh>
>
> Ok so here's my fix. I changed the A record on my servers
> (icewall and gwn)
> to a CNAME (I know that's VERY bad to do for mail!) and pointed it to
> mailhost.northroute.net (209.91.181.2). This worked, until I took out
the
> CNAME yesterday. It started to break again today. I've since changed
the
> MX to mailbox.northroute.net and killed mail.northroute.net altogether.
>
> Any ideas? It works now, but I think there's a fundamental flaw
> somewhere.
> Just because a registrar has a name server entry that differs the actual
> authoritive answer, why does this happen??
You've got it right, more or less. Someone registered mail.northroute.net
with VeriSign GRS at some point, so the gTLD name servers have the wrong
(?)
address for mail.northroute.net:
# dig @a.gtld-servers.net. mail.northroute.net. +pfmin
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5450
;; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUERY SECTION:
;; mail.northroute.net, type = A, class = IN
;; ANSWER SECTION:
mail.northroute.net. 2D IN A 207.210.113.4
You can update that address through Network Solutions or, if that host
isn't running a name server any more, delete it.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list