DNS lookup issue

Brad Knowles brad.knowles at skynet.be
Thu Aug 23 21:40:02 UTC 2001 

At 2:56 PM -0500 8/23/01, Tariq Zawahir wrote:

>  Have weird issue - from our DNS servers I cannot lookup
>  www.backupcentral.com - I can do so from an external DNS server.
>
>  When I go in to nslookup and set type=any - I can get info on
>  backupcentral.com but not www.backupcentral.com - same issue
>  for www.db.com and db.com.

	Unfortunately, nslookup is not a good DNS debugging tool.  Try 
using "dig" instead.  When I tried dig on both www.backupcentral.com 
and the backupcentral.com domain itself, I got a "connection timed 
out; no servers could be reached" error on one occasion, but not the 
others.  This may point to a network congestion problem, especially 
between your servers and theirs.


	I checked out the backupcentral.com zone with the DNS debugging 
tools "doc" and "dnswalk", and found no problems.  However, I did 
confirm that the nameservers ns.jrc-hosting.com and 
ns2.jrc-hosting.com appear to be open caching and recursive 
nameservers for the world, which means that they are subject to cache 
poisoning attacks.

	I have blind-carbon-copied the addresses of the administrative 
and technical contacts for this domain, to alert them of the problem 
and hopefully they will be able to address these issues soon and get 
them fixed.


	I have also checked out this domain using DNS Expert Professional 
1.6 from Men & Mice (see 
<http://www.menandmice.com/2000/2100_dns_expert.html>), and found 
only the following warnings:

                               DNS Expert
                 Detailed Report for backupcentral.com.
       8/23/01, 11:37 PM, using the analysis setting "Everything"
======================================================================

Information
----------------------------------------------------------------------
Serial number:           200108219
Primary name server:     ns.jrc-hosting.com.
Primary mail server:     mail.backupcentral.com.
Number of records:       N/A

Errors
----------------------------------------------------------------------
No errors

Warnings
----------------------------------------------------------------------
o The name server "ns.jrc-hosting.com." does not permit zone transfers
     The name server "ns.jrc-hosting.com." has been configured to
     reject unauthorized zone transfers and the application will not
     be able to use data from this server while analyzing the zone.

o The name server "ns2.jrc-hosting.com." does not permit zone
   transfers
     The name server "ns2.jrc-hosting.com." has been configured to
     reject unauthorized zone transfers and the application will not
     be able to use data from this server while analyzing the zone.

o Zone transfer from authoritative servers not possible
     It was not possible to perform a zone transfer from any of the
     authoritative name servers for the zone.  This will limit the
     range of tests performed for the zone.

o The Minimum TTL field in the SOA record contains an unusually low
   value
     The value 600 of the Minimum field in the SOA record is unusually
     low.  The value for this field should be within the range 3600 -
     172800.

o The zone contains more than one A record with the address
   208.56.35.151
     There is more than one A record in the zone with the IP address
     208.56.35.151.

o There is only one MX record in the zone
     The zone contains only one MX record.  This will cause mail
     delivery problems if the primary mail server becomes unavailable.
      For safety purposes, there should be two or more mail servers
     for every zone, the extra mail servers being used as backup
     (secondary) servers for the primary server.

----------------------------------------------------------------------
end of report


	None of these are anything to be too much concerned about, 
although they may want to set up a secondary MX, in case the primary 
server goes down.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA

More information about the bind-users mailing list