recursive lookup behavior

Michael Kjorling michael at kjorling.com
Tue Apr 2 14:45:40 UTC 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 2 2002 09:23 -0500, Joel Fisher wrote:

> An example domain would be heirs-study.org.

Running doc on this domain gives me, at the end:

> Servers for org. (not also authoritative for heirs-study.org.)
>    === agree on NS records for heirs-study.org.
> NS list summary for heirs-study.org. from parent (org.) servers
>   == isnet.is.bgsm.edu. ncnoc.ncren.net.
> soa @isnet.is.bgsm.edu. for heirs-study.org. serial: 3
> soa @ncnoc.ncren.net. for heirs-study.org. serial:
> ERROR: no SOA record for heirs-study.org. from ncnoc.ncren.net.
> NS list from heirs-study.org. authoritative servers matches list from
>   === parent (org.) servers not authoritative for heirs-study.org.
> Checking 0 potential addresses for hosts at heirs-study.org.
>   ==
> Summary:
>    ERRORS found for heirs-study.org. (count: 1)
>    WARNINGS issued for heirs-study.org. (count: 1)
> Done testing heirs-study.org.  Tue Apr  2 16:39:06 CDT 2002

The warning was about an inconsistent serial number for "org",
presumably because it is being updated and not all servers have caught
up with the master (wherever and whatever it is).

Let's have a look at what ncnoc has to say about heirs-study.org:

> ; <<>> DiG 9.2.1rc2 <<>> @ncnoc.ncren.net heirs-study.org soa +norec
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59301
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
>
> ;; QUESTION SECTION:
> ;heirs-study.org.               IN      SOA
>
> ;; AUTHORITY SECTION:
> heirs-study.org.        105709  IN      NS      ISNET.IS.BGSM.EDU.
> heirs-study.org.        105709  IN      NS      NCNOC.NCREN.NET.
>
> ;; ADDITIONAL SECTION:
> ISNET.IS.BGSM.EDU.      86400   IN      A       152.11.118.6
> NCNOC.NCREN.NET.        14400   IN      A       192.101.21.1
> NCNOC.NCREN.NET.        14400   IN      A       128.109.193.1
>
> ;; Query time: 138 msec
> ;; SERVER: 192.101.21.1#53(ncnoc.ncren.net)
> ;; WHEN: Tue Apr  2 16:42:18 2002
> ;; MSG SIZE  rcvd: 141

A ha - an unauthorative referral - back to itself, even.

Make sure to set up the zones in question as slaves on
ncnoc.ncren.net, and the problem will go away. In the process, it
might not be an all that bad idea to turn off public recursive service
as well.


Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e

``And indeed people sometimes speak of man's "bestial" cruelty, but
this is very unfair and insulting to the beasts: a beast can never be
so cruel as a man, so ingeniously, so artistically cruel.''
(Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE8qcQaKqN7/Ypw4z4RArNxAJ4mAqhuKma4twuhFFZw4Kxm4o1JJgCg6t5f
XkiP+dOAA0pRWCd0cDvGcKc=
=LDIO
-----END PGP SIGNATURE-----

More information about the bind-users mailing list