Recursive DNS problem
bangla desh
bangla.rptr at gmail.com
Fri Jan 28 02:52:42 UTC 2011
> ---------- Forwarded message ----------
> From: "Torinthiel" <torinthiel at data.pl>
> To: "\"bind-users at lists.isc.org\"" <bind-users at lists.isc.org>
> Date: Thu, 27 Jan 2011 11:08:07 +0100
> Subject: Re: Recursive DNS problem
> Dnia 2011-01-27 17:38 bangla desh napisał(a):
> >
> >Hello all,
> >
> >I am running Bind 9.7.1-p2 as recursive dns. I encountered this problem
> with
> >the domain hsbc.com.bd. When I dig hsbc.com.bd, it gives me a connection
> >timed out response.
> >
>
> [cut]
> >
> >I digged further about the problem as to what causes it. I found out that
> if
> >I clear the cache and then dig first the ns record(s) of com.bd, before I
> >dig hsbc.com.bd, I will be able to replicate the problem.
>
> can't reproduce it here, works for me when I try stright hsbc.com.bd, or
> dig
> ns com.bd beforehand, or dig both ns bd and com.bd.
> >
> >What bothered me is what is in com.bd that blocks the response from
> >hsbc.com.bd? Please I need your inputs.
>
> One thing for sure. It has only one nameserver. This is plainly wrong, each
> domain should have at least 2 (and SLD like this one even more).
> does it work when you type
> dig ns hsbc.com.bd @ns.com.bd
> because that's what fails for me.
>
> And there's more:
>
> $ dig ns com.bd @dns.bd
>
> ; <<>> DiG 9.7.1 <<>> ns com.bd @dns.bd
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57519
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;com.bd. IN NS
>
> ;; ANSWER SECTION:
> com.bd. 86400 IN NS ns.com.bd.
>
> ;; ADDITIONAL SECTION:
> ns.com.bd. 86400 IN A 203.112.194.18
>
> ;; Query time: 368 msec
> ;; SERVER: 209.58.24.3#53(209.58.24.3)
> ;; WHEN: Thu Jan 27 11:00:46 2011
> ;; MSG SIZE rcvd: 57
>
> $ dig ns hsbc.com.bd @dns.bd
>
> ; <<>> DiG 9.7.1 <<>> ns hsbc.com.bd @dns.bd
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2379
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;hsbc.com.bd. IN NS
>
> ;; AUTHORITY SECTION:
> hsbc.com.bd. 86400 IN NS ns11.hsbc.com.hk.
> hsbc.com.bd. 86400 IN NS ns13.hsbc.com.hk.
> hsbc.com.bd. 86400 IN NS ns1.hsbc.com.sg.
>
> ;; Query time: 368 msec
> ;; SERVER: 209.58.24.3#53(209.58.24.3)
> ;; WHEN: Thu Jan 27 11:01:07 2011
> ;; MSG SIZE rcvd: 107
>
> Which means that DNS server for .bd domain (at leas one of them) returns
> answer for ns for .com.bd (ok, it is a delegation probably), but also a
> (non-authorative) answer for hsbc.com.bd. This is a bit strange, it
> doesn't
> provide recursive queries, it has delegation for com.bd, but it's still
> willing to return deeper answers.
> Now, what happens when you have clear cache is that it asks dns.bd for
> reference and gets hsbc records. But if you have NS com.bd in your cache,
> bind probably assumes (and quite correclty) that it shoud ask com.bd
> nameservers, not the bd. ones. But com.bd ones don't provide an answer, so
> you have timeout.
> Looks like the com.bd zone is broken somewhat. either the delegation
> should
> be removed from bd, or the server needs fixing and adding another servers
> is
> necessary.
> Torinthiel
>
>
> I believed so that com.bd is broken. It only has 1 ns server and
hsbc.com.bd, whois.com.bd and even google.com.bd they are all delegate
directly from bd and not from com.bd.
I am wondering, is there a dns rule/standard (or RFC) that explains about
delegation?
-Bangla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110128/332b77ac/attachment.html>
More information about the bind-users
mailing list