Strange iteration issue.

Sun Jun 16 02:27:09 UTC 2002

>Looking at this for someone on another group and is now a vendetta.
>Server is a w2k DNS server in "root-hints" mode with no forwarders
>configured.  I'm not sure if this is a general DNS issue or an
>implementation issue.  If latter, please forgive the question.
>
>He is trying to ping www.suse.com using w2k DNS as recursive server.
>w2k DNS
>starts standard iteration as normal

# dig +trace suze.com

; <<>> DiG 9.1.3 <<>> +trace suze.com
;; global options:  printcmd
.                       508280  IN      NS      I.ROOT-SERVERS.NET.
.                       508280  IN      NS      E.ROOT-SERVERS.NET.
.                       508280  IN      NS      D.ROOT-SERVERS.NET.
.                       508280  IN      NS      A.ROOT-SERVERS.NET.
.                       508280  IN      NS      H.ROOT-SERVERS.NET.
.                       508280  IN      NS      C.ROOT-SERVERS.NET.
.                       508280  IN      NS      G.ROOT-SERVERS.NET.
.                       508280  IN      NS      F.ROOT-SERVERS.NET.
.                       508280  IN      NS      B.ROOT-SERVERS.NET.
.                       508280  IN      NS      J.ROOT-SERVERS.NET.
.                       508280  IN      NS      K.ROOT-SERVERS.NET.
.                       508280  IN      NS      L.ROOT-SERVERS.NET.
.                       508280  IN      NS      M.ROOT-SERVERS.NET.
;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 23 ms

com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
;; Received 458 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 181 ms

suze.com.               172800  IN      NS      NS1.EURO909.com.
suze.com.               172800  IN      NS      NS3.EURO909.com.
;; Received 102 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 87 ms

suze.com.               28800   IN      A       212.209.52.16
suze.com.               28800   IN      NS      ns1.euro909.com.
suze.com.               28800   IN      NS      ns3.euro909.com.
;; Received 118 bytes from 212.209.52.2#53(NS1.EURO909.com) in 202 m

>but starts looping trying to resolve
>ns.suse.cz

ns.suze.cz isn't in the delegation records.  w2k seems to be confused.  Use 
a better DNS.

the delegated servers have an answer:

# dig @NS1.EURO909.com. www.suze.com

; <<>> DiG 8.3 <<>> @NS1.EURO909.com. www.suze.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      www.suze.com, type = A, class = IN

;; ANSWER SECTION:
www.suze.com.           8H IN A         212.23.160.142

;; AUTHORITY SECTION:
suze.com.               8H IN NS        ns1.euro909.com.
suze.com.               8H IN NS        ns3.euro909.com.

and I get that answer from 5 different Unix machines around the US.

>  - because kerberos.suse.cz is replying with NS records
>instead of
>A record.  Is anyone else seeing the same thing?

what's kereros.suze.cz or ns.suze.cz have to do with anything?

Len

www.menandmice.com/DNS-training : DNS Training
BIND8NT.MEIway.com : ISC BIND for NT4 & W2K
IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways