Bind 9.4.2 and unit5.org
Kevin Darcy
kcd at chrysler.com
Thu May 15 05:43:16 UTC 2008
Hmmm... I must admit I'm a little confused about this myself. It seems
like 4 of the 6 TLD servers for .org do *not* provide the glue record
for ns.unit5.org when (non-recursively) queried directly for it. But
that glue record should be present in the parent zone, right? So why
wouldn't they answer with it?
Thus, hypothetically, if a caching resolver were to expire the
ns.unit5.org A record while still having the unit5.org NS records in
cache, it might work its way back up the tree, but then get 4 "bad"
responses (referrals that it can't use) consecutively, rather than the
glue record that it needs. I'm thinking this might be egregious enough
for it to give up with SERVFAIL.
Is this normal for .org? As a commercial enterprise, we don't have many
domains in .org, so I'm not terribly familiar with their standards and
practices.
- Kevin
Fr34k wrote:
> Hello,
> I have an interesting issue and I am hoping someone can explain to me why BIND is behaving the way it is.
> There is a domain unit5.org with two NS according to WHOIS
> >From WHOIS:
> Name Server:NS.UNIT5.ORG
> Name Server:NS2.UNIT5.ORG
> Domain servers in listed order:
> NS.UNIT5.ORG 207.63.250.13
> NS2.UNIT5.ORG 207.63.250.12
>
> One NS is NOT responsive = ns2.unit5.org
> Shouldn't the other NS be able to support any/all queries for this domain?
> If so, I'm not having any luck with queries reaching ns.unit5.org with BIND 9.4.2:
> $ host -a unit5.org
> Trying "unit5.org"
> Host unit5.org not found: 2(SERVFAIL)
> Received 27 bytes from BIND942SERVER#53 in 1 ms
>
> $ host -a unit5.org NS.UNIT5.ORG
> Trying "unit5.org"
> host: Couldn't find server 'NS.UNIT5.ORG': Temporary failure in name resolution
>
> However, when I use the IP address of ns.unit5.org, I can get a response:
> $ host -a unit5.org 207.63.250.13
> Trying "unit5.org"
> Using domain server:
> Name: 207.63.250.13
> Address: 207.63.250.13#53
> Aliases:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48610
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
> ;; QUESTION SECTION:
> ;unit5.org. IN ANY
> ;; ANSWER SECTION:
> unit5.org. 43200 IN SOA ns.unit5.org. spam.unit5.org. 20070335 3600 900 1209600 43200
> unit5.org. 43200 IN MX 10 spammail.unit5.org.
> unit5.org. 43200 IN MX 200 mail.unit5.org.
> unit5.org. 43200 IN NS ns.unit5.org.
> ;; ADDITIONAL SECTION:
> spammail.unit5.org. 43200 IN A 207.63.250.10
> mail.unit5.org. 43200 IN A 207.63.250.6
> ns.unit5.org. 43200 IN A 207.63.250.13
> Received 179 bytes from 207.63.250.13#53 in 40 ms
>
> Other DNS servers on the Internet are dealing with unit5.org's current configuration.
> Thoughts?
>
>
>
>
More information about the bind-users
mailing list