Can lookup ezmlm.org but not www.ezmlm.org ???
Kevin Darcy
kcd at daimlerchrysler.com
Fri Feb 15 00:43:08 UTC 2002
It would appear that the cheetahmail.com folks are doing something which
violates the RFCs, i.e. creating a CNAME called "ezmlm.org", where that
name owns records of other types (e.g. SOA and NS records). Apparently
they use a lax nameserver which allows this travesty to be propagated.
Your nameserver rightfully responds with an error when it detects this
bogosity.
- Kevin
autom8on wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> There's obviously something screwy with my DNS setup - though I'm not
> sure exactly what it is, or how to fix it.
>
> The problem surfaced when I came to try and install the ezmlm package
> - - I tried going from my network to www.ezmlm.org - but just kept
> getting DNS failure errors.
>
> So, I tried doing some DNS lookups - and sure enough, although I
> could see ezmlm.org from my local machine, I couldn't see
> www.ezmlm.org. So, just in case, I ssh'd to another shell account I
> have, and tried from there - it worked fine.
>
> The output from dig to ezmlm.org and www.ezmlm.org on both boxes is
> at the end of this message, just incase that's of any help. I notice
> that the formatting is slightly different - but that's probably
> because of different versions of dig installed on the two boxes.
>
> The config I'm using is a slightly modified version of Rob Thomas'
> Secure BIND template
> (http://www.enteract.com/~robt/Docs/Articles/secure-bind-template.html
> ) - I'll not put all of it here, but here's the options section
> (which may, or may not, be of any relevance whatsoever):
>
> options { directory "/var/named";
> pid-file "/var/named/named.pid";
> statistics-file "/var/named/named.stats";
> memstatistics-file "/var/named/named.memstats";
> dump-file "/var/adm/named.dump";
> zone-statistics yes;
> // Make zone transfer more efficient by sending multiple
> // DNS records in a single DNS message.
> transfer-format many-answers;
> // Set max zone transfer time to 60 minutes.
> max-transfer-time-in 60;
> allow-transfer { xfer; };
> allow-query { trusted; };
> blackhole { bogon; };
> };
>
> There's no obvious error messages that I can see in the logs which
> are currently set to "debug" severity level.
>
> Does anyone have any idea what might be going on? Or any pointers as
> to how I could further investigate the problem?
>
> Thanks,
>
> Steve.
>
> Dig output follows:
>
> Local:
> ~~~~~~
> [user at box etc]# dig ezmlm.org
>
> ; <<>> DiG 9.1.3 <<>> ezmlm.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39069
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ezmlm.org. IN A
>
> ;; ANSWER SECTION:
> ezmlm.org. 3075 IN CNAME gd.tuwien.ac.at.
> gd.tuwien.ac.at. 85875 IN A 192.35.244.50
>
> ;; AUTHORITY SECTION:
> tuwien.ac.at. 85875 IN NS tunamed.tuwien.ac.at.
> tuwien.ac.at. 85875 IN NS tunamec.tuwien.ac.at.
>
> ;; Query time: 9 msec
> ;; SERVER: 10.0.1.1#53(10.0.1.1)
> ;; WHEN: Thu Feb 14 18:06:19 2002
> ;; MSG SIZE rcvd: 116
>
> [user at box etc]# dig www.ezmlm.org
>
> ; <<>> DiG 9.1.3 <<>> www.ezmlm.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27260
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.ezmlm.org. IN A
>
> ;; Query time: 226 msec
> ;; SERVER: 10.0.1.1#53(10.0.1.1)
> ;; WHEN: Thu Feb 14 18:06:25 2002
> ;; MSG SIZE rcvd: 31
>
> - From other shell box:
> ~~~~~~~~~~~~~~~~~~~~~
> box2% dig ezmlm.org
>
> ; <<>> DiG 8.3 <<>> ezmlm.org
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; ezmlm.org, type = A, class = IN
>
> ;; ANSWER SECTION:
> ezmlm.org. 50m35s IN CNAME gd.tuwien.ac.at.
> gd.tuwien.ac.at. 23h50m35s IN A 192.35.244.50
>
> ;; AUTHORITY SECTION:
> tuwien.ac.at. 3d23h50m35s IN NS tunamed.tuwien.ac.at.
> tuwien.ac.at. 3d23h50m35s IN NS tunamec.tuwien.ac.at.
>
> ;; ADDITIONAL SECTION:
> tunamed.tuwien.ac.at. 20h9m28s IN A 192.35.241.71
> tunamec.tuwien.ac.at. 20h9m28s IN A 192.35.241.70
>
> ;; Total query time: 1 msec
> ;; FROM: obfuscated.server to SERVER: default -- xxx.xxx.xxx.xxx
> ;; WHEN: Thu Feb 14 17:57:22 2002
> ;; MSG SIZE sent: 27 rcvd: 148
>
> box2% dig www.ezmlm.org
>
> ; <<>> DiG 8.3 <<>> www.ezmlm.org
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; www.ezmlm.org, type = A, class = IN
>
> ;; ANSWER SECTION:
> www.ezmlm.org. 50m36s IN CNAME gd.tuwien.ac.at.
> gd.tuwien.ac.at. 23h50m31s IN A 192.35.244.50
>
> ;; AUTHORITY SECTION:
> tuwien.ac.at. 3d23h50m31s IN NS tunamed.tuwien.ac.at.
> tuwien.ac.at. 3d23h50m31s IN NS tunamec.tuwien.ac.at.
>
> ;; ADDITIONAL SECTION:
> tunamed.tuwien.ac.at. 20h9m24s IN A 192.35.241.71
> tunamec.tuwien.ac.at. 20h9m24s IN A 192.35.241.70
>
> ;; Total query time: 1 msec
> ;; FROM: obfuscated.server to SERVER: default -- xxx.xxx.xxx.xxx
> ;; WHEN: Thu Feb 14 17:57:26 2002
> ;; MSG SIZE sent: 31 rcvd: 152
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPGv+X+6ZW0Ls+6nrEQKq3wCeMC3//TP1+ONMquhpKxEAiIf2vJsAn0nf
> wg1qn6tRIYMZS8W1wepwJ/VG
> =5W9a
> -----END PGP SIGNATURE-----
More information about the bind-users
mailing list