DNS-query returns different responses
Barry Margolin
barmar at genuity.net
Mon Feb 25 20:14:06 UTC 2002
In article <a5duae$mos at pub3.rc.vix.com>,
Stefan Schnuerle <stefan.schnuerle at t-online.de> wrote:
>
>Hi out there,
>
>if I'm wrong with this question here, please let me know.
>Perhaps it's more a mail-related issue, but actually, I don't think so.
>
>If I run nslookup on a Linux-machine with Bind8 running and look up
>the zone xyz123.com, I get different responses. I.e., if I do an nslookup
>now, it returns another result than perhaps an hour ago or an hour later.
>
>Is this a normal behaviour? As far as I understood, a DNS-query should
>always return the same result, or am I completely wrong there?
>
>The different results are:
>1. Full info on the DNS-entry of xyz123.com, including MX, NS, SOA and
>A records as a non-authotitative answer. Authoritative ones could be
>found at two uunet-nameservers and the ns.xyz123.com.
>2. A non-authoritative answer which only returns the SOA-record and tells
>that authoritative answers can be found at the ROOT servers for .com,
>i.e., a.gtld-servers.net and so on. Not a single word about xyz123.com or
>uunet.
>3. Full info on the DNS-entry of xyz123.com, but without the SOA-record.
>4. A response which returns the SOA and the NS and A-records for the uunet-
>nameservers, but NOT for the ns.xyz123.com-nameserver.
What record type are you specifying? It sounds like you may be specifying
"type=any", which can have inconsistent results like this when querying a
caching server. If your local server has any records for the name in its
cache it will just return those; there's a good chance they won't be *all*
the records for the name. If it doesn't have any records for the name in
its cache then it will recurse to the GTLD servers, which will just return
the NS records.
>The reason why I have to know about that is the following.
>If someone from xyz123.com posts a mail to our mailserver, there's a
>"This address is not allowed"-error from time to time. This is because
>we only accept mails from domains that contain an MX-entry for this
>domain (to block faked sender-domains, spam and so on).
A zone may use an A record instead of an MX record, do you check for that?
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list