VERY strange problem with DNS

Mark_Andrews at isc.org Mark_Andrews at isc.org
Thu Jul 4 08:42:19 UTC 2002 

> 
> Hello!
> 
> Sorry if my msg could be a very little offtopic, but I honestly don't
> know where to ask for help :(
> 
> I'm using a couple of FreeBSD 4.6p1 boxes with BIND 8.3.3.
> 
> These are the authoritative DNS servers of a bunch of our domains. We
> have also other three DNS servers listed as auth. for a total of five,
> including our ISP's one and ns(1,2).secondary.com.
> 
> All was working fine till about one week ago, when many our customers
> and partners phone us they could'n reach our servers (mail, web, etc.).
> 
> A quick investigation reveals that a lot of DNS servers in the world
> (non auth. for our domains, of course) were suddenly giving the wrong
> IPs for our domains!
> 
> i.e. www.playstos.com is alias of masamune.playstos.com and its IP is
> 195.250.253.136.
> 
> But these DNS servers reported 194.79.208.11 !
> 
> The same for other records, like our MX mail servers, etc.
> 
> Note that:
> 
> 1) that IP is part of our old class C addresses which we abandoned
> (returned to ISP - RIPE) about FOUR MONTHS ago !
> 
> 2) in our DNS servers there is no istance of the string "194.x.x.x"
> etc., our zone files are right! checked and double checked !
> 
> 3) Till now all worked fine and we changed nothing, besides upgrading
> BIND from 8.2.3-T1B to 8.3.3 
> 
> 4) the SOA record reported from the "wrong DNS servers" is _right_ ! it
> reports the current Serial number !
> 
> 5) all our auth. servers if asked directly with "host" or "nslookup"
> reports the correct IPs
> 
> 
> I *really* don't know what happens and have no idea of how to stop it!
> 
> Please, if you have any idea, hint, suggestion, etc. please tell me! By
> private mail if you prefer!

	This is a very common problem.

	Update / delete the host record for MASAMUNE.PLAYSTOS.COM.

	Mark

; <<>> DiG 9.2.1 <<>> +trace MASAMUNE.PLAYSTOS.COM
;; global options:  printcmd
.			518400	IN	NS	B.ROOT-SERVERS.NET.
.			518400	IN	NS	C.ROOT-SERVERS.NET.
.			518400	IN	NS	D.ROOT-SERVERS.NET.
.			518400	IN	NS	E.ROOT-SERVERS.NET.
.			518400	IN	NS	F.ROOT-SERVERS.NET.
.			518400	IN	NS	G.ROOT-SERVERS.NET.
.			518400	IN	NS	H.ROOT-SERVERS.NET.
.			518400	IN	NS	I.ROOT-SERVERS.NET.
.			518400	IN	NS	J.ROOT-SERVERS.NET.
.			518400	IN	NS	K.ROOT-SERVERS.NET.
.			518400	IN	NS	L.ROOT-SERVERS.NET.
.			518400	IN	NS	M.ROOT-SERVERS.NET.
.			518400	IN	NS	A.ROOT-SERVERS.NET.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 33 ms

COM.			172800	IN	NS	A.GTLD-SERVERS.NET.
COM.			172800	IN	NS	G.GTLD-SERVERS.NET.
COM.			172800	IN	NS	H.GTLD-SERVERS.NET.
COM.			172800	IN	NS	C.GTLD-SERVERS.NET.
COM.			172800	IN	NS	I.GTLD-SERVERS.NET.
COM.			172800	IN	NS	B.GTLD-SERVERS.NET.
COM.			172800	IN	NS	D.GTLD-SERVERS.NET.
COM.			172800	IN	NS	L.GTLD-SERVERS.NET.
COM.			172800	IN	NS	F.GTLD-SERVERS.NET.
COM.			172800	IN	NS	J.GTLD-SERVERS.NET.
COM.			172800	IN	NS	K.GTLD-SERVERS.NET.
COM.			172800	IN	NS	E.GTLD-SERVERS.NET.
COM.			172800	IN	NS	M.GTLD-SERVERS.NET.
;; Received 471 bytes from ::ffff:128.9.0.107#53(B.ROOT-SERVERS.NET) in 290 ms

MASAMUNE.PLAYSTOS.COM.	172800	IN	A	194.79.208.11
PLAYSTOS.COM.		172800	IN	NS	GANDALF.PLAYSTOS.COM.
PLAYSTOS.COM.		172800	IN	NS	NS1.SECONDARY.COM.
PLAYSTOS.COM.		172800	IN	NS	NS2.SECONDARY.COM.
PLAYSTOS.COM.		172800	IN	NS	SYSTEMY.SYSTEMY.IT.
PLAYSTOS.COM.		172800	IN	NS	VIGER.PLAYSTOS.COM.
;; Received 239 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 891 ms


Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: MASAMUNE.PLAYSTOS.COM
   IP Address: 194.79.208.11
   Registrar: NETWORK SOLUTIONS, INC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com


>>> Last update of whois database: Wed, 3 Jul 2002 16:51:22 EDT <<<

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.

The Data in the VeriSign Registrar WHOIS database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information about
or related to a domain name registration record.  VeriSign does not guarantee
its accuracy.  Additionally, the data may not reflect updates to billing contact
information.  By submitting a WHOIS query, you agree to use this Data only
for lawful purposes and that under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via e-mail, telephone, or facsimile; or
(2) enable high volume, automated, electronic processes that apply to VeriSign
(or its computer systems).  The compilation, repackaging, dissemination or
other use of this Data is expressly prohibited without the prior written
consent of VeriSign.  VeriSign reserves the right to terminate your access to
the VeriSign Registrar WHOIS database in its sole discretion, including
without limitation, for excessive querying of the WHOIS database or for failure
to otherwise abide by this policy.  VeriSign reserves the right to modify these
terms at any time.  By submitting this query, you agree to abide by this policy.

Welcome to the VeriSign WHOIS Server.
There is no match for this domain name.
This domain is available for purchase!
Go to www.netsol.com to register it today!

> 
> 
> Hoping in your help!
> 
> 
> Many many thanks in advance!
> 
> 
> 
> 
> Alessandro de Manzano
> 
> Senior System & Network Administrator
> Playstos - TIMA S.p.A.
> Corso Sempione 63
> 20149 Milano, Italy
> 
> tel.: +39-023314153
> fax: +39-02315678
> email: demanzano at playstos.com
> 
> http://www.playstos.com
> 
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list