RFC 2317 Delegation Problems

Sebastian E. Castro Avila secastro at nic.cl
Wed Jun 23 00:56:01 UTC 2004


On Tue, 22 Jun 2004 17:01:31 -0700, Stephen Carville  
<stephen at totalflood.com> wrote:


[Some results deleted]

You showed the trace, that is correct. Your problem is in the "last mile".

>
> That looks right to me but if I try a dig -x it fails:
>
> $ dig -x 209.189.103.200
>
> ; <<>> DiG 9.2.2-P3 <<>> -x 209.189.103.200
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47252
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;200.103.189.209.in-addr.arpa.  IN      PTR
>
> ;; Query time: 178 msec
> ;; SERVER: 192.168.1.1#53(192.168.1.1)
> ;; WHEN: Tue Jun 22 16:41:42 2004
> ;; MSG SIZE  rcvd: 46
>

SERVFAIL is an error code to say "I was unable to find an authoritative  
answer".


> If I specifiy one of the two dns servers, I get the correct answer:
>
> dig @dns.totalflood.com -x 209.189.103.200
>
> ; <<>> DiG 9.2.2-P3 <<>> @dns.totalflood.com -x 209.189.103.200
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16015
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
>

Here there is no "aa" flag (Authoritative Answer). So you server answer  
with "some" information, not the correct one.

> ;; QUESTION SECTION:
> ;200.103.189.209.in-addr.arpa.  IN      PTR
>
> ;; ANSWER SECTION:
> 200.103.189.209.in-addr.arpa. 86400 IN  CNAME
> 200.192.103.189.209.in-addr.arpa.
> 200.192.103.189.209.in-addr.arpa. 3600 IN PTR   v200.totalflood.com.
>

You got AN answer, not the correct one.
If you look carefully, you'll find out that your nameserver is not  
authoritative for the zone (and it is supposed to be).

That's happen when a zone is not sintactically correct, so it is not  
completely loaded. Check your logs to find out when it's failing (or try  
named-checkzone after loading any changes)

I hope that helps, I don't used to help people here (because I'm afraid of  
my own mistakes
) :)


--
Sebastian Castro A, NIC Chile


More information about the bind-users mailing list