after delegation

Chris Thompson cet1 at hermes.cam.ac.uk
Fri Nov 16 15:22:00 UTC 2007 

On Nov 16 2007, Niall O'Reilly wrote:

>On 16 Nov 2007, at 11:40, Byung-Hee HWANG wrote:
>
>> last Monday, my domain master gave me the authority to control
>> [izb.knu.ac.kr] with dns operating. since then, [izb.knu.ac.kr] has  
>> been
>> controling by [chrys.izb.knu.ac.kr]. but someday i found out some
>> strange log in [chrys.izb.knu.ac.kr]'s /var/log/messages:
>>
>> Nov 16 14:51:31 chrys named[32597]: client 155.230.10.2#36819:  
>> received
>> notify for zone 'knu.ac.kr': not authoritative
>>
>> can you please explain the above log for what? and what can i do for
>> solving the matter?
>
>	Some system is sending your server a NOTIFY for the 'knu.ac.kr'.
>	Dig is your friend ...
>
>sixte(niall)1: dig +short chrys.izb.knu.ac.kr
>155.230.165.20
>
>	Your server seems to have the address 155.230.165.20.
>
>sixte(niall)2: dig +short -x 155.230.10.2
>ns.knu.ac.kr.
>
>	The NOTIFY is coming from a system which seems to be called
>	'ns.knu.ac.kr'.
>
>sixte(niall)3: dig +norec @155.230.165.20 knu.ac.kr
>
>; <<>> DiG 9.3.4 <<>> +norec @155.230.165.20 knu.ac.kr
>; (1 server found)
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53675
>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
>
>	The server at 155.230.165.20 is not authoritative for 'knu.ac.kr',
>	so it can't do anything about the NOTIFY.  The NOTIFY not useful.
>
>	It would be reasonable to ask the people who look after 'ns.knu.ac.kr'
>	to avoid sending you NOTIFY for their zone.

The reason it is sending you a NOTIFY is (alomost certainly) because
it believes you are an official slave server for the zone:

$ dig ns knu.ac.kr @155.230.10.2

; <<>> DiG 9.3.3 <<>> ns knu.ac.kr @155.230.10.2
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1623
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 6

;; QUESTION SECTION:
;knu.ac.kr.                     IN      NS

;; ANSWER SECTION:
knu.ac.kr.              1000    IN      NS      ns.ce.knu.ac.kr.
knu.ac.kr.              1000    IN      NS      ns.metal.knu.ac.kr.
knu.ac.kr.              1000    IN      NS      chrys.izb.knu.ac.kr.
knu.ac.kr.              1000    IN      NS      pinus.izb.knu.ac.kr.
knu.ac.kr.              1000    IN      NS      ns.knu.ac.kr.
knu.ac.kr.              1000    IN      NS      ns2.knu.ac.kr.

;; ADDITIONAL SECTION:
ns.ce.knu.ac.kr.        1000    IN      A       155.230.29.7
ns.metal.knu.ac.kr.     1000    IN      A       155.230.173.55
chrys.izb.knu.ac.kr.    1000    IN      A       155.230.165.20
pinus.izb.knu.ac.kr.    1000    IN      A       155.230.157.93
ns.knu.ac.kr.           1000    IN      A       155.230.10.2
ns2.knu.ac.kr.          1000    IN      A       155.230.128.2

;; Query time: 300 msec
;; SERVER: 155.230.10.2#53(155.230.10.2)
;; WHEN: Fri Nov 16 15:11:46 2007
;; MSG SIZE  rcvd: 245

That in-zone set of NS records is much larger than the set in the 
delegation for knu.ac.kr (which has only ns.knu.ac.kr and ns2.knu.ac.kr). 

Ask them what they are up to.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list