CNAME lookup discrepency
Ian Watts
ian at radix.net
Tue Jun 18 15:22:38 UTC 2002
I'm wondering if someone can explain the following problem. I have two
machines running 9.2.1, one Solaris 8 and one Linux on the same network.
When both look up records for a poorly configured domain, one in which the
NS records are CNAMES, the Solaris box can end up getting SERVFAIL
responses to nameserver lookups, while the Linux box never does.
Example:
# rndc flush
# dig www.reyrey.com
# dig nse2.reyrey.com
# dig nse3.reyrey.com
In this particular sequence, the Solaris box always ends up getting a
SERVFAIL response on the last dig, while the Linux box doesn't. Executing
'rndc dumpdb' and examining the differences reveals that the Linux's dump
file contains the corresponding A record for the second nameserver's CNAME
record, while the Solaris box is missing that data in the dump file,
reflecting the dig behaviour. They were obviously compiled separately,
but all relevent config parameters are the same and BIND 9 reportedly has
glue fetching permanently disabled. Any clues?
Below is an excerpt from the Linux box's dump file. In this particular
test, the oh15ux90.reyrey.com. entry is not present in the Solaris box's
dump file:
; authauthority
reyrey.com. 86390 NS nse2.reyrey.com.
86390 NS nse3.reyrey.com.
; authanswer
3582 A 192.112.245.59
; authanswer
mgw.reyrey.com. 86390 A 206.180.25.16
; glue
NSE2.reyrey.com. 172782 A 192.112.245.229
; authanswer
86386 CNAME oh15ux90.reyrey.com.
; glue
NSE3.reyrey.com. 172782 A 206.180.25.16
; authanswer
86390 CNAME mgw.reyrey.com.
; authanswer
oh15ux90.reyrey.com. 3586 A 192.112.245.229
; authanswer
www.reyrey.com. 3582 CNAME reyrey.com.
I asked the administrators of the domain to change the NS records, but
they didn't want to. I wouldn't care, but they're a customer.
-- Ian Watts
More information about the bind-users
mailing list