issues with mcd.com DNS
Dave Lugo
dlugo at etherboy.com
Mon Oct 13 13:42:16 UTC 2003
Simon Waters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dave Lugo wrote:
>
>>On my DNS server, I can query for mcd.com's MX, with no problem.
>>
>>On other boxes in the same subnet as my DNS server, that same query
>>against my DNS server fail.
>
>
> Be absolutely clear on what is a client and what is a server in this
> context.
>
> In the context of say running "dig" with no server specificied, the
> chances are if you run it on your DNS server or elsewhere on your
> network the query to the nameserver is identical.
>
I would think so.
> So either some of these boxes are using another DNS server, or there is
> more to this than you've managed to describe/uncover.
>
Undoubtedly. MCD has 'interesting' DNS, to say the least.
>
>>As for mcd.com's somewhat broken DNS configuration, it's not something I
>>am able to resolve myself, but I have pointed it out to them. I'm not
>>sure that their b0rkeness is what is causing my problem
>
>
> With only one DNS server and a 15 minute TTL they shouldn't expect their
> MX to resolve reliably. If it is that important to email these people
> quickly you could put a hack in your MTA configuration, but far better
> for them to sort their DNS.
>
I've been recommending to MCD for ther past three years that they fix
their DNS, but have yet to show any progress.
> I think that usually such a borked configuration would work, but the C&W
> secondary is returning SERVFAIL rather than a referral, and it is too
> early for me to figure out what that means, but I'd guess it ain't
> helping matters.
I'm sure :)
I'm also seeing similar behavior for mcdkorea.co.uk:
on dcns2.ch1.ummail.com (this box doesn't accept queries from the public
internet, so in case you try and get nuttin ;), I can do this:
[root at dcns2.ch1 log]# dig mx mcdkorea.co.kr
; <<>> DiG 9.2.1 <<>> mx mcdkorea.co.kr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34629
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mcdkorea.co.kr. IN MX
;; ANSWER SECTION:
mcdkorea.co.kr. 2585 IN MX 1010 mcdkorea.co.kr.
;; AUTHORITY SECTION:
mcdkorea.co.kr. 2585 IN NS ns.mcdkorea.co.kr.
;; Query time: 2 msec
;; SERVER: 216.64.206.205#53(216.64.206.205)
;; WHEN: Mon Oct 13 09:34:30 2003
;; MSG SIZE rcvd: 65
So, I would assume that the answer is now cached on dcns2.ch1.ummail.com.
...but on another box on the same /24, when I query against
dcns2.ch1.ummail.com, I get:
mc1:/root> dig mx mcdkorea.co.kr @dcns2.ch1.ummail.com
; <<>> DiG 8.2 <<>> mx mcdkorea.co.kr @dcns2.ch1.ummail.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server dcns2.ch1.ummail.com 216.64.213.4: Connection
timed out
...and I have *no* idea why. Restarting named on dcns2.ch1.ummail.com
doesn't help.
--
--------------------------------------------------------
Dave Lugo dlugo at etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
More information about the bind-users
mailing list