subdomain delegation -> bad referral
Ingo T. Storm
its at computerbild.de
Thu Nov 25 19:39:34 UTC 1999
Hi,
I want to apologize right away: I MUST be missing s.th. really stupid
here... The posting is longish, too, but I wanted to give all the
relevant data.
I run an internal name server cbnt1.combi.de (NT BIND 4.9.7) being
master for domain combi.de. The master zone file contains the lines
sub.combi.de. IN NS cbnt2
cbnt2 IN A 192.168.0.4
cbnt2 runs NT BIND 4.9.7, too. It's named.boot contains the line
primary sub.combi.de db.sub.combi.de
db.sub.combi.de reads
@ SOA cbnt2.combi.de. postmaster.combi.de. (
1999112504
21600
3600
691200
86400 )
IN NS cbnt2.combi.de.
mail IN A 192.168.0.2
www IN A 192.168.0.2
I reloaded, later restarted both servers. DIGging cbnt2 yields:
; <<>> DiG 2.2 <<>> www.sub.combi.de @cbnt2
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd ra; Ques: 1, Ans: 1, Auth: 1, Addit: 1
;; QUESTIONS:
;; www.sub.combi.de, type = A, class = IN
;; ANSWERS:
www.sub.combi.de. 86400 A 192.168.0.2
;; AUTHORITY RECORDS:
sub.combi.de. 86400 NS cbnt2.combi.de.
;; ADDITIONAL RECORDS:
cbnt2.combi.de. 3600 A 192.168.0.4
;; Total query time: 10 msec
;; FROM: dukat to SERVER: cbnt2 192.168.0.4
;; WHEN: Thu Nov 25 20:04:36 1999
;; MSG SIZE sent: 34 rcvd: 98
i.e. cbnt2 does think it is authoritative for sub.combi.de. DIGging
cbnt1 for sub.combi.de yields
; <<>> DiG 2.2 <<>> sub.combi.de @cbnt1 NS
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 0, Addit: 1
;; QUESTIONS:
;; sub.combi.de, type = NS, class = IN
;; ANSWERS:
sub.combi.de. 3600 NS cbnt2.combi.de.
;; ADDITIONAL RECORDS:
cbnt2.combi.de. 3600 A 192.168.0.4
;; Total query time: 10 msec
;; FROM: dukat to SERVER: cbnt1 192.168.0.2
;; WHEN: Thu Nov 25 20:11:33 1999
;; MSG SIZE sent: 30 rcvd: 74
i.e. it does know that cbnt2 is authoritative for sub.combi.de. Alas,
digging for an RR in that zone yields
; <<>> DiG 2.2 <<>> www.sub.combi.de @cbnt1
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
;; QUESTIONS:
;; www.sub.combi.de, type = A, class = IN
;; AUTHORITY RECORDS:
combi.de. 86400 SOA ns1.combi.de. postmaster.combi.de. (
1998121501 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
691200 ; expire (8 days)
86400 ) ; minimum (1 day)
;; Total query time: 12428 msec
;; FROM: dukat to SERVER: cbnt1 192.168.0.2
;; WHEN: Thu Nov 25 20:06:13 1999
;; MSG SIZE sent: 34 rcvd: 93
i.e. it seems to think it is not authoritative and it logs a
bad referral (combi.de !< sub.combi.de)
What am I missing?
Cheers,
Ingo
More information about the bind-users
mailing list