wrong ans. name

Jonathan de Boyne Pollard J.deBoynePollard at tesco.net
Sun Aug 31 15:00:38 UTC 2003


DJVL> Aug 26 15:45:37 ns1 named[724]: wrong ans. name (. !=
DJVL> 323136.323339.3531.313034.80hd8ef3368.webcfs00.com)
DJVL> Aug 26 15:45:43 ns1 named[724]: wrong ans. name (. !=
DJVL> 64.77656268616e636572.636f6d.80hc7f3a36c.webcfs00.com)
DJVL> Aug 26 15:45:39 ns1 named[724]: wrong ans. name (. !=
DJVL> 68.6d736e.636f6d.80hcf44b17c.webcfs00.com)
DJVL> Aug 26 15:45:46 ns1 named[724]: wrong ans. name (. !=
DJVL> 68.6d736e.636f6d.80hcf44b17c.webcfs00.com)

KD> No, it's a problem with the nameservers for webcfs00.com. 
KD> They are answering *every* query they get authoritatively 
KD> with a 10.*.*.* (i.e. private, non-routable) address, and 
KD> failing to copy the RD (Recursion Desired) flag into their
KD> responses. Bad, bad, bad...

It's possibly (albeit, given the nature of the problem and one of the possible
causes of it, not certainly) a problem with the "webcfs00.com." content DNS
servers.  However, that message is resulting from neither of the things that
you describe.  

Moreover, lack of copying the RD bit value from query to response is not
actually "bad", given that the RD bit has no real meaning for responses,
merely a lack of lip service to a pointless over-specification.  The
"webcfs00.com." content DNS servers are responding in "bad" ways, but that
isn't actually one of them.  (They are sending datagrams back with the Q/R bit
set to 0 if the query type is anything other than "A", for example.)  

The message results from the owner name of the resource records encountered in
the "answer" section not matching the expected answer name at that point.  For
some reason (if I have this the right way around after copying and pasting),
the server is answering a question about
"68.6d736e.636f6d.80hcf44b17c.webcfs00.com." with an answer about ".".  My
first thought would be to check that a forwarding proxy DNS server on a
firewall somewhere in Duane's own organization wasn't intercepting DNS
traffic, given that such unusual answers from the "webcfs00.com." content DNS
servers aren't apparent from Out Here.

My second thought would be, as yours apparently was, to wonder what the heck
all of this stuff is doing being published to the whole of Internet in the
first place and to bemoan yet another broken content DNS server software that
only handles a single query type correctly.


More information about the bind-users mailing list