www.spps-serv.ch - what is going on here?

Karl Auer kauer at biplane.com.au
Fri Jul 25 00:14:56 UTC 2008 

This is almost certainly a stupid question, but I can't get my head
around it.
It all started because our people complained that they couldn't resolve
www.spps-serv.ch. Except that sometimes, they could.

First off, here's the trace to the SOA for spps-serv.ch:

kauer at karl:~$ dig +trace spss-serv.ch
[...]
spss-serv.ch.           43200   IN      NS      ns1.spss-serv.ch.
spss-serv.ch.           43200   IN      NS      ns2.spss-serv.ch.
;; Received 98 bytes from 194.146.106.10#53(ch1.dnsnode.net) in 2100 ms

spss-serv.ch.           3600    IN      SOA
spss-services.spss-servers.ch. hostmaster.spss-servers.ch. 21 900 600
86400 3600

When looked up normally, these nameservers don't exist:
kauer at karl:~$ dig +short ns1.spss-serv.ch. 
kauer at karl:~$ dig +short ns2.spss-serv.ch. 

But if you ask them, by name, about themselves, they can be resolved and
can answer!
kauer at karl:~$ dig +short ns1.spss-serv.ch. @ns1.spss-serv.ch.
212.215.3.70
kauer at karl:~$ dig +short ns2.spss-serv.ch. @ns1.spss-serv.ch.
212.215.3.74

Both of them have data for www.spss-serv.ch:
kauer at karl:~$ dig +short www.spss-serv.ch. @ns1.spss-serv.ch. 
212.215.3.70
kauer at karl:~$ dig +short www.spss-serv.ch. @ns2.spss-serv.ch. 
212.215.3.70

If you ask those nameservers to tell you the zone nameservers, though,
you get a totally different nameserver name back:

kauer at karl:~$ dig +short spss-serv.ch ns @ns1.spss-serv.ch.
spss-services.spss-servers.ch.
kauer at karl:~$ dig +short spss-serv.ch ns @ns2.spss-serv.ch.
spss-services.spss-servers.ch.

And (drum roll), that nameserver name doesn't resolve:
; <<>> DiG 9.3.4-P1.1 <<>> spss-services.spss-servers.ch.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 985

Not even on the delegated servers:
; <<>> DiG 9.3.4-P1.1 <<>> spss-services.spss-servers.ch. @ns1.spss-serv.ch.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63399

So the zone is seriously confused. So am I. What I don't understand is
why the officially delegated nameservers can be resolved when asked
about themselves, but not when the ordinary resolvers are asked to
resolve them. Something to do with when dig decides to go via the root?

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at  : random.sks.keyserver.penguin.de

More information about the bind-users mailing list