Bogus A record somewhere

Adam Augustine adam_augustine at morinda.com
Mon Jul 16 18:39:51 UTC 2001 

I am troubleshooting an issue with a domain "troiless.com".

The servers that are (should be?) authoritative for the domain
(ns1.zoneedit.com, and ns5.zoneedit.com) have an A record for
"sphinx.troiless.com" which points to "207.88.76.3":

[adama at cinder adama]$ dig @ns1.zoneedit.com sphinx.troiless.com

; <<>> DiG 8.3 <<>> @ns1.zoneedit.com sphinx.troiless.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      sphinx.troiless.com, type = A, class = IN

;; ANSWER SECTION:
sphinx.troiless.com.    1H IN A         207.88.76.3

;; AUTHORITY SECTION:
troiless.com.           1H IN NS        ns1.zoneedit.com.
troiless.com.           1H IN NS        ns5.zoneedit.com.

;; ADDITIONAL SECTION:
ns1.zoneedit.com.       4H IN A         207.228.252.101
ns5.zoneedit.com.       4H IN A         209.81.71.59

;; Total query time: 273 msec
;; FROM: cinder.morinda.com to SERVER: ns1.zoneedit.com  207.228.252.101
;; WHEN: Mon Jul 16 11:23:53 2001
;; MSG SIZE  sent: 37  rcvd: 130



However, when we look it up on machines that are not authoritative and don't
have anything for the troiless.com zone in cache, we get the following:

[adama at cinder adama]$ dig @ns1.secure.net sphinx.troiless.com

; <<>> DiG 8.3 <<>> @ns1.secure.net sphinx.troiless.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      sphinx.troiless.com, type = A, class = IN

;; ANSWER SECTION:
sphinx.troiless.com.    2D IN A         64.128.119.65

;; AUTHORITY SECTION:
troiless.com.           2D IN NS        NS1.ZONEEDIT.com.
troiless.com.           2D IN NS        NS5.ZONEEDIT.com.

;; ADDITIONAL SECTION:
NS1.ZONEEDIT.com.       2D IN A         207.228.252.101
NS5.ZONEEDIT.com.       2D IN A         209.81.71.59

;; Total query time: 292 msec
;; FROM: cinder.morinda.com to SERVER: ns1.secure.net  192.41.1.10
;; WHEN: Mon Jul 16 11:25:38 2001
;; MSG SIZE  sent: 37  rcvd: 130


When I dump the database I find this line:

sphinx  91871   IN      A       64.128.119.65   ;Cr=answer [192.33.14.30]

It looks like 192.33.14.30 is the machine where this bogus data is coming
from, but even if the machine (belonging to Verisign acording to whois
reverse DNS) has bad data, why is everyone querying it?

Thanks,
	Adam

More information about the bind-users mailing list