Lame Delegation woes

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Tue Apr 24 00:00:25 UTC 2001 

	Firstly, upgrade.
	http://www.isc.org/products/BIND/bind-security.html

	Secondly, read the messages named has logged (via syslog)
	when it loaded the zone and fix the errors reported. 
	http://www.acmebw.com/askmrdns/bind-messages.htm

	Mark

> Hi all,
> 
> For the past week or so, I've been trying to resolve a lame delegation
> problem affecting a domain I administer: fisita.com.  The domain runs on
> a dedicated server, running the nameserver ns.fisita.com.  However:
> 
>    $ nslookup -q=any fisita.com. NS.fisita.com        
>    Server:  ns.fisita.com
>    Address:  212.67.198.149
>    
>    Non-authoritative answer:
>    fisita.com      internet address = 212.67.198.149
>    fisita.com      preference = 5, mail exchanger = mail.fisita.com
>    fisita.com      nameserver = ns.fisita.com
>    fisita.com      nameserver = ns2.fisita.com
>    fisita.com
>            origin = ns.fisita.com
>            mail addr = hostmaster.fisita.com
>            serial = 10803
>            refresh = 10800 (3 hours)
>            retry   = 3600 (1 hour)
>            expire  = 604800 (7 days)
>            minimum ttl = 86400 (1 day)
>    
>    Authoritative answers can be found from:
>    mail.fisita.com internet address = 212.67.198.149
>    ns.fisita.com   internet address = 212.67.198.149
>    ns2.fisita.com  internet address = 212.67.198.150
> 
> ns.fisita.com seems to be responding non-authoritatively, but is pointing
> people back to itself for the authoritative answer!
> 
> I've been talking with the helpdesk at the ISP which supplied the
> dedicated server to try to get some clues as to why this might be
> happening -- the config files appear to be correct to me, but I'm new at
> this and am evidently missing something.  They have responded to the
> effect that I'm getting the non-authoritative answer merely because "the
> domain is already in your [ns.fisita.com's] cache".
> 
> This strikes me as fudging the issue, but I'd be happy to concede that
> I'm wrong, and that DNS for the domain is actually OK.  Any help from the
> good folk on this newsgroup to establish what the situation really is
> would be greatly appreciated (especially any tips on how to fix it if it
> is indeed lame).
> 
> I'd be happy to post named.conf, named.fisita.com and named.212.67.198 to
> the newsgroup if they'd help identify the problem (and wouldn't open up
> gaping security holes for me).
> 
> 
> Many thanks,
> Andrew.
> 
> -- 
> Andrew Green
> Article Seven: Automatic Internet
> andrew at article7.co.uk -- http://www.article7.co.uk/
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list