Bind 9.4.2 and unit5.org

Kevin Darcy kcd at chrysler.com
Thu May 15 05:43:16 UTC 2008 

Hmmm... I must admit I'm a little confused about this myself. It seems 
like 4 of the 6 TLD servers for .org do *not* provide the glue record 
for ns.unit5.org when (non-recursively) queried directly for it. But 
that glue record should be present in the parent zone, right? So why 
wouldn't they answer with it?

Thus, hypothetically, if a caching resolver were to expire the 
ns.unit5.org A record while still having the unit5.org NS records in 
cache, it might work its way back up the tree, but then get 4 "bad" 
responses (referrals that it can't use) consecutively, rather than the 
glue record that it needs. I'm thinking this might be egregious enough 
for it to give up with SERVFAIL.

Is this normal for .org? As a commercial enterprise, we don't have many 
domains in .org, so I'm not terribly familiar with their standards and 
practices.

                                                                         
                                    - Kevin

Fr34k wrote:
> Hello,
> I have an interesting issue and I am hoping someone can explain to me why BIND is behaving the way it is.
> There is a domain unit5.org with two NS according to WHOIS
> >From WHOIS:
> Name Server:NS.UNIT5.ORG
> Name Server:NS2.UNIT5.ORG
>    Domain servers in listed order:
>    NS.UNIT5.ORG                 207.63.250.13
>    NS2.UNIT5.ORG                207.63.250.12
>
> One NS is NOT responsive = ns2.unit5.org
> Shouldn't the other NS be able to support any/all queries for this domain?
> If so, I'm not having any luck with queries reaching ns.unit5.org with BIND 9.4.2:
> $ host -a unit5.org
> Trying "unit5.org"
> Host unit5.org not found: 2(SERVFAIL)
> Received 27 bytes from BIND942SERVER#53 in 1 ms
>
> $ host -a unit5.org NS.UNIT5.ORG
> Trying "unit5.org"
> host: Couldn't find server 'NS.UNIT5.ORG': Temporary failure in name resolution
>
> However, when I use the IP address of ns.unit5.org, I can get a response:
> $ host -a unit5.org 207.63.250.13
> Trying "unit5.org"
> Using domain server:
> Name: 207.63.250.13
> Address: 207.63.250.13#53
> Aliases:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48610
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
> ;; QUESTION SECTION:
> ;unit5.org.                     IN      ANY
> ;; ANSWER SECTION:
> unit5.org.              43200   IN      SOA     ns.unit5.org. spam.unit5.org. 20070335 3600 900 1209600 43200
> unit5.org.              43200   IN      MX      10 spammail.unit5.org.
> unit5.org.              43200   IN      MX      200 mail.unit5.org.
> unit5.org.              43200   IN      NS      ns.unit5.org.
> ;; ADDITIONAL SECTION:
> spammail.unit5.org.     43200   IN      A       207.63.250.10
> mail.unit5.org.         43200   IN      A       207.63.250.6
> ns.unit5.org.           43200   IN      A       207.63.250.13
> Received 179 bytes from 207.63.250.13#53 in 40 ms
>
> Other DNS servers on the Internet are dealing with unit5.org's current configuration.
> Thoughts?
>
>
>
>

More information about the bind-users mailing list