IP addresses in NS records seem to be breaking hostname resolution
David Botham
dns at botham.net
Wed Jul 17 13:30:59 UTC 2002
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Chris Davis
> Sent: Wednesday, July 17, 2002 8:52 AM
> To: 'bind-users at isc.org'
> Subject: IP addresses in NS records seem to be breaking hostname
> resolution
>
>
> Hello,
>
> I am experiencing a name resolution failure that appears to be due to
a
> zone
> containing NS records that have IP addresses rather than hostnames. I
am
> seeking help as to how I may avoid having these NS records cause name
> resolution failures on my resolver.
>
>
>
> Problem Description:
>
> A domain to which my systems must send frequent e-mail seems to have
NS
> records in their zone file that have IP address entries rather than
> hostnames, as such:
>
> @ IN NS 209.44.8.1
> @ IN NS 216.90.116.7
> @ IN NS 209.44.8.6
Do NOT do this. NS RR should have a domain name on the right side, not
an IP address.
>
>
> I have deduced the above configuration only from the following
> investigation. I have not viewed the zone file..
> host -t ns pacetech-inc.com 209.44.8.1
> Using domain server 209.44.8.1:
>
> pacetech-inc.com name server 209.44.8.1
> pacetech-inc.com name server 216.90.116.7
> pacetech-inc.com name server 209.44.8.6
However, I do not see what you are seeing:
dig ns pacetech-inc.com
; <<>> DiG 9.2.1 <<>> ns pacetech-inc.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58921
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;pacetech-inc.com. IN NS
;; ANSWER SECTION:
pacetech-inc.com. 172800 IN NS JH.DPLIV.com.
pacetech-inc.com. 172800 IN NS PCWEB.DPLIV.com.
;; ADDITIONAL SECTION:
JH.DPLIV.com. 172800 IN A 216.90.116.7
PCWEB.DPLIV.com. 172800 IN A 209.44.8.1
;; Query time: 56 msec
;; SERVER: 216.154.198.178#53(216.154.198.178)
;; WHEN: Wed Jul 17 09:03:36 2002
;; MSG SIZE rcvd: 109
There NS RR's look to be in order.
>
> The same results can be obtained from name servers 216.90.116.7 and
> 209.44.8.6 as well.
>
> Whenever these NS records are absent from my resolver's cache, meaning
> resolution of hostnames in their domain starts with the GTLD servers,
> hostname resolution for hosts within the domain works just fine. The
> problem arises only after a first hostname resolution because their
server
> passes their NS records to me as additional records during the first
> resolution. Subsequent resolutions fail until these NS records expire
or
> are cleared from my resolver's cache.
>
>
> Examples:
>
> Here is an example of my problem with the NS records that contain IP
> addresses already in my cache:
> host -t mx pacetech-inc.com
> Host not found, try again.
Works fine from here:
dig mx pacetech-inc.com
; <<>> DiG 9.2.1 <<>> mx pacetech-inc.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48463
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 2
;; QUESTION SECTION:
;pacetech-inc.com. IN MX
;; ANSWER SECTION:
pacetech-inc.com. 1798 IN MX 20 pcweb.dpliv.com.
pacetech-inc.com. 1798 IN MX 10
mail.pacetech-inc.com.
;; AUTHORITY SECTION:
pacetech-inc.com. 1798 IN NS 209.44.8.1.
pacetech-inc.com. 1798 IN NS 216.90.116.7.
pacetech-inc.com. 1798 IN NS 209.44.8.6.
;; ADDITIONAL SECTION:
pcweb.dpliv.com. 172656 IN A 209.44.8.1
mail.pacetech-inc.com. 1798 IN A 209.144.64.15
;; Query time: 1 msec
;; SERVER: 216.154.198.178#53(216.154.198.178)
;; WHEN: Wed Jul 17 09:06:00 2002
;; MSG SIZE rcvd: 189
>
> Here is an example of resolving the same hostname with an explicit
name
> server to use:
> host -t mx pacetech-inc.com 209.44.8.1
> Using domain server 209.44.8.1:
>
> pacetech-inc.com mail is handled (pri=20) by pcweb.dpliv.com
> pacetech-inc.com mail is handled (pri=10) by mail.pacetech-inc.com
>
> Action Taken:
> I have taken the preferred course of action and asked the
administrator
> (and
> everyone else related whom I can contact) to repair the NS records, to
no
> avail. No luck there.
Seeing the output from my dig above, do you still think there NS RR's
are wrong? Could there be some other problem on your end?
>
>
> Note:
>
> I can't just "bogus" their entire name servers because I do need the
MX
> and
> A records from them.
>
>
> My questions to bind users:
>
> Can I configure my bind 8.3.3-REL which is a caching only resolver to
> reject
> these NS records (that are provided by the name servers 209.44.8.1,
> 209.44.8.6 and 216.90.116.7 as additional records when I query for
type MX
> or A or whatever) without configuring my bind to perform a blanket
> rejection
> of all additional records from all domains? If I can do this, how is
it
> done?
>
> If I cannot prevent the "additional" NS records being added to my
cache,
> can
> I configure bind to dump them after they do not work? (It seems like
this
> would be a bind feature, but apparently it is not.)
>
> If not, any other suggestions, or am I way off target?
Given that your original assumption regarding their NS records is
probably wrong, I would look locally for some other problem...
>
>
> Thanks much,
> Christopher Davis
> Site Engineer
> ComputerJobs.com
More information about the bind-users
mailing list