epza.gov.tw. MX
Chuck Swiger
cswiger at mac.com
Mon Aug 8 20:31:38 UTC 2011
Hi--
On Aug 8, 2011, at 1:15 PM, Mark K. Pettit wrote:
> My resolvers, running BIND 9.7.3P3, are having a difficult time resolving the MX record for the zone "epza.gov.tw.".
[ ... ]
> But if I query any of [abc].twnic.net.tw. directly for the IP address of dns.epza.gov.tw, I get an answer. Example:
[ ... ]
> It appears to me that BIND is seeing this response, and then ignoring the IP in the Additional section.
>
> Any idea why this might be happening?
The trace I get here shows:
;; Received 191 bytes from 211.79.207.26#53(e.dns.tw) in 221 ms
epza.gov.tw. 43200 IN NS dns.epza.gov.tw.
;; Received 63 bytes from 168.95.192.10#53(c.twnic.net.tw) in 213 ms
dig: couldn't get address for 'dns.epza.gov.tw': not found
It looks like Google's public nameservers chase a CNAME when you ask for an A record, but I thought nameservers listed in NS records should have a corresponding A record and _not_ a CNAME. Compare versus the level-3 nameservers, which get a SERVFAIL:
% dig dns.epza.gov.tw @8.8.8.8
; <<>> DiG 9.6.0-APPLE-P2 <<>> dns.epza.gov.tw @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40236
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dns.epza.gov.tw. IN A
;; ANSWER SECTION:
dns.epza.gov.tw. 3600 IN CNAME ns.epza.gov.tw.
ns.epza.gov.tw. 3600 IN A 163.29.43.1
;; Query time: 439 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Aug 8 16:25:36 2011
;; MSG SIZE rcvd: 66
% dig dns.epza.gov.tw @4.2.2.1
; <<>> DiG 9.6.0-APPLE-P2 <<>> dns.epza.gov.tw @4.2.2.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dns.epza.gov.tw. IN A
;; Query time: 11 msec
;; SERVER: 4.2.2.1#53(4.2.2.1)
;; WHEN: Mon Aug 8 16:29:37 2011
;; MSG SIZE rcvd: 33
Regards,
--
-Chuck
More information about the bind-users
mailing list