trouble resolving names in GOV.

Kevin Darcy kcd at daimlerchrysler.com
Tue Feb 1 21:44:11 UTC 2005 

Bennett, Steve wrote:

>Hi Kevin, thanks for the reply...
>
>  
>
>>>	2b) find "nih.gov" nameservers:
>>>		$dig @a.gov.zoneedit.com. ns nih.gov.
>>>
>>>		; <<>> DiG 9.3.0 <<>> @a.gov.zoneedit.com. ns nih.gov.
>>>		;; global options:  printcmd
>>>
>>>Shouldn't 2b return the list of nameservers for the domain=20
>>>      
>>>
>>"nih.gov"? If not, why not?
>>    
>>
>>I assume, since you truncated the output, that you got some sort of=20
>>timeout for the 2b query. What happens if you try some of the other=20
>>nameservers for .gov? Do they all timeout? If so, look at your=20
>>networking/firewall configuration.
>>    
>>
>
>No, I've not truncated the output, there's no timeout, and I don't
>believe that there's any problem with network or firewall configuration.
>I have the following in my .digrc to make the responses clearer:
>	+nocomments
>	+noquestion
>	+noadditional
>	+noauthority
>	+nostats
>i.e. I want dig to just tell me the answer to the question. I think this
>is the point about the problem I think I can see in .gov
>
>  
>
>>That query comes back just fine for me:
>>=20
>>% dig @a.gov.zoneedit.com ns nih.gov
>>=20
>>; <<>> DiG 9.2.2rc1 <<>> @a.gov.zoneedit.com ns nih.gov
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64671
>>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
>>    
>>
>                             ^^^^^^^^^
>That's the point though: "ANSWER:0" - the .gov nameservers are not
>answering the question, they are just saying where to go to get the
>authoritative answer to the question.
>
>As I understand it, the .gov nameservers don't seem to have the glue
>entries to give the answer, and for some reason, BIND v9.3.0 (at least,
>the copy that I'm running) isn't picking up the answers in the
>"additional" section.
>
The .gov servers are giving referrals, the .net/.com servers are giving 
answers. You should be prepared to deal with either form of response, 
but that +noauthority directive is blinding you to the referral form.

- Kevin

More information about the bind-users mailing list