CNAME lookup discrepency

Ian Watts ian at
Tue Jun 18 15:22:38 UTC 2002

I'm wondering if someone can explain the following problem.  I have two
machines running 9.2.1, one Solaris 8 and one Linux on the same network.
When both look up records for a poorly configured domain, one in which the
NS records are CNAMES, the Solaris box can end up getting SERVFAIL
responses to nameserver lookups, while the Linux box never does.

# rndc flush
# dig
# dig
# dig

In this particular sequence, the Solaris box always ends up getting a
SERVFAIL response on the last dig, while the Linux box doesn't.  Executing
'rndc dumpdb' and examining the differences reveals that the Linux's dump
file contains the corresponding A record for the second nameserver's CNAME
record, while the Solaris box is missing that data in the dump file,
reflecting the dig behaviour.  They were obviously compiled separately,
but all relevent config parameters are the same and BIND 9 reportedly has
glue fetching permanently disabled.  Any clues?

Below is an excerpt from the Linux box's dump file.  In this particular
test, the entry is not present in the Solaris box's
dump file:

; authauthority             86390   NS
                        86390   NS
; authanswer
                        3582    A
; authanswer         86390   A
; glue        172782  A
; authanswer
                        86386   CNAME
; glue        172782  A
; authanswer
                        86390   CNAME
; authanswer    3586    A
; authanswer         3582    CNAME

I asked the administrators of the domain to change the NS records, but
they didn't want to.  I wouldn't care, but they're a customer.

-- Ian Watts

More information about the bind-users mailing list