DNS-query returns different responses

Kevin Darcy kcd at daimlerchrysler.com
Tue Feb 26 03:37:52 UTC 2002

Sounds like a loss of synchronization between the master and one or more of
the slaves. Have you queried each of the servers in the NS records for the
name in question? Have you checked what serial numbers they have the for the

- Kevin

Stefan Schnuerle wrote:

> Hi out there,
> if I'm wrong with this question here, please let me know.
> Perhaps it's more a mail-related issue, but actually, I don't think so.
> If I run nslookup on a Linux-machine with Bind8 running and look up
> the zone xyz123.com, I get different responses. I.e., if I do an nslookup
> now, it returns another result than perhaps an hour ago or an hour later.
> Is this a normal behaviour? As far as  I understood, a DNS-query should
> always return the same result, or am I completely wrong there?
> The different results are:
> 1. Full info on the DNS-entry of xyz123.com, including MX, NS, SOA and
> A records as a non-authotitative answer. Authoritative ones could be
> found at two uunet-nameservers and the ns.xyz123.com.
> 2. A non-authoritative answer which only returns the SOA-record and tells
> that authoritative answers can be found at the ROOT servers for .com,
> i.e., a.gtld-servers.net and so on. Not a single word about xyz123.com or
> uunet.
> 3. Full info on the DNS-entry of xyz123.com, but without the SOA-record.
> 4. A response which returns the SOA and the NS and A-records for the uunet-
> nameservers, but NOT for the ns.xyz123.com-nameserver.
> I hope this makes some kind of sense to anyone of you. I just don't
> understand why nslookup returns different results. Half a day result 1,
> e.g., then a few hours result 2, and so on (I've hacked in a script that
> collected the data via cron every single minute for about 6 or 7 days).
> The reason why I have to know about that is the following.
> If someone from xyz123.com posts a mail to our mailserver, there's a
> "This address is not allowed"-error from time to time. This is because
> we only accept mails from domains that contain an MX-entry for this
> domain (to block faked sender-domains, spam and so on).
> Now, as in some cases the nslookup doesn't return an MX-entry, I thought
> that it could be possible that the mailserver then thinks that this domain
> is faked, i.e., hasn't got a mailserver to send mails, so it's
> impossible that the mail from this domain could have been sent - so
> the mailserver drops it.
> Could this make sense in any way?
> If you need more info on this one, please let me know. I really
> haven't got any other idea why one time the mailserver says that this
> address ist't allowed and the next time (sometimes even just five minutes
> afterwards!) accepts it without failure.
> Thank you very much in advance.
> Kind regards,
> Stefan.

More information about the bind-users mailing list