Why doesn't bind query the second DNS?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sun Sep 1 08:02:23 UTC 2002
>
> Hi,
>
> Running a caching only nameserver, bind-9.2.1-0.6x-3 on Red Hat Linux 6.2. I
> t
> seems name queries fail if the first authoritative DNS for a domain is not
> available. I am a little surprised the secondary DNS is not being queried. An
> y
> explanation?
> (Please ask if more info is needed.)
>
> Thanks,
> Leonard.
>
> [leonard at firewall leonard]$ nslookup -sil
> > www.linux-easy.com
> ;; connection timed out; no servers could be reached
> > exit
>
> [leonard at firewall leonard]$ dig www.linux-easy.com @a.root-servers.net
>
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @a.root-servers.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9122
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
>
> ;; QUESTION SECTION:
> ;www.linux-easy.com. IN A
>
> ;; AUTHORITY SECTION:
> com. 172800 IN NS A.GTLD-SERVERS.NET.
> com. 172800 IN NS G.GTLD-SERVERS.NET.
> com. 172800 IN NS H.GTLD-SERVERS.NET.
> com. 172800 IN NS C.GTLD-SERVERS.NET.
> com. 172800 IN NS I.GTLD-SERVERS.NET.
> com. 172800 IN NS B.GTLD-SERVERS.NET.
> com. 172800 IN NS D.GTLD-SERVERS.NET.
> com. 172800 IN NS L.GTLD-SERVERS.NET.
> com. 172800 IN NS F.GTLD-SERVERS.NET.
> com. 172800 IN NS J.GTLD-SERVERS.NET.
> com. 172800 IN NS K.GTLD-SERVERS.NET.
> com. 172800 IN NS E.GTLD-SERVERS.NET.
> com. 172800 IN NS M.GTLD-SERVERS.NET.
>
> ;; ADDITIONAL SECTION:
> A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30
> G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30
> H.GTLD-SERVERS.NET. 172800 IN A 192.54.112.30
> C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30
> I.GTLD-SERVERS.NET. 172800 IN A 192.43.172.30
> B.GTLD-SERVERS.NET. 172800 IN A 192.33.14.30
> D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30
> L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30
> F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30
> J.GTLD-SERVERS.NET. 172800 IN A 210.132.100.101
> K.GTLD-SERVERS.NET. 172800 IN A 192.52.178.30
> E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30
> M.GTLD-SERVERS.NET. 172800 IN A 192.55.83.30
>
> ;; Query time: 420 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Sat Aug 31 18:20:44 2002
> ;; MSG SIZE rcvd: 468
>
> [leonard at firewall leonard]$ dig www.linux-easy.com @a.gtld-servers.net
>
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @a.gtld-servers.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12779
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.linux-easy.com. IN A
>
> ;; AUTHORITY SECTION:
> linux-easy.com. 172800 IN NS DNS1.YOHO.com.
> linux-easy.com. 172800 IN NS DNS2.YOHO.com.
>
> ;; ADDITIONAL SECTION:
> DNS1.YOHO.com. 172800 IN A 61.220.123.84
> DNS2.YOHO.com. 172800 IN A 61.220.123.85
>
> ;; Query time: 266 msec
> ;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
> ;; WHEN: Sat Aug 31 18:20:53 2002
> ;; MSG SIZE rcvd: 111
>
> [leonard at firewall leonard]$ dig www.linux-easy.com @dns1.yoho.com
>
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @dns1.yoho.com
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
> [leonard at firewall leonard]$ dig www.linux-easy.com @dns2.yoho.com
>
> ; <<>> DiG 9.2.1 <<>> www.linux-easy.com @dns2.yoho.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33533
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.linux-easy.com. IN A
>
> ;; ANSWER SECTION:
> www.linux-easy.com. 12000 IN CNAME linux-easy.com.
> linux-easy.com. 12000 IN A 64.239.85.40
> www.linux-easy.com. 12000 IN A 64.239.85.40
>
> ;; Query time: 561 msec
> ;; SERVER: 61.220.123.84#53(dns2.yoho.com)
> ;; WHEN: Sat Aug 31 18:21:36 2002
> ;; MSG SIZE rcvd: 146
Well it would help if the above was a LEGAL answer to the
question. The nameserver is returning a CNAME and a A
record. This is illegal.
Mark
>
> [leonard at firewall leonard]$ nslookup -sil www.linux-easy.com
> ;; connection timed out; no servers could be reached
>
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list