inconsistent answer ?
Mike Tancsa
mike at sentex.net
Tue Jun 3 18:43:02 UTC 2008
Hi,
I am trying to understand BIND's interaction with a
seemingly misconfigured server. A few customers called in asking why
they could not periodically get to www.tigerdirect.ca.
It seems to be a MS server and is letting a full transfer of the 2
zones, so we see
dig axfr @69.42.101.231 tigerdirect.ca
; <<>> DiG 9.3.4-P1 <<>> axfr @69.42.101.231 tigerdirect.ca
; (1 server found)
;; global options: printcmd
tigerdirect.ca. 600 IN SOA
ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 24 3600 600 604800 600
tigerdirect.ca. 600 IN TXT "v=spf1
ip4:206.191.131.0/24 mx -all"
tigerdirect.ca. 600 IN MX 10 mail.highspeedbackbone.net.
tigerdirect.ca. 600 IN NS ns01.highspeedbackbone.net.
tigerdirect.ca. 600 IN NS ns02.highspeedbackbone.net.
tigerdirect.ca. 600 IN A 206.191.131.49
comp.tigerdirect.ca. 600 IN CNAME web140.highspeedbackbone.net.
help.tigerdirect.ca. 600 IN NS ns01.highspeedbackbone.net.
help.tigerdirect.ca. 600 IN NS ns02.highspeedbackbone.net.
images.tigerdirect.ca. 600 IN CNAME
images.tigerdirect.ca.edgesuite.net.
media.tigerdirect.ca. 600 IN CNAME web140.highspeedbackbone.net.
origin-images.tigerdirect.ca. 600 IN CNAME web140.highspeedbackbone.net.
static.tigerdirect.ca. 600 IN CNAME web140.highspeedbackbone.net.
www.tigerdirect.ca. 600 IN CNAME web60.highspeedbackbone.net.
tigerdirect.ca. 600 IN SOA
ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 24 3600 600 604800 600
;; Query time: 101 msec
;; SERVER: 69.42.101.231#53(69.42.101.231)
;; WHEN: Tue Jun 3 14:31:31 2008
;; XFR size: 15 records (messages 15)
dig axfr @69.42.101.231 highspeedbackbone.net
; <<>> DiG 9.3.4-P1 <<>> axfr @69.42.101.231 highspeedbackbone.net
; (1 server found)
;; global options: printcmd
highspeedbackbone.net. 600 IN SOA
ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 76 3600 600 604800 600
highspeedbackbone.net. 600 IN TXT "v=spf1
ip4:206.191.131.0/24 mx -all"
highspeedbackbone.net. 600 IN NS ns01.highspeedbackbone.net.
highspeedbackbone.net. 600 IN NS ns02.highspeedbackbone.net.
click.highspeedbackbone.net. 600 IN A 206.191.131.125
ftps.highspeedbackbone.net. 600 IN A 69.42.102.34
mail01.highspeedbackbone.net. 600 IN A 206.191.131.100
mail02.highspeedbackbone.net. 600 IN A 206.191.131.101
ns01.highspeedbackbone.net. 600 IN A 69.42.101.231
ns02.highspeedbackbone.net. 600 IN A 69.42.101.232
promo.highspeedbackbone.net. 600 IN A 206.191.131.124
sslvpn.highspeedbackbone.net. 600 IN A 69.42.103.6
van01.highspeedbackbone.net. 600 IN A 69.42.102.121
vpn.highspeedbackbone.net. 600 IN A 69.42.103.13
vpn2.highspeedbackbone.net. 600 IN A 69.42.103.14
web50.highspeedbackbone.net. 600 IN NS ns01.highspeedbackbone.net.
highspeedbackbone.net. 600 IN SOA
ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 76 3600 600 604800 600
;; Query time: 102 msec
;; SERVER: 69.42.101.231#53(69.42.101.231)
;; WHEN: Tue Jun 3 14:15:13 2008
;; XFR size: 17 records (messages 17)
So, www.tigerdirect.ca is a CNAME for web60.highspeedbackbone.net,
which according to the axfer, does not exist.
But, using host, I get strange initial results
[auth2]# host www.tigerdirect.ca
www.tigerdirect.ca is an alias for web60.highspeedbackbone.net.
web60.highspeedbackbone.net has address 206.191.131.51
Host web60.highspeedbackbone.net not found: 3(NXDOMAIN)
Host web60.highspeedbackbone.net not found: 3(NXDOMAIN)
[auth2]# host www.tigerdirect.ca
Host www.tigerdirect.ca not found: 3(NXDOMAIN)
[auth2]#
Why do I get a response initially, and not on subsequent queries
? Is it because the authoritative name server is giving a cached
non-authoritative response ? Should not host regardless give the same answer ?
Using dig, I see
[auth2]# dig www.tigerdirect.ca
; <<>> DiG 9.3.4-P1 <<>> www.tigerdirect.ca
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58136
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.tigerdirect.ca. IN A
;; ANSWER SECTION:
www.tigerdirect.ca. 600 IN CNAME web60.highspeedbackbone.net.
web60.highspeedbackbone.net. 20 IN A 206.191.131.51
;; AUTHORITY SECTION:
highspeedbackbone.net. 549 IN NS ns02.highspeedbackbone.net.
highspeedbackbone.net. 549 IN NS ns01.highspeedbackbone.net.
;; ADDITIONAL SECTION:
ns01.highspeedbackbone.net. 166602 IN A 69.42.101.231
ns02.highspeedbackbone.net. 167305 IN A 69.42.101.232
;; Query time: 101 msec
;; SERVER: 205.211.164.51#53(205.211.164.51)
;; WHEN: Tue Jun 3 14:38:51 2008
;; MSG SIZE rcvd: 163
[auth2]#
[auth2]# dig @ns01.highspeedbackbone.net web60.highspeedbackbone.net
; <<>> DiG 9.3.4-P1 <<>> @ns01.highspeedbackbone.net
web60.highspeedbackbone.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32182
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;web60.highspeedbackbone.net. IN A
;; ANSWER SECTION:
web60.highspeedbackbone.net. 20 IN A 206.191.131.51
;; Query time: 52 msec
;; SERVER: 69.42.101.231#53(69.42.101.231)
;; WHEN: Tue Jun 3 14:39:38 2008
;; MSG SIZE rcvd: 61
[auth2]#
[auth2]# dig @ns02.highspeedbackbone.net web60.highspeedbackbone.net
; <<>> DiG 9.3.4-P1 <<>> @ns02.highspeedbackbone.net
web60.highspeedbackbone.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55930
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;web60.highspeedbackbone.net. IN A
;; ANSWER SECTION:
web60.highspeedbackbone.net. 20 IN A 206.191.131.51
;; Query time: 52 msec
;; SERVER: 69.42.101.232#53(69.42.101.232)
;; WHEN: Tue Jun 3 14:39:54 2008
;; MSG SIZE rcvd: 61
[auth2]#
I am using the stock BIND on FreeBSD RELENG_6 and FreeBSD RELENG_7
and both show the same behavior. Doing a tcpdump, I see the
following raw responses.
tcpdump -xX -s0 -vni bge0 host 69.42.101.231 or host 69.42.101.232
tcpdump: listening on bge0, link-type EN10MB (Ethernet), capture size
65535 bytes
14:35:49.021797 IP (tos 0x0, ttl 64, id 32432, offset 0, flags
[none], proto: UDP (17), length: 64) 205.211.164.51.53743 >
69.42.101.232.53: 37954 A? www.tigerdirect.ca. (36)
0x0000: 4500 0040 7eb0 0000 4011 dee3 cdd3 a433 E..@~... at ......3
0x0010: 452a 65e8 d1ef 0035 002c 892f 9442 0000 E*e....5.,./.B..
0x0020: 0001 0000 0000 0000 0377 7777 0b74 6967 .........www.tig
0x0030: 6572 6469 7265 6374 0263 6100 0001 0001 erdirect.ca.....
14:35:49.072965 IP (tos 0x0, ttl 53, id 54410, offset 0, flags [DF],
proto: UDP (17), length: 152) 69.42.101.232.53 >
205.211.164.51.53743: 37954 NXDomain* 1/1/0 www.tigerdirect.ca.
CNAME web60.highspeedbackbone.net. (124)
0x0000: 4500 0098 d48a 4000 3511 53b1 452a 65e8 E..... at .5.S.E*e.
0x0010: cdd3 a433 0035 d1ef 0084 ef2c 9442 8483 ...3.5.....,.B..
0x0020: 0001 0001 0001 0000 0377 7777 0b74 6967 .........www.tig
0x0030: 6572 6469 7265 6374 0263 6100 0001 0001 erdirect.ca.....
0x0040: c00c 0005 0001 0000 0258 001d 0577 6562 .........X...web
0x0050: 3630 1168 6967 6873 7065 6564 6261 636b 60.highspeedback
0x0060: 626f 6e65 036e 6574 00c0 3600 0600 0100 bone.net..6.....
0x0070: 0002 5800 2304 6e73 3031 c036 0561 646d ..X.#.ns01.6.adm
0x0080: 696e c036 0000 004c 0000 0e10 0000 0258 in.6...L.......X
0x0090: 0009 3a80 0000 0258 ..:....X
14:35:49.073103 IP (tos 0x0, ttl 64, id 32445, offset 0, flags
[none], proto: UDP (17), length: 73) 205.211.164.51.53743 >
69.42.101.231.53: 578 A? web60.highspeedbackbone.net. (45)
0x0000: 4500 0049 7ebd 0000 4011 dece cdd3 a433 E..I~... at ......3
0x0010: 452a 65e7 d1ef 0035 0035 b269 0242 0000 E*e....5.5.i.B..
0x0020: 0001 0000 0000 0000 0577 6562 3630 1168 .........web60.h
0x0030: 6967 6873 7065 6564 6261 636b 626f 6e65 ighspeedbackbone
0x0040: 036e 6574 0000 0100 01 .net.....
14:35:49.123297 IP (tos 0x0, ttl 52, id 23015, offset 0, flags [DF],
proto: UDP (17), length: 89) 69.42.101.231.53 >
205.211.164.51.53743: 578*- 1/0/0 web60.highspeedbackbone.net. A
206.191.131.51 (61)
0x0000: 4500 0059 59e7 4000 3411 cf94 452a 65e7 E..YY. at .4...E*e.
0x0010: cdd3 a433 0035 d1ef 0045 1436 0242 8400 ...3.5...E.6.B..
0x0020: 0001 0001 0000 0000 0577 6562 3630 1168 .........web60.h
0x0030: 6967 6873 7065 6564 6261 636b 626f 6e65 ighspeedbackbone
0x0040: 036e 6574 0000 0100 01c0 0c00 0100 0100 .net............
0x0050: 0000 1400 04ce bf83 33 ........3
14:35:49.123908 IP (tos 0x0, ttl 64, id 32457, offset 0, flags
[none], proto: UDP (17), length: 73) 205.211.164.51.53743 >
69.42.101.232.53: 34516 AAAA? web60.highspeedbackbone.net. (45)
0x0000: 4500 0049 7ec9 0000 4011 dec1 cdd3 a433 E..I~... at ......3
0x0010: 452a 65e8 d1ef 0035 0035 12d6 86d4 0000 E*e....5.5......
0x0020: 0001 0000 0000 0000 0577 6562 3630 1168 .........web60.h
0x0030: 6967 6873 7065 6564 6261 636b 626f 6e65 ighspeedbackbone
0x0040: 036e 6574 0000 1c00 01 .net.....
14:35:49.174369 IP (tos 0x0, ttl 53, id 54473, offset 0, flags [DF],
proto: UDP (17), length: 141) 69.42.101.232.53 >
205.211.164.51.53743: 34516 NXDomain* 0/1/0 (113)
0x0000: 4500 008d d4c9 4000 3511 537d 452a 65e8 E..... at .5.S}E*e.
0x0010: cdd3 a433 0035 d1ef 0079 244f 86d4 8483 ...3.5...y$O....
0x0020: 0001 0000 0001 0000 0577 6562 3630 1168 .........web60.h
0x0030: 6967 6873 7065 6564 6261 636b 626f 6e65 ighspeedbackbone
0x0040: 036e 6574 0000 1c00 0111 6869 6768 7370 .net......highsp
0x0050: 6565 6462 6163 6b62 6f6e 6503 6e65 7400 eedbackbone.net.
0x0060: 0006 0001 0000 0258 0023 046e 7330 31c0 .......X.#.ns01.
0x0070: 2d05 6164 6d69 6ec0 2d00 0000 4c00 000e -.admin.-...L...
0x0080: 1000 0002 5800 093a 8000 0002 58 ....X..:....X
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the bind-users
mailing list