Troubles with bind resolving zip4.usps.com
spork.sporkman at gmail.com
spork.sporkman at gmail.com
Wed Aug 3 23:29:32 UTC 2005
This one's got me stumped. I've had no problems resolving this on
boxes that run dnscache locally, but my bind boxes are giving me no
answers, nothing in the logs.
BIND version 9.2.3rc4
Both FreeBSD 4.x and Linux 2.4.x
This is a subdomain delegated by the usps.com nameservers. Here's what
dig tells me:
root at nameserver[~]# dig @d.gtld-servers.net usps.com
; <<>> DiG 8.3 <<>> @d.gtld-servers.net usps.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; usps.com, type = A, class = IN
;; AUTHORITY SECTION:
usps.com. 2D IN NS dns082.usps.com.
usps.com. 2D IN NS dns100.usps.com.
usps.com. 2D IN NS dns141.usps.com.
;; ADDITIONAL SECTION:
dns082.usps.com. 2D IN A 56.0.82.25
dns100.usps.com. 2D IN A 56.0.100.25
dns141.usps.com. 2D IN A 56.0.141.25
;; Total query time: 41 msec
;; FROM: nameserver.xxx.net to SERVER: d.gtld-servers.net 192.31.80.30
;; WHEN: Wed Aug 3 19:25:23 2005
;; MSG SIZE sent: 26 rcvd: 137
So I'll then ask those DNS servers about "zip4.usps.com":
root at nameserver[~]# dig @56.0.82.25 zip4.usps.com
; <<>> DiG 8.3 <<>> @56.0.82.25 zip4.usps.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; zip4.usps.com, type = A, class = IN
;; AUTHORITY SECTION:
zip4.usps.com. 1H IN NS nseag.usps.com.
zip4.usps.com. 1H IN NS nssam.usps.com.
;; ADDITIONAL SECTION:
nseag.usps.com. 1H IN A 56.0.133.232
nssam.usps.com. 1H IN A 56.0.65.232
;; Total query time: 81 msec
;; FROM: nameserver.xxx.net to SERVER: 56.0.82.25 56.0.82.25
;; WHEN: Wed Aug 3 19:26:09 2005
;; MSG SIZE sent: 31 rcvd: 103
I get directed to two other nameservers that are authoritative for
"zip4.usps.com", so I'll ask them:
root at nameserver[~]# dig @56.0.133.232 zip4.usps.com
; <<>> DiG 8.3 <<>> @56.0.133.232 zip4.usps.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; zip4.usps.com, type = A, class = IN
;; ANSWER SECTION:
zip4.usps.com. 15M IN A 56.0.134.62
;; Total query time: 37 msec
;; FROM: nameserver.xxx.net to SERVER: 56.0.133.232 56.0.133.232
;; WHEN: Wed Aug 3 19:27:18 2005
;; MSG SIZE sent: 31 rcvd: 47
So I do eventually get the answer, but not if I query our own name
servers directly. I have killed and restarted both in case there's
something bad in the cache, but it still does not work.
What am I missing here?
Thanks,
Charles
More information about the bind-users
mailing list