facebook.com delegation
Chris Buxton
cbuxton at menandmice.com
Tue Nov 27 21:29:05 UTC 2007
It appears that the load balancers that are authoritative for these
two zones do not return NS records when answering the queries. In
fact, if asked for such NS records, they give a negative answer.
Delegation of these zones, however, looks perfectly normal.
While this is a little weird, and may break the rules a bit, there's
no problem that it's likely to cause unless a resolving name server
tries to verify the delegation records. I can see why a software
designer creating a load balancer might not think there would be any
problem here.
Testing with my vanilla install of BIND 9.4.1-P1, there is no problem.
If I ask once for www.facebook.com, the records are retrieved, and I
see:
;; QUESTION SECTION:
;www.facebook.com. IN A
;; ANSWER SECTION:
www.facebook.com. 30 IN A 69.63.176.11
;; AUTHORITY SECTION:
www.facebook.com. 900 IN NS glb01.sctm.tfbnw.net.
www.facebook.com. 900 IN NS glb01.sf2p.tfbnw.net.
;; ADDITIONAL SECTION:
glb01.sctm.tfbnw.net. 7200 IN A 204.15.20.101
glb01.sf2p.tfbnw.net. 7200 IN A 69.63.176.101
Further requests are answered with the same records, from cache. named
has not asked the load balancers for the zone's authoritative NS
records, instead relying on the cached delegation records. In fact, if
I ask it to look up the zone's NS records, it returns SERVFAIL, and
does not cache the bogus nxrrset response from the authoritative
servers.
What name server software are you using for recursion? Are you
forwarding or recursing? If forwarding, what is the ultimate recursion
server?
Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbuxton at menandmice.com
www.menandmice.com
Men & Mice
We bring control and flexibility to network management
This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to which
it is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any retention, dissemination,
distribution or copy of this e-mail is strictly prohibited. If you
have received this e-mail in error, please notify us immediately by
reply e-mail and immediately delete this message and all its attachment.
On Nov 27, 2007, at 12:44 PM, Jeff Wark wrote:
> We are currently having some difficulty resolving facebook.com.
> Restarts of our nameservers solve the problem for a short time,
> but it crops up again.
>
> It seems that 'www.facebook.com' and 'login.facebook.com' are
> delegated zones and the delegation is not set up correctly. The
> name servers for 'www.facebook.com' and 'login.facebook.com' do not
> return NS records. Perhaps I am checking something
> incorrectly, its been a long day.
>
> Can anyone confirm or deny these delegation problems? If confirmed,
> what kind of problems could be expected?
>
> Thank for taking a look.
>
> Jeff Wark
> TBayTel Internet
>
>
More information about the bind-users
mailing list