Bogus A record somewhere
Barry Margolin
barmar at genuity.net
Mon Jul 16 19:08:17 UTC 2001
In article <9ivd37$6mb at pub3.rc.vix.com>,
Adam Augustine <adam_augustine at morinda.com> wrote:
>I am troubleshooting an issue with a domain "troiless.com".
>
>The servers that are (should be?) authoritative for the domain
>(ns1.zoneedit.com, and ns5.zoneedit.com) have an A record for
>"sphinx.troiless.com" which points to "207.88.76.3":
....
>When I dump the database I find this line:
>
>sphinx 91871 IN A 64.128.119.65 ;Cr=answer [192.33.14.30]
>
>It looks like 192.33.14.30 is the machine where this bogus data is coming
>from, but even if the machine (belonging to Verisign acording to whois
>reverse DNS) has bad data, why is everyone querying it?
Verisign is the parent company of Network Solutions, which creates the
zones that populate the root and GTLD servers. sphinx.troiless.com was
apparently a glue record at one time.
% dig sphinx.troiless.com a @a.gtld-servers.net
; <<>> DiG 8.3 <<>> sphinx.troiless.com a @a.gtld-servers.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; sphinx.troiless.com, type = A, class = IN
;; ANSWER SECTION:
sphinx.troiless.com. 2D IN A 64.128.119.65
The strange thing is that the host would normally show up in a WHOIS query,
but it's not. You'll need to contact NSI and get them to remove this
record.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list