Bad NS records??

Martin Köhling mk at lw1.cc-computer.de
Fri Jul 20 11:40:44 UTC 2001 

Hi!

For a few days, our local (caching) nameserver is having
trouble accessing one domain: balius.com (which causes mail
from east.balius.com, where the Linux ipchains mailing list
is hosted, to bounce on our mail server :-().

I don't *quite* understand what's going on, but here's what
I have found out so far:

The root servers tell me this:

; <<>> DiG 8.2 <<>> ns.balius.com @D.GTLD-SERVERS.NET. +norecurse ns
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53062
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      ns.balius.com, type = NS, class = IN

;; AUTHORITY SECTION:
balius.com.             2D IN NS        NS1.AMOTKEN.com.
balius.com.             2D IN NS        NS2.AMOTKEN.com.

;; ADDITIONAL SECTION:
NS1.AMOTKEN.com.        2D IN A         24.24.63.86
NS2.AMOTKEN.com.        2D IN A         24.24.63.87

ns1.amotken.com tells me this:

; <<>> DiG 8.2 <<>> balius.com @NS1.AMOTKEN.com. +norecurse ns
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50414
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;;      balius.com, type = NS, class = IN

;; ANSWER SECTION:
balius.com.             4w2d IN NS      ns1.balius.com.
balius.com.             4w2d IN NS      ns2.balius.com.

;; ADDITIONAL SECTION:
ns1.balius.com.         1D IN A         24.24.63.86
ns2.balius.com.         1D IN A         24.24.63.87

Obviously, the NS records do not match (even though they
point to the same address) - is this the problem?

When I dump our local named database, I find this:

balius  21324   IN      NS      ns2.balius.com. ;Cr=auth [24.24.63.86]
        21324   IN      NS      ns1.balius.com. ;Cr=auth [24.24.63.86]

OK, so the NS records on NS1.AMOTKEN.com have a *much* higher TTL
than their corresponding A records; both get cached locally, and
at some point the A record times out.

But what happens next when (e.g.) a query for east.balius.com
arrives?

Does named query the root servers for balius.com, receive some
NS records (NS1/2.AMOTKEN.com) and immediately discards them
because the answer is not authoritative (and the cached data
*is*)?

Or is the problem something else?

(BTW: I just restarted the local nameserver, and the problem
went away; but I suspect it will return in regular intervals... :-()

Any comments? *IS* this a configuration problem of balius.com?
Can I do anything about it except to mail the zone admin (which
I will do if I'm sure I know what's going on...)

Regards,
Martin

More information about the bind-users mailing list