Dig giving different output?
Barry Margolin
barmar at alum.mit.edu
Tue Apr 22 01:03:07 UTC 2008
In article <fuj8lg$jjo$1 at sf1.isc.org>,
Scott Baker <bakers at web-ster.com> wrote:
> We're having problems resolving ns1.portline-dns.net right now.
>
> root at taurus(~)
> :dig ns1.portline-dns.net
>
> ; <<>> DiG 9.4.1-P1 <<>> ns1.portline-dns.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20806
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ns1.portline-dns.net. IN A
>
> ;; AUTHORITY SECTION:
> portline-dns.net. 1332 IN SOA ns1.lnhi.net.
> administrator.lnhi.net. 2008041611 900 600 86400 3600
>
> ;; Query time: 1 msec
> ;; SERVER: 65.182.224.40#53(65.182.224.40)
> ;; WHEN: Mon Apr 21 16:29:20 2008
> ;; MSG SIZE rcvd: 97
>
> No answer... same server, just adding the +trace option 3 seconds later.
>
> root at taurus(~)
> :dig ns1.portline-dns.net +trace
>
> ; <<>> DiG 9.4.1-P1 <<>> ns1.portline-dns.net +trace
> ;; global options: printcmd
> . 419952 IN NS f.root-servers.net.
> . 419952 IN NS j.root-servers.net.
> . 419952 IN NS a.root-servers.net.
> . 419952 IN NS c.root-servers.net.
> . 419952 IN NS h.root-servers.net.
> . 419952 IN NS m.root-servers.net.
> . 419952 IN NS b.root-servers.net.
> . 419952 IN NS d.root-servers.net.
> . 419952 IN NS e.root-servers.net.
> . 419952 IN NS g.root-servers.net.
> . 419952 IN NS l.root-servers.net.
> . 419952 IN NS i.root-servers.net.
> . 419952 IN NS k.root-servers.net.
> ;; Received 500 bytes from 65.182.224.40#53(65.182.224.40) in 1 ms
>
> net. 172800 IN NS C.GTLD-SERVERS.net.
> net. 172800 IN NS D.GTLD-SERVERS.net.
> net. 172800 IN NS E.GTLD-SERVERS.net.
> net. 172800 IN NS F.GTLD-SERVERS.net.
> net. 172800 IN NS G.GTLD-SERVERS.net.
> net. 172800 IN NS H.GTLD-SERVERS.net.
> net. 172800 IN NS I.GTLD-SERVERS.net.
> net. 172800 IN NS J.GTLD-SERVERS.net.
> net. 172800 IN NS K.GTLD-SERVERS.net.
> net. 172800 IN NS L.GTLD-SERVERS.net.
> net. 172800 IN NS M.GTLD-SERVERS.net.
> net. 172800 IN NS A.GTLD-SERVERS.net.
> net. 172800 IN NS B.GTLD-SERVERS.net.
> ;; Received 507 bytes from 192.36.148.17#53(i.root-servers.net) in 329 ms
>
> ns1.portline-dns.net. 172800 IN A 209.41.184.100
> portline-dns.net. 172800 IN NS ns1.portline-dns.net.
> portline-dns.net. 172800 IN NS ns2.portline-dns.net.
> ;; Received 118 bytes from 192.31.80.30#53(D.GTLD-SERVERS.net) in 54 ms
>
> Now I get 209.41.184.100! Switching back and forth between +trace and
> without I get different results. How is that?
When you use +trace, you're not getting the answer from your server.
+trace tells dig to perform iterative resolution itself, rather than
asking your caching server.
The problem is that the nameservers for portline-dns.net don't have any
records for ns1.portline-dns.net. When you use +trace, dig stops as
soon as it gets the glue records from the GTLD server. But when you ask
a caching nameserver for the A record, it tries asking the authoritative
servers for the domain rather than use the glue records from the parent
domain.
Actually, you can see what's in your server's cache by using the
+norecurse option:
dig ns1.portline-dns.net a +norec
The operators of portline-dns.net need to get their NS records in
agreement with their delegation. The records on the authoritative
servers say:
;; ANSWER SECTION:
portline-dns.net. 3600 IN NS ns1.lnhi.net.
portline-dns.net. 3600 IN NS ns2.lnhi.net.
portline-dns.net. 3600 IN NS ns3.lnhi.net.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list