epza.gov.tw. MX

Mark K. Pettit pettit at yahoo-inc.com
Mon Aug 8 20:15:15 UTC 2011 

My resolvers, running BIND 9.7.3P3, are having a difficult time resolving the MX record for the zone "epza.gov.tw.".

When I run "dig +trace", this is the response I get:

$ dig +trace epza.gov.tw. mx

; <<>> DiG 9.7.3-P3 <<>> +trace epza.gov.tw. mx
;; global options: +cmd
.			381415	IN	NS	c.root-servers.net.
.			381415	IN	NS	b.root-servers.net.
.			381415	IN	NS	g.root-servers.net.
.			381415	IN	NS	m.root-servers.net.
.			381415	IN	NS	d.root-servers.net.
.			381415	IN	NS	j.root-servers.net.
.			381415	IN	NS	h.root-servers.net.
.			381415	IN	NS	k.root-servers.net.
.			381415	IN	NS	f.root-servers.net.
.			381415	IN	NS	i.root-servers.net.
.			381415	IN	NS	l.root-servers.net.
.			381415	IN	NS	a.root-servers.net.
.			381415	IN	NS	e.root-servers.net.
;; Received 512 bytes from 203.188.201.230#53(203.188.201.230) in 0 ms

tw.			172800	IN	NS	a.dns.tw.
tw.			172800	IN	NS	b.dns.tw.
tw.			172800	IN	NS	c.dns.tw.
tw.			172800	IN	NS	d.dns.tw.
tw.			172800	IN	NS	e.dns.tw.
tw.			172800	IN	NS	f.dns.tw.
tw.			172800	IN	NS	g.dns.tw.
tw.			172800	IN	NS	h.dns.tw.
tw.			172800	IN	NS	ns.twnic.net.
;; Received 471 bytes from 193.0.14.129#53(k.root-servers.net) in 157 ms

gov.tw.			86400	IN	NS	a.twnic.net.tw.
gov.tw.			86400	IN	NS	b.twnic.net.tw.
gov.tw.			86400	IN	NS	c.twnic.net.tw.
;; Received 191 bytes from 220.229.225.195#53(g.dns.tw) in 5 ms

epza.gov.tw.		43200	IN	NS	dns.epza.gov.tw.
;; Received 63 bytes from 192.83.166.9#53(a.twnic.net.tw) in 1 ms

;; connection timed out; no servers could be reached

But if I query any of [abc].twnic.net.tw. directly for the IP address of dns.epza.gov.tw, I get an answer.  Example:

$ dig @a.twnic.net.tw. epza.gov.tw. mx   

; <<>> DiG 9.7.3-P3 <<>> @a.twnic.net.tw. epza.gov.tw. mx
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32687
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;epza.gov.tw.			IN	MX

;; AUTHORITY SECTION:
epza.gov.tw.		43200	IN	NS	dns.epza.gov.tw.

;; ADDITIONAL SECTION:
dns.epza.gov.tw.	43200	IN	A	163.29.43.1

;; Query time: 2 msec
;; SERVER: 192.83.166.9#53(192.83.166.9)
;; WHEN: Tue Aug  9 04:14:09 2011
;; MSG SIZE  rcvd: 63

It appears to me that BIND is seeing this response, and then ignoring the IP in the Additional section.

Any idea why this might be happening?

Mark Pettit
pettit at yahoo-inc.com

More information about the bind-users mailing list