Parent or Child NS records ?

Andris Kalnozols andris at hpl.hp.com
Wed Apr 19 02:47:20 UTC 2000 

> 
> Question; I see that our parent (.gov - or any of the root-servers)
> hands out 3 NS (& glue A records) for our domain, but another BIND
> server has different results at different times...the one set which
> contains auth00 is held on on parent, but the set of 3 which are all
> 151.200.x.x are held on our own DNS server, NS. Why the difference at
> different times ?
> 
> Non-authoritative answer (from d.root...)
> uspto.gov       nameserver = NS.uspto.gov
> uspto.gov       nameserver = AUTH00.NS.UU.NET
> uspto.gov       nameserver = NS2.uspto.gov
> 
> NS.uspto.gov    internet address = 151.200.97.38
> AUTH00.NS.UU.NET        internet address = 198.6.1.65
> NS2.uspto.gov   internet address = 151.200.97.39
> 
> but when I check the DNS server that I'm dialed into at time-1:
> > uspto.gov.
> Server:  [207.69.188.186]
> Address:  207.69.188.186
> 
> ------------
> Got answer:
>     HEADER:
>         opcode = QUERY, id = 7, rcode = NOERROR
>         header flags:  response, want recursion, recursio
>         questions = 1,  answers = 3,  authority records =
> 
>     QUESTIONS:
>         uspto.gov, type = NS, class = IN
>     ANSWERS:
>     ->  uspto.gov
>         nameserver = mail1.uspto.gov
>         ttl = 1065 (17 mins 45 secs)
>     ->  uspto.gov
>         nameserver = mail2.uspto.gov
>         ttl = 1065 (17 mins 45 secs)
>     ->  uspto.gov
>         nameserver = ns.uspto.gov
>         ttl = 1065 (17 mins 45 secs)
>     ADDITIONAL RECORDS:
>     ->  mail1.uspto.gov
>         internet address = 151.200.97.38
>         ttl = 1065 (17 mins 45 secs)
>     ->  mail2.uspto.gov
>         internet address = 151.200.97.39
>         ttl = 1065 (17 mins 45 secs)
>     ->  ns.uspto.gov
>         internet address = 151.200.97.38
>         ttl = 83865 (23 hours 17 mins 45 secs)
> 

Verifying zone data for domain 'uspto.gov'.
Getting NS RRset...
Transferring zone... (from 'NS.uspto.gov' [151.200.97.38])
Parsing zone data... (NS BIND version: 4.9.7)
Performing in-zone and external lookups...

Warning: found CNAME(s) pointing to the following problematic domain name(s):
 apollo.uspto.gov.                      [ no such RR ]
Warning: found zone(s) not having at least two listed nameservers (RFC-1034):
 itl                    3600    IN NS   dns.itl
Warning: found inconsistent NS RRsets surrounding the zone boundary (RFC-1034):
 uspto.gov.             IN NS   auth00.ns.uu.net.
                        IN NS   ns.uspto.gov.
                        IN NS   ns2.uspto.gov.
 (non-authoritative)
 ---------------------------- zone cut ----------------------------
 (  authoritative  )
 @                      IN NS   mail1.uspto.gov.
                        IN NS   mail2.uspto.gov.
                        IN NS   ns.uspto.gov.


Nameservers since BIND 4.9 measure credibility of cached data and will
give out the most credible answers that they can.  Authoritative data
from your zone's nameservers are more credible than that supplied by
the root servers and thus will be preferred once a nameserver has a
chance to compare the two sources.  [cribbed from p. 305-306 of
_DNS_and_BIND_, 3rd. ed.]

Andy

More information about the bind-users mailing list