Why doesn't bind query the second DNS?

Sun Sep 1 08:02:23 UTC 2002

> 
> Hi,
> 
>  Running a caching only nameserver, bind-9.2.1-0.6x-3 on Red Hat Linux 6.2. I
> t 
> seems name queries fail if the first authoritative DNS for a domain is not 
> available. I am a little surprised the secondary DNS is not being queried. An
> y 
> explanation?
>  (Please ask if more info is needed.)
> 
> Thanks,
> Leonard.
> 
> [leonard at firewall leonard]$ nslookup -sil
> > www.linux-easy.com
> ;; connection timed out; no servers could be reached
> > exit
> 
> [leonard at firewall leonard]$ dig www.linux-easy.com @a.root-servers.net
> 
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @a.root-servers.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9122
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> 
> ;; QUESTION SECTION:
> ;www.linux-easy.com.            IN      A
> 
> ;; AUTHORITY SECTION:
> com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
> 
> ;; ADDITIONAL SECTION:
> A.GTLD-SERVERS.NET.     172800  IN      A       192.5.6.30
> G.GTLD-SERVERS.NET.     172800  IN      A       192.42.93.30
> H.GTLD-SERVERS.NET.     172800  IN      A       192.54.112.30
> C.GTLD-SERVERS.NET.     172800  IN      A       192.26.92.30
> I.GTLD-SERVERS.NET.     172800  IN      A       192.43.172.30
> B.GTLD-SERVERS.NET.     172800  IN      A       192.33.14.30
> D.GTLD-SERVERS.NET.     172800  IN      A       192.31.80.30
> L.GTLD-SERVERS.NET.     172800  IN      A       192.41.162.30
> F.GTLD-SERVERS.NET.     172800  IN      A       192.35.51.30
> J.GTLD-SERVERS.NET.     172800  IN      A       210.132.100.101
> K.GTLD-SERVERS.NET.     172800  IN      A       192.52.178.30
> E.GTLD-SERVERS.NET.     172800  IN      A       192.12.94.30
> M.GTLD-SERVERS.NET.     172800  IN      A       192.55.83.30
> 
> ;; Query time: 420 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Sat Aug 31 18:20:44 2002
> ;; MSG SIZE  rcvd: 468
> 
> [leonard at firewall leonard]$ dig www.linux-easy.com @a.gtld-servers.net
> 
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @a.gtld-servers.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12779
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;www.linux-easy.com.            IN      A
> 
> ;; AUTHORITY SECTION:
> linux-easy.com.         172800  IN      NS      DNS1.YOHO.com.
> linux-easy.com.         172800  IN      NS      DNS2.YOHO.com.
> 
> ;; ADDITIONAL SECTION:
> DNS1.YOHO.com.          172800  IN      A       61.220.123.84
> DNS2.YOHO.com.          172800  IN      A       61.220.123.85
> 
> ;; Query time: 266 msec
> ;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
> ;; WHEN: Sat Aug 31 18:20:53 2002
> ;; MSG SIZE  rcvd: 111
> 
> [leonard at firewall leonard]$ dig www.linux-easy.com @dns1.yoho.com
> 
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @dns1.yoho.com
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> [leonard at firewall leonard]$ dig www.linux-easy.com @dns2.yoho.com
> 
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @dns2.yoho.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33533
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;www.linux-easy.com.            IN      A
> 
> ;; ANSWER SECTION:
> www.linux-easy.com.     12000   IN      CNAME   linux-easy.com.
> linux-easy.com.         12000   IN      A       64.239.85.40
> www.linux-easy.com.     12000   IN      A       64.239.85.40
> 
> ;; Query time: 561 msec
> ;; SERVER: 61.220.123.84#53(dns2.yoho.com)
> ;; WHEN: Sat Aug 31 18:21:36 2002
> ;; MSG SIZE  rcvd: 146

	Well it would help if the above was a LEGAL answer to the
	question.  The nameserver is returning a CNAME and a A
	record.  This is illegal.

	Mark
> 
> [leonard at firewall leonard]$ nslookup -sil www.linux-easy.com
> ;; connection timed out; no servers could be reached
> 
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org