ft.nai.com and bad SOA

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Jun 20 14:32:07 UTC 2006 

"Gary Bennett" <bennegl at shands.ufl.edu> wrote:

>The current SOA for the McAfee ftp site, ftp.nai.com, is
>daldc3dns.na.nai.com, which does not resolve to any IP address. 
>Periodically, the resolution of ftp.nai.com fails w/this dig result:
> 
>; <<>> DiG 9.2.2 <<>> @name.ufl.edu ftp.nai.com
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11191
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
>;; QUESTION SECTION:
>;ftp.nai.com.                   IN      A
> 
>;; AUTHORITY SECTION:
>ftp.nai.com.            5865    IN      SOA     daldc3dns.na.nai.com.
>hostmaster.daldc3dns.na.nai.com. 2006032415 28800 7200 604800 86400
> 
>;; Query time: 1 msec
>;; SERVER: 128.227.128.24#53(name.ufl.edu)
>;; WHEN: Mon Jun 19 08:22:31 2006
>;; MSG SIZE  rcvd: 89
> 
>    
>     After flushing the cache, dig returns:
> 
>; <<>> DiG 9.2.2 <<>> ftp.nai.com
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27866
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> 
>;; QUESTION SECTION:
>;ftp.nai.com.                   IN      A
> 
>;; ANSWER SECTION:
>ftp.nai.com.            29      IN      A       216.143.70.11
> 
>;; AUTHORITY SECTION:
>ftp.nai.com.            82477   IN      NS      snc3dns.nai.com.
>ftp.nai.com.            82477   IN      NS      dal3dns.nai.com.
> 
>;; Query time: 1 msec
>;; SERVER: 159.178.61.125#53(159.178.61.125)
>;; WHEN: Mon Jun 19 08:24:22 2006
>;; MSG SIZE  rcvd: 89
> 
>I understand the SOA problem w/the vendor, but the resolver behavior
>still confuses me.  Why does it fail, but correct itself after flushing
>the cache?  TIA for any suggestions or information.  Thanks.
> 
> 
>gary

In your dig result you have

     ;; flags: qr rd ra;

There is no "aa", so the answer comes from the cache.  Sometime in the
past, the nameserver did a lookup for ftp.nai.com and cached the
negative answer.  When you flushed the cache, the nameserver had to
do another lookup for ftp.nai.com; this time it got an answer.  I did
the same queries, and I received an answer.  I (and dnsreport) see
nothing wrong with the zone that contains ftp.nai.com.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list