subdomain delegation -> bad referral
Mark_Andrews at iengines.com
Mark_Andrews at iengines.com
Fri Nov 26 00:57:37 UTC 1999
Do you have any forwarders listed in named.boot on cbnt1?
You did up the serial for combi.de and all the secondaries
for combi.de have caught up?
Mark
> Hi,
>
> I want to apologize right away: I MUST be missing s.th. really stupid
> here... The posting is longish, too, but I wanted to give all the
> relevant data.
>
> I run an internal name server cbnt1.combi.de (NT BIND 4.9.7) being
> master for domain combi.de. The master zone file contains the lines
>
> sub.combi.de. IN NS cbnt2
> cbnt2 IN A 192.168.0.4
>
> cbnt2 runs NT BIND 4.9.7, too. It's named.boot contains the line
>
> primary sub.combi.de db.sub.combi.de
>
> db.sub.combi.de reads
>
> @ SOA cbnt2.combi.de. postmaster.combi.de. (
> 1999112504
> 21600
> 3600
> 691200
> 86400 )
> IN NS cbnt2.combi.de.
>
> mail IN A 192.168.0.2
> www IN A 192.168.0.2
>
> I reloaded, later restarted both servers. DIGging cbnt2 yields:
>
> ; <<>> DiG 2.2 <<>> www.sub.combi.de @cbnt2
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr aa rd ra; Ques: 1, Ans: 1, Auth: 1, Addit: 1
> ;; QUESTIONS:
> ;; www.sub.combi.de, type = A, class = IN
>
> ;; ANSWERS:
> www.sub.combi.de. 86400 A 192.168.0.2
>
> ;; AUTHORITY RECORDS:
> sub.combi.de. 86400 NS cbnt2.combi.de.
>
> ;; ADDITIONAL RECORDS:
> cbnt2.combi.de. 3600 A 192.168.0.4
>
> ;; Total query time: 10 msec
> ;; FROM: dukat to SERVER: cbnt2 192.168.0.4
> ;; WHEN: Thu Nov 25 20:04:36 1999
> ;; MSG SIZE sent: 34 rcvd: 98
>
> i.e. cbnt2 does think it is authoritative for sub.combi.de.
Yes it does. AA is set in the flags.
> DIGging cbnt1 for sub.combi.de yields
>
> ; <<>> DiG 2.2 <<>> sub.combi.de @cbnt1 NS
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 0, Addit: 1
> ;; QUESTIONS:
> ;; sub.combi.de, type = NS, class = IN
>
> ;; ANSWERS:
> sub.combi.de. 3600 NS cbnt2.combi.de.
>
> ;; ADDITIONAL RECORDS:
> cbnt2.combi.de. 3600 A 192.168.0.4
>
> ;; Total query time: 10 msec
> ;; FROM: dukat to SERVER: cbnt1 192.168.0.2
> ;; WHEN: Thu Nov 25 20:11:33 1999
> ;; MSG SIZE sent: 30 rcvd: 74
>
> i.e. it does know that cbnt2 is authoritative for sub.combi.de. Alas,
> digging for an RR in that zone yields
>
> ; <<>> DiG 2.2 <<>> www.sub.combi.de @cbnt1
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
> ;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
> ;; QUESTIONS:
> ;; www.sub.combi.de, type = A, class = IN
>
> ;; AUTHORITY RECORDS:
> combi.de. 86400 SOA ns1.combi.de. postmaster.combi.de. (
> 1998121501 ; serial
> 21600 ; refresh (6 hours)
> 3600 ; retry (1 hour)
> 691200 ; expire (8 days)
> 86400 ) ; minimum (1 day)
>
> ;; Total query time: 12428 msec
> ;; FROM: dukat to SERVER: cbnt1 192.168.0.2
> ;; WHEN: Thu Nov 25 20:06:13 1999
> ;; MSG SIZE sent: 34 rcvd: 93
>
> i.e. it seems to think it is not authoritative and it logs a
>
> bad referral (combi.de !< sub.combi.de)
>
> What am I missing?
>
> Cheers,
> Ingo
>
>
>
>
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at iengines.com
More information about the bind-users
mailing list