DNS lookup issue
Brad Knowles
brad.knowles at skynet.be
Thu Aug 23 21:40:02 UTC 2001
At 2:56 PM -0500 8/23/01, Tariq Zawahir wrote:
> Have weird issue - from our DNS servers I cannot lookup
> www.backupcentral.com - I can do so from an external DNS server.
>
> When I go in to nslookup and set type=any - I can get info on
> backupcentral.com but not www.backupcentral.com - same issue
> for www.db.com and db.com.
Unfortunately, nslookup is not a good DNS debugging tool. Try
using "dig" instead. When I tried dig on both www.backupcentral.com
and the backupcentral.com domain itself, I got a "connection timed
out; no servers could be reached" error on one occasion, but not the
others. This may point to a network congestion problem, especially
between your servers and theirs.
I checked out the backupcentral.com zone with the DNS debugging
tools "doc" and "dnswalk", and found no problems. However, I did
confirm that the nameservers ns.jrc-hosting.com and
ns2.jrc-hosting.com appear to be open caching and recursive
nameservers for the world, which means that they are subject to cache
poisoning attacks.
I have blind-carbon-copied the addresses of the administrative
and technical contacts for this domain, to alert them of the problem
and hopefully they will be able to address these issues soon and get
them fixed.
I have also checked out this domain using DNS Expert Professional
1.6 from Men & Mice (see
<http://www.menandmice.com/2000/2100_dns_expert.html>), and found
only the following warnings:
DNS Expert
Detailed Report for backupcentral.com.
8/23/01, 11:37 PM, using the analysis setting "Everything"
======================================================================
Information
----------------------------------------------------------------------
Serial number: 200108219
Primary name server: ns.jrc-hosting.com.
Primary mail server: mail.backupcentral.com.
Number of records: N/A
Errors
----------------------------------------------------------------------
No errors
Warnings
----------------------------------------------------------------------
o The name server "ns.jrc-hosting.com." does not permit zone transfers
The name server "ns.jrc-hosting.com." has been configured to
reject unauthorized zone transfers and the application will not
be able to use data from this server while analyzing the zone.
o The name server "ns2.jrc-hosting.com." does not permit zone
transfers
The name server "ns2.jrc-hosting.com." has been configured to
reject unauthorized zone transfers and the application will not
be able to use data from this server while analyzing the zone.
o Zone transfer from authoritative servers not possible
It was not possible to perform a zone transfer from any of the
authoritative name servers for the zone. This will limit the
range of tests performed for the zone.
o The Minimum TTL field in the SOA record contains an unusually low
value
The value 600 of the Minimum field in the SOA record is unusually
low. The value for this field should be within the range 3600 -
172800.
o The zone contains more than one A record with the address
208.56.35.151
There is more than one A record in the zone with the IP address
208.56.35.151.
o There is only one MX record in the zone
The zone contains only one MX record. This will cause mail
delivery problems if the primary mail server becomes unavailable.
For safety purposes, there should be two or more mail servers
for every zone, the extra mail servers being used as backup
(secondary) servers for the primary server.
----------------------------------------------------------------------
end of report
None of these are anything to be too much concerned about,
although they may want to set up a secondary MX, in case the primary
server goes down.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list