Odd result for a redeleageted domain

Jeff Reasoner jeff.reasoner at mail.hccanet.org
Fri Aug 24 19:19:37 UTC 2007


On Fri, 2007-08-24 at 15:01, Simon Dodd wrote:
> I have what seems like an odd issue. It's something of a moot point in that 
> I'm pretty sure that whatever the issue is, it's on the authoritative side 
> (which we don't control), but a customer brought it to us, it's a little odd 
> and I'd like to understand what's going on.
> 
> The authoritative name servers for thereddress.com at the parent zone are 

Here you have thereddress.com and hereafter you are quering for
thereddresser.com. The missing *er* could contribute to the confusion.

> ns1.buyhttp.com and ns2.buyhttp.com. The "correct" IP for 
> www.thereddresser.com is 67.18.164.50. If I look up that record directly at 
> the listed name servers that's the IP I get back:
> 
>     [simon at linux1 simon]$ dig www.thereddresser.com @ns1.buyhttp.com +short 
> thereddresser.com.
>     67.18.164.50
>     [simon at linux1 simon]$ dig www.thereddresser.com @ns2.buyhttp.com +short 
> thereddresser.com.
>     67.18.164.50
> 
> If I run a DNS report on the domain name, 
> http://www.dnsstuff.com/tools/dnsreport.ch?domain=thereddresser.com, it 
> reports that although the authoritative name servers for thereddress.com at 
> the parent zone are ns1.buyhttp.com and ns2.buyhttp.com, the NS records at 
> the nameservers are ns1.mosmenu.com and ns2.mosmenu.com.
> 
> If I look the domain up on our recursors (all four run BIND 9) they get 
> back:
> 
>     % dig www.thereddresser.com +trace
> 
>     <<snip>>
> 
>     ;; ANSWER SECTION:
>     www.thereddresser.com.  47m38s IN A     8.15.231.100
> 
>     ;; AUTHORITY SECTION:
>     thereddresser.com.      1h27m43s IN NS  ns1.mosmenu.com.
>     thereddresser.com.      1h27m43s IN NS  ns2.mosmenu.com.
> 
>     ;; ADDITIONAL SECTION:
>     ns1.mosmenu.com.        1d5h20m2s IN A  8.15.231.100
>     ns2.mosmenu.com.        1d5h20m2s IN A  8.15.231.100
> 
> Which, of course, is the wrong IP. Apparently - take with a pinch of salt - 
> this is working for customers of other ISPs than mine. Nevertheless, 
> querying Verizon's name servers, I see that they get the right answer:
> 
>     [simon at linux1 simon]$ dig www.thereddresser.com @4.2.2.1 +short 
> thereddresser.com.
>     67.18.164.50
>     [simon at linux1 simon]$ dig www.thereddresser.com @4.2.2.2 +short 
> thereddresser.com.
>     67.18.164.50
> 
> Ours don't:
> 
>     [simon at linux1 simon]$ dig www.thereddresser.com @12.109.94.4 +short 
> 8.15.231.100
>     [simon at linux1 simon]$ dig www.thereddresser.com @12.109.94.5 +short 
> 8.15.231.100
> 
> Another customer today brought an identical problem to me with the domain 
> fccparis.org, which has an identical DNS setup - BuyHTTP redelgated to 
> MosMenu. So what would be causing this? Seemingly, the ns1.buyhttp.com 
> provide one answer but also delegate to the other pair, each providing 
> different answers. The closest that I can understand would be that if the 
> auth provider is running bind, the zone file at ns1 and 2.buyhttp.com would 
> be something like this:
> 
>     @        IN     NS  ns1.mosmenu.com.
>     @        IN     NS  ns2.mosmenu.com.
>     @        IN     A  67.18.164.50
>     www    IN     CNAME  @
> 
> Are my name servers broken because they're querying the "mosmenu" pair (and 
> if not, why aren't verizons) or is their (BuyHTTP's) config completely 
> screwy - and if the latter (out of curiosity) how and why would you create 
> such a result?
> 
> Regards,
> 
> Simon Dodd,
> Hostmaster,
> Joink Internet
> 
> E: simon.dodd at joinkllc.com
> T: +1 (812) 234 5100 x116
> F: +1 (812) 234 5144
> 
> ------------------------
> "In Critical and baffling situations, it is always best to return to first 
> principle and simple action" - Sir Winston Churchill 
> 
> 



More information about the bind-users mailing list