<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>---------- Forwarded message ----------<br>From: "Torinthiel" <<a href="mailto:torinthiel@data.pl">torinthiel@data.pl</a>><br>
To: "\"<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>\"" <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br>Date: Thu, 27 Jan 2011 11:08:07 +0100<br>
Subject: Re: Recursive DNS problem<br>Dnia 2011-01-27 17:38 bangla desh napisał(a):<br>
><br>
>Hello all,<br>
><br>
>I am running Bind 9.7.1-p2 as recursive dns. I encountered this problem<br>
with<br>
>the domain <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>. When I dig <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>, it gives me a connection<br>
>timed out response.<br>
><br>
<br>
[cut]<br>
><br>
>I digged further about the problem as to what causes it. I found out that<br>
if<br>
>I clear the cache and then dig first the ns record(s) of <a href="http://com.bd" target="_blank">com.bd</a>, before I<br>
>dig <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>, I will be able to replicate the problem.<br>
<br>
can't reproduce it here, works for me when I try stright <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>, or dig<br>
ns <a href="http://com.bd" target="_blank">com.bd</a> beforehand, or dig both ns bd and <a href="http://com.bd" target="_blank">com.bd</a>.<br>
><br>
>What bothered me is what is in <a href="http://com.bd" target="_blank">com.bd</a> that blocks the response from<br>
><a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>? Please I need your inputs.<br>
<br>
One thing for sure. It has only one nameserver. This is plainly wrong, each<br>
domain should have at least 2 (and SLD like this one even more).<br>
does it work when you type<br>
dig ns <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a> @<a href="http://ns.com.bd" target="_blank">ns.com.bd</a><br>
because that's what fails for me.<br>
<br>
And there's more:<br>
<br>
$ dig ns <a href="http://com.bd" target="_blank">com.bd</a> @<a href="http://dns.bd" target="_blank">dns.bd</a><br>
<br>
; <<>> DiG 9.7.1 <<>> ns <a href="http://com.bd" target="_blank">com.bd</a> @<a href="http://dns.bd" target="_blank">dns.bd</a><br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57519<br>
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<br>
;; WARNING: recursion requested but not available<br>
<br>
;; QUESTION SECTION:<br>
;<a href="http://com.bd" target="_blank">com.bd</a>. IN NS<br>
<br>
;; ANSWER SECTION:<br>
<a href="http://com.bd" target="_blank">com.bd</a>. 86400 IN NS <a href="http://ns.com.bd" target="_blank">ns.com.bd</a>.<br>
<br>
;; ADDITIONAL SECTION:<br>
<a href="http://ns.com.bd" target="_blank">ns.com.bd</a>. 86400 IN A 203.112.194.18<br>
<br>
;; Query time: 368 msec<br>
;; SERVER: 209.58.24.3#53(209.58.24.3)<br>
;; WHEN: Thu Jan 27 11:00:46 2011<br>
;; MSG SIZE rcvd: 57<br>
<br>
$ dig ns <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a> @<a href="http://dns.bd" target="_blank">dns.bd</a><br>
<br>
; <<>> DiG 9.7.1 <<>> ns <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a> @<a href="http://dns.bd" target="_blank">dns.bd</a><br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2379<br>
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0<br>
;; WARNING: recursion requested but not available<br>
<br>
;; QUESTION SECTION:<br>
;<a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>. IN NS<br>
<br>
;; AUTHORITY SECTION:<br>
<a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>. 86400 IN NS <a href="http://ns11.hsbc.com.hk" target="_blank">ns11.hsbc.com.hk</a>.<br>
<a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>. 86400 IN NS <a href="http://ns13.hsbc.com.hk" target="_blank">ns13.hsbc.com.hk</a>.<br>
<a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>. 86400 IN NS <a href="http://ns1.hsbc.com.sg" target="_blank">ns1.hsbc.com.sg</a>.<br>
<br>
;; Query time: 368 msec<br>
;; SERVER: 209.58.24.3#53(209.58.24.3)<br>
;; WHEN: Thu Jan 27 11:01:07 2011<br>
;; MSG SIZE rcvd: 107<br>
<br>
Which means that DNS server for .bd domain (at leas one of them) returns<br>
answer for ns for .<a href="http://com.bd" target="_blank">com.bd</a> (ok, it is a delegation probably), but also a<br>
(non-authorative) answer for <a href="http://hsbc.com.bd" target="_blank">hsbc.com.bd</a>. This is a bit strange, it doesn't<br>
provide recursive queries, it has delegation for <a href="http://com.bd" target="_blank">com.bd</a>, but it's still<br>
willing to return deeper answers.<br>
Now, what happens when you have clear cache is that it asks <a href="http://dns.bd" target="_blank">dns.bd</a> for<br>
reference and gets hsbc records. But if you have NS <a href="http://com.bd" target="_blank">com.bd</a> in your cache,<br>
bind probably assumes (and quite correclty) that it shoud ask <a href="http://com.bd" target="_blank">com.bd</a><br>
nameservers, not the bd. ones. But <a href="http://com.bd" target="_blank">com.bd</a> ones don't provide an answer, so<br>
you have timeout.<br>
Looks like the <a href="http://com.bd" target="_blank">com.bd</a> zone is broken somewhat. either the delegation should<br>
be removed from bd, or the server needs fixing and adding another servers is<br>
necessary.<br>
Torinthiel<br>
<br>
<br></blockquote><div>I believed so that <a href="http://com.bd">com.bd</a> is broken. It only has 1 ns server and <a href="http://hsbc.com.bd">hsbc.com.bd</a>, <a href="http://whois.com.bd">whois.com.bd</a> and even <a href="http://google.com.bd">google.com.bd</a> they are all delegate directly from bd and not from <a href="http://com.bd">com.bd</a>. </div>
<div><br></div><div>I am wondering, is there a dns rule/standard (or RFC) that explains about delegation? </div><div><br></div><div>-Bangla</div></div>