Problemas with DNS server!!!

Ian Bedson ianb at tropicalstorm.com
Wed Aug 28 11:53:53 UTC 2002


Hi Gustavo,

Yes, that would be my guess as well. You have got a wildcard record
configured on your server in a root zone.

Regards,

Ian

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Kevin Darcy
Sent: Wednesday, 28 August 2002 4:30 AM
To: bind-users at isc.org
Subject: Re: Problemas with DNS server!!!



Gustavo Castro Puig wrote:

> Ian:
>
>         For example: the server is telling to our customers that 
> www.microsoft.com is at 64.246.28.232, and not to the right address...
>         That's what is happening.
>
> Take a look at this another one:
>
> # nslookup www.google.com.ar
> Server:  zeus.multired.com.uy
> Address:  206.99.52.140
>
> Non-authoritative answer:
> Name:    www.google.com
> Address:  64.246.28.232
> Aliases:  www.google.com.ar
>
>         What do you think about this?
>
> Saludos,
>         Gustavo Castro Puig.
>         E-Mail:gcastro at ifxnw.com.uy  ICQ:126398056 AIM:gcastrop2001
>         2001 - IFX Networks - MULTIRED
>         Plaza Independencia 831.  Edificio Plaza Mayor Of. 1204.
>         Tel. (598-2) 908 29 30 // Fax. (598-2) 900 03 14
>         http://www.ifxnetworks.com
>         Montevideo - Uruguay
>
> On Tue, 27 Aug 2002, Ian Bedson wrote:
>
> >
> > Hi Gustavo,
> >
> > Can you share an example with us of what you are seeing? If I query 
> > your server for a name that it is authoritative for I seem to get a 
> > valid
> > answer:
> >
> > ; <<>> DiG 8.3 <<>> www.multired.com.uy a in @206.99.52.140 ; (1 
> > server found) ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> > ;; QUERY SECTION:
> > ;;      www.multired.com.uy, type = A, class = IN
> >
> > ;; ANSWER SECTION:
> > www.multired.com.uy.    1D IN A         206.99.52.149
> >
> > ;; AUTHORITY SECTION:
> > multired.com.uy.        1D IN NS        zeus.multired.com.uy.
> >
> > ;; ADDITIONAL SECTION:
> > zeus.multired.com.uy.   1D IN A         206.99.52.140
> >
> > ;; Total query time: 1000 msec
> > ;; FROM: JNI to SERVER: 206.99.52.140  206.99.52.140
> > ;; WHEN: Tue Aug 27 23:53:13 2002
> > ;; MSG SIZE  sent: 37  rcvd: 88
> >
> > Under what circumstances are you seeing this other IP address?
> >
> > Regards,
> >
> > Ian
> >
> > -----Original Message-----
> > From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] 
> > On Behalf Of Gustavo Castro Puig
> > Sent: Tuesday, 27 August 2002 11:18 PM
> > To: comp-protocols-dns-bind at isc.org
> > Subject: RE: Problemas with DNS server!!!
> >
> >
> >
> > David:
> >
> >       Sorry, I'm too much worried about it, and forgot posting the 
> > info!
> >       The problematic DNS is zeus.multired.com.uy (206.99.52.140), 
> > and every new A RR query somebody do, it resolves to
64.246.28.232.(!).
> >       The domain is multired.com.uy.
> >       How can I stop it!?
> >
> > Saludos,
> >       Gustavo Castro Puig.
> >       E-Mail:gcastro at ifxnw.com.uy  ICQ:126398056 AIM:gcastrop2001
> >       2001 - IFX Networks - MULTIRED
> >       Plaza Independencia 831.  Edificio Plaza Mayor Of. 1204.
> >       Tel. (598-2) 908 29 30 // Fax. (598-2) 900 03 14
> >       http://www.ifxnetworks.com
> >       Montevideo - Uruguay
> >
> > On Tue, 27 Aug 2002, David Botham wrote:
> >
> > >
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > > > -----Original Message-----
> > > > From: bind-users-bounce at isc.org 
> > > > [mailto:bind-users-bounce at isc.org]
> > > > On Behalf Of Gustavo Castro Puig
> > > > Sent: Tuesday, August 27, 2002 9:36 AM
> > > > To: comp-protocols-dns-bind at isc.org
> > > > Subject: Problemas with DNS server!!!
> > > >
> > > >
> > > > Hi guys!
> > > >
> > > >   I have a BIG problem.
> > > >   My bind is giving the same wrong address to all queries that 
> > > > is
> > not
> > > > master for it!
> > >
> > > What domains?  Your name server(s) IP(s)?
> > >
> > > Dave...
> > >
> > >
> > >
> > > >   Is that a "cache poisoning"?
> > > >   How can I fix this mess?

My best guess is that you have a wildcard record in a private root zone.


- Kevin






More information about the bind-users mailing list