Problem resolving domains with valid GLUE records but misconfigured NS records
Gilbert Cassar
gcassar at um.edu.mt
Tue Mar 16 16:08:44 UTC 2010
Hi,
We have a recurring problem with recursive domain resolution using a
bind 9.6 caching server. An example of such a zone is ecb.eu. The
problem seems due to a misconfiguration on their side where all the
(supposedly authorative) NS records listed in their zone file do not
answer requests to resolve ecb.eu hosts. This prevents us from resolving
anything under the domain after that the NS records are cached (the
first query goes through as the GLUE record seems to work). The
interesting thing is that it works fine if we try to resolve the domain
using either Windows DNS or using Google open DNS service.
Since a number of sites seem to have this type of problems we would like
to be able to resolve them as well. Any idea of how can we configure to
be able to circumvent this problem?
Please find below some digs I did to diagnose the problem.
Regards and Thanks
Gilbert
University of Malta
----
Asking the EU servers
root at wenzu:~/bind-9.7.0# dig ns ecb.eu @a.nic.eu
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58355
;; AUTHORITY SECTION:
ecb.eu. 86400 IN NS ns1.ecb.int.
Checking for the NS records ...
root at wenzu:~/bind-9.7.0# dig ns ecb.eu @ns1.ecb.int.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3891
;; ANSWER SECTION:
ecb.eu. 86400 IN NS ns1.de.colt.net.
ecb.eu. 86400 IN NS ns0.de.colt.net.
ecb.eu. 86400 IN NS auth02.ns.de.uu.net.
ecb.eu. 86400 IN NS auth52.ns.de.uu.net.
Asking their NS Servers:
root at wenzu:~/bind-9.7.0# dig ns ecb.eu @auth02.ns.de.uu.net
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 27397
----
More information about the bind-users
mailing list