com nameserver caching
Barry Margolin
barmar at alum.mit.edu
Sun Jun 22 02:37:09 UTC 2008
In article <g3k6ea$jm4$1 at sf1.isc.org>, rh <rhashemian at hotmail.com>
wrote:
> hi all,
> if you lookup www.1and1.com, most queries come back with:
> 217.160.226.203.
> but i started noticing that a couple of my dns servers were returning
> a wrong ip: 217.160.232.1
>
> after some digging, i noticed that the com namesavers actually have
> this RR cached like so:
> [~]$ dig +norec @h.GTLD-SERVERS.NET www.1and1.com
>
> ; <<>> DiG 9.2.4 <<>> +norec @h.GTLD-SERVERS.NET www.1and1.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29492
> ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.1and1.com. IN A
>
> ;; ANSWER SECTION:
> www.1and1.com. 172800 IN A 217.160.232.1
>
> ;; AUTHORITY SECTION:
> 1and1.com. 172800 IN NS ns27.1and1.com.
> 1and1.com. 172800 IN NS ns28.1and1.com.
>
> ;; ADDITIONAL SECTION:
> ns27.1and1.com. 172800 IN A 74.208.2.3
> ns28.1and1.com. 172800 IN A 74.208.3.3
>
> ---------------------------------------------------------------
>
> is this normal? i don't see any other RR's for major companies in
> these nameservers. i assume because of this the iterative query stops
> at this point and returns this bad ip without going further to the
> authoritative nameservers for 1and1.com.
That means this is a registered glue record, i.e. a hostname registered
as a nameserver for some domain.
It's a common DNS administrator mistake to re-IP these hosts but forget
to update the registration, resulting in inconsistencies like this.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list