Odd result for a redeleageted domain
simon.dodd at joink.com
Fri Aug 24 19:01:12 UTC 2007
I have what seems like an odd issue. It's something of a moot point in that
I'm pretty sure that whatever the issue is, it's on the authoritative side
(which we don't control), but a customer brought it to us, it's a little odd
and I'd like to understand what's going on.
The authoritative name servers for thereddress.com at the parent zone are
ns1.buyhttp.com and ns2.buyhttp.com. The "correct" IP for
www.thereddresser.com is 126.96.36.199. If I look up that record directly at
the listed name servers that's the IP I get back:
[simon at linux1 simon]$ dig www.thereddresser.com @ns1.buyhttp.com +short
[simon at linux1 simon]$ dig www.thereddresser.com @ns2.buyhttp.com +short
If I run a DNS report on the domain name,
reports that although the authoritative name servers for thereddress.com at
the parent zone are ns1.buyhttp.com and ns2.buyhttp.com, the NS records at
the nameservers are ns1.mosmenu.com and ns2.mosmenu.com.
If I look the domain up on our recursors (all four run BIND 9) they get
% dig www.thereddresser.com +trace
;; ANSWER SECTION:
www.thereddresser.com. 47m38s IN A 188.8.131.52
;; AUTHORITY SECTION:
thereddresser.com. 1h27m43s IN NS ns1.mosmenu.com.
thereddresser.com. 1h27m43s IN NS ns2.mosmenu.com.
;; ADDITIONAL SECTION:
ns1.mosmenu.com. 1d5h20m2s IN A 184.108.40.206
ns2.mosmenu.com. 1d5h20m2s IN A 220.127.116.11
Which, of course, is the wrong IP. Apparently - take with a pinch of salt -
this is working for customers of other ISPs than mine. Nevertheless,
querying Verizon's name servers, I see that they get the right answer:
[simon at linux1 simon]$ dig www.thereddresser.com @18.104.22.168 +short
[simon at linux1 simon]$ dig www.thereddresser.com @22.214.171.124 +short
[simon at linux1 simon]$ dig www.thereddresser.com @126.96.36.199 +short
[simon at linux1 simon]$ dig www.thereddresser.com @188.8.131.52 +short
Another customer today brought an identical problem to me with the domain
fccparis.org, which has an identical DNS setup - BuyHTTP redelgated to
MosMenu. So what would be causing this? Seemingly, the ns1.buyhttp.com
provide one answer but also delegate to the other pair, each providing
different answers. The closest that I can understand would be that if the
auth provider is running bind, the zone file at ns1 and 2.buyhttp.com would
be something like this:
@ IN NS ns1.mosmenu.com.
@ IN NS ns2.mosmenu.com.
@ IN A 184.108.40.206
www IN CNAME @
Are my name servers broken because they're querying the "mosmenu" pair (and
if not, why aren't verizons) or is their (BuyHTTP's) config completely
screwy - and if the latter (out of curiosity) how and why would you create
such a result?
E: simon.dodd at joinkllc.com
T: +1 (812) 234 5100 x116
F: +1 (812) 234 5144
"In Critical and baffling situations, it is always best to return to first
principle and simple action" - Sir Winston Churchill
More information about the bind-users