ns_resp: query(www.bonnellandson.com)

Tue Jun 15 16:29:50 UTC 1999

>>>>> "Dana" == Nyborg, Dana <dana.nyborg at nbtel.nb.ca> writes:

    Dana> Jun 15 00:05:22 opal named[20584]: ns_resp: query(www.bonnellandson.com) contains our address (OPAL.NBNET.NB.CA:198.164.30.2) learnt (A=nbnet.nb.ca:NS=195.8.99.11)

    Dana> The question is; Where are these queries initiated from?
    Dana> Are the roots / Internic checking to see if the zone files
    Dana> have been setup and that there are valid SOAs?

First of all, thanks for providing the complete, unedited error
message. This makes it easy to help explain the problem.

Your name server opal made a lookup for www.bonnellandson.com. It got
an answer from the name server at 195.8.99.11. That answer contained
information about your name server. This shouldn't happen so your name
server is understandably rather upset about it. When a name server
gets answers which refer to itself, it sometimes means something's
trying to pollute name server caches through a DNS spoofing attack.
This isn't the case this time.

If you lookup the NS records for bonnellandson.com on the Internet, it
returns the following NS records:

	bonnellandson.com.      172800  NS      OPAL.NBNET.NB.CA.
	bonnellandson.com.      172800  NS      ONYX.NBNET.NB.CA.

So what we have here is a bad referral and/or lame delegation. The
name server k.gtld-servers.net - a name server for the .com domain -
is saying your server opal is authoritative for the bonnellandson.com
domain. However opal isn't answering for that domain: it was sending
the queries about bonnellandson.com to k.gtld-servers.net.

I've just queried opal's name server. It answers for this domain, but
non-authoritatively. It seems to have cached the NS records for
bonnellandson.com that were returned in some answer it got from the
name server on k.gtld-servers.net. Your name server and theirs are in
disagreement about this domain. Either your name server is
misconfigured (it should hold the bonnellandson.com domain) or else
the NS records for bonnellandson.com in the .com zone need to be
changed.

The root name servers and NIC registries don't really check anything
more than syntax for valid hostnames and IP addresses. If you tell
them lies about where name servers are located for some domain,
they'll quite happily put those those lies into their zone files.
Their name servers will just load these files and hand out your lies
whenever they get queries for that domain.

FYI, it's probably impossible for the owners of .com to probe every NS
record for every one of the bazillion .com domains and check that they
are telling the truth. And even if they could do that, getting the
world to fix its broken name servers is an even bigger problem.