Strange DNS resolving behavior

Simon Waters Simon at wretched.demon.co.uk
Wed Apr 21 17:15:13 UTC 2004 

John Manly wrote:
>
> Finally, I ask Genuity/Level3's name servers.  Genuity/Level3 acts
> provides secondary name service for our domains.  In one case it reports
> the domain or name isn't valid, and in another it times out just like my
> own nameserver does. But again, when I look up a name within the
> publishingconcepts.com domain that I know doesn't exist, I get a
> different kind of error (the expected error) back:
> 
> 
> $ nslookup amherst.publishingconcepts.com 4.2.49.3         #
> Genuity/Level3
> Server:         4.2.49.3
> Address:        4.2.49.3#53
> Non-authoritative answer:
> *** Can't find amherst.publishingconcepts.com: No answer   # WRONG ANSER
dig says this server doesn't offer recursion, although that may be
different if you are a customer please use "dig" and show the whole
output where it is useful.

> $ nslookup -q=3DA amherst.publishingconcepts.com 4.2.2.1     # Another
> Genuity/Level3 server
> ;; connection timed out; no servers could be reached       # No answer
> at all (timeout)

Works from here with dig.

> So, I'm completely stumped as to what is going on here.  Somehow this
> particular name "amherst.publishingconcepts.com" is not resolving via
> some DNS servers, specifically mine. But other names in the
> publishingconcepts.com domain are resolving properly, and the error that
> the above DNS name yields is different from the name simply being
> missing.

I think it is just you, so it may just be a local nslookup thing, try
"dig" for more information.

> Any light that anyone can shed, or directions that anyone can sugggest
> for further debugging/troubleshooting/investigation on this issue would
> be most helpful.

The only oddity in the zone I could see is they list two private name
servers in the zone as authoritative, although even this shouldn't cause
problems, even if you had nameservers on your own network which happened
to be numbered 10.10, this would still work unless you had a private
root, or also tried to master pubishinconcepts.com....

dc01.publishingconcepts.com. 2854 IN    A       10.10.0.11
dc02.publishingconcepts.com. 2854 IN    A       10.10.0.12


No prizes for guessing the private IP addresses of their domain
controllers I guess ;) Perils of Microsoft DNS servers.




-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAhqwiGFXfHI9FVgYRAn2OAJ9mRnYyt9ARH7AvY/9yW3ljjlk6AgCfSyW7
XmS75iPjpIiLEAprAe/ShiY=
=6V0N
-----END PGP SIGNATURE-----

More information about the bind-users mailing list