Troubles with bind resolving zip4.usps.com

spork.sporkman at gmail.com spork.sporkman at gmail.com
Wed Aug 3 23:29:32 UTC 2005


This one's got me stumped.  I've had no problems resolving this on
boxes that run dnscache locally, but my bind boxes are giving me no
answers, nothing in the logs.

BIND version 9.2.3rc4
Both FreeBSD 4.x and Linux 2.4.x

This is a subdomain delegated by the usps.com nameservers.  Here's what
dig tells me:

root at nameserver[~]# dig @d.gtld-servers.net usps.com

; <<>> DiG 8.3 <<>> @d.gtld-servers.net usps.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;;      usps.com, type = A, class = IN

;; AUTHORITY SECTION:
usps.com.               2D IN NS        dns082.usps.com.
usps.com.               2D IN NS        dns100.usps.com.
usps.com.               2D IN NS        dns141.usps.com.

;; ADDITIONAL SECTION:
dns082.usps.com.        2D IN A         56.0.82.25
dns100.usps.com.        2D IN A         56.0.100.25
dns141.usps.com.        2D IN A         56.0.141.25

;; Total query time: 41 msec
;; FROM: nameserver.xxx.net to SERVER: d.gtld-servers.net  192.31.80.30
;; WHEN: Wed Aug  3 19:25:23 2005
;; MSG SIZE  sent: 26  rcvd: 137

So I'll then ask those DNS servers about "zip4.usps.com":

root at nameserver[~]# dig @56.0.82.25 zip4.usps.com

; <<>> DiG 8.3 <<>> @56.0.82.25 zip4.usps.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      zip4.usps.com, type = A, class = IN

;; AUTHORITY SECTION:
zip4.usps.com.          1H IN NS        nseag.usps.com.
zip4.usps.com.          1H IN NS        nssam.usps.com.

;; ADDITIONAL SECTION:
nseag.usps.com.         1H IN A         56.0.133.232
nssam.usps.com.         1H IN A         56.0.65.232

;; Total query time: 81 msec
;; FROM: nameserver.xxx.net to SERVER: 56.0.82.25  56.0.82.25
;; WHEN: Wed Aug  3 19:26:09 2005
;; MSG SIZE  sent: 31  rcvd: 103

I get directed to two other nameservers that are authoritative for
"zip4.usps.com", so I'll ask them:

root at nameserver[~]# dig @56.0.133.232 zip4.usps.com

; <<>> DiG 8.3 <<>> @56.0.133.232 zip4.usps.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      zip4.usps.com, type = A, class = IN

;; ANSWER SECTION:
zip4.usps.com.          15M IN A        56.0.134.62

;; Total query time: 37 msec
;; FROM: nameserver.xxx.net to SERVER: 56.0.133.232  56.0.133.232
;; WHEN: Wed Aug  3 19:27:18 2005
;; MSG SIZE  sent: 31  rcvd: 47

So I do eventually get the answer, but not if I query our own name
servers directly.  I have killed and restarted both in case there's
something bad in the cache, but it still does not work.

What am I missing here?

Thanks,

Charles



More information about the bind-users mailing list