Secondary nameserver not in record - possibly dumb question about this..

Thu Feb 22 18:51:07 UTC 2001

On Thu, 22 Feb 2001, Peter Rose wrote:

> A friend of mine has recently set up his own server on a fast home link
> with one IP.
> His ISP is responsible for the DNS and the two nameservers listed in
> Network Solutions registry are:
> 
> bambam.swlink.net
> dino.swlink.net
> 
> I ran dig on his domain (usscreen.com) querying both nameservers and got
> these results:
> 
> 
> [peter at server peter]$ dig @bambam.swlink.net usscreen.com any
> 
> ; <<>> DiG 8.3 <<>> @bambam.swlink.net usscreen.com any
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      usscreen.com, type = ANY, class = IN
> 
> ;; ANSWER SECTION:
> usscreen.com.           1D IN MX        10 mail.usscreen.com.
> usscreen.com.           1D IN MX        20 mail.usscreen.com.
> usscreen.com.           1D IN NS        bambam.swlink.net.
> usscreen.com.           1D IN SOA       usscreen.com.
> hostmaster.swlink.net. (
>                                         2000122701      ; serial
>                                         3H              ; refresh
>                                         1H              ; retry
>                                         1W              ; expiry
>                                         1D )            ; minimum
> 
> usscreen.com.           1D IN A         209.144.201.106
> 
> ;; AUTHORITY SECTION:
> usscreen.com.           1D IN NS        bambam.swlink.net.
> 
> ;; ADDITIONAL SECTION:
> mail.usscreen.com.      1D IN A         209.144.201.106
> bambam.swlink.net.      1D IN A         204.252.163.69
> 
> ;; Total query time: 178 msec
> ;; FROM: server to SERVER: bambam.swlink.net  204.252.163.69
> ;; WHEN: Thu Feb 22 16:57:16 2001
> ;; MSG SIZE  sent: 30  rcvd: 2
> 
> ==============================================
> Now, I know it's a mess (why have they got the same MX record for 10 and
> 20 preferences? Why do they have an A record for one of their machines
> in their?), but when I was trying to explain WHY it's a mess, I
> struggled a bit - after all, all his mail and web sites are working
> fine.
> The fact that there is only one nameserver shown in each record is
> obviously a no-no - but I realised I didn't fully understand why this
> is.
> Both dino and bambam obviously answer queries regarding usscreen.com,
> but does the absence of a record for dino in the files mean that if
> bambam goes down, dino can't answer?
> What I am trying to say is I guess I don't understand fully the process
> of information propagating around the internet.
> 
> I'm trying to tell my friend his ISP has apparently got it wrong, but I
> can't quite explain what the dire consequences are...
> 
> Any monosyllabic explanations welcome - or reference to the appropriate
> page in DNS and BIND in case I've overlookd it.
> 
> TIA
> 
> Peter Rose
> London UK

There we go,

When a resolver tries to resolve "mail.usscreen.com" it will
traverse the DNS-tree down from "." unto ".com.".

The ".com." nameserver tells the resolver, to get an authoritative answer
for usscreen.com, it needs to ask dino or bambam. Lets assume bambam is
dead, the resolver then asks dino. Dino says "authoritative" that the
authoritative nameserver for usscreen.com is "bambam", which is dead.
Badabing-Badaboom, usscreen.com is for this resolver. 

You can find this at chapter 9 "Good Parenting" page 218. More examples
there. Oh-yeah, "the guy" may want to upgrade dino and bambam.

Regards,

Roy Arends  
Nominum.