Adress lookup for authoritative server fails

Mark_Andrews at isc.org Mark_Andrews at isc.org
Thu Nov 20 22:43:56 UTC 2003 

	Firstly minolta-qms.de has a broken delegation.  The NS RRsets
	are not the same in the parent as in the child.

minolta-qms.de.         86400   IN      NS      ns1.catsys.de.
minolta-qms.de.         86400   IN      NS      ns2.catsys.de.
;; Received 79 bytes from 81.91.161.5#53(A.NIC.de) in 670 ms

www.minolta-qms.de.     300     IN      A       81.89.192.73
minolta-qms.de.         7200    IN      NS      ns1.megsystems.net.
minolta-qms.de.         7200    IN      NS      ns2.megsystems.net.
minolta-qms.de.         7200    IN      NS      ns3.megsystems.net.
;; Received 168 bytes from 81.89.192.67#53(ns1.catsys.de) in 663 ms

	Secondly you need to upgrade your nameserver.  With the
	current configuration the nameserver chaining distance is
	to big for your server.

	Too lookup minolta-qms.de you have to first lookup catsys.de.
	Too lookup catsys.de you have to first lookup megsystems.net.
	Looking up megsystems.net uses glue from net.

	Old versions of named have a chaining distance of 1.  This
	was not a problem when nameservers lived in the zones they
	served.  When the delegation information for minolta-qms.de
	is updated to that in the child zone this condition will be
	restored.

	Mark

> Hi,
> 
> i've got a strange problem. There are some domain names that my bind cannot
> resolve. For example, wenn i run "host www.minolta-qms.de", my server does
> the following (tcpdump output):
> 
> 16:16:52.742371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 45759 A? 
> ns1.catsys.de. (31) (DF)
> 16:16:52.742371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 64608 A? 
> ns2.catsys.de. (31) (DF)
> 16:16:52.742371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 34949 A? 
> minolta-qms.de. (32) (DF)
> 16:16:52.772371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 45759- 
> 0/3/0 (99) (DF)
> 16:16:52.772371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 64608- 
> 0/3/0 (99) (DF)
> 16:16:52.772371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 34949- 
> 0/2/0 (75) (DF)
> 16:16:52.772371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 53566 A? 
> ns1.catsys.de. (31) (DF)
> 16:16:52.772371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 63707 A? 
> ns2.catsys.de. (31) (DF)
> 16:16:52.802371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 53566- 
> 0/3/0 (99) (DF)
> 16:16:52.802371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 63707- 
> 0/3/0 (99) (DF)
> 16:16:57.742371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 11212 A? 
> ns1.catsys.de. (31) (DF)
> 16:16:57.742371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 60884 A? 
> ns2.catsys.de. (31) (DF)
> 16:16:57.742371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 57996 A? 
> minolta-qms.de. (32) (DF)
> 16:16:57.762371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 11212- 
> 0/3/0 (99) (DF)
> 16:16:57.772371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 60884- 
> 0/3/0 (99) (DF)
> 16:16:57.772371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 57996- 
> 0/2/0 (75) (DF)
> 16:16:57.772371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 54094 A? 
> ns1.catsys.de. (31) (DF)
> 16:16:57.772371 zeus2.ba-dresden.de.filenet-tms > e.nic.de.domain: 27530 A? 
> ns2.catsys.de. (31) (DF)
> 16:16:57.802371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 54094- 
> 0/3/0 (99) (DF)
> 16:16:57.802371 e.nic.de.domain > zeus2.ba-dresden.de.filenet-tms: 27530- 
> 0/3/0 (99) (DF)
> 
> The server gets two authoritative servers for minolta-qms.de: ns1 and 
> ns2.catsys.de.
> while querying the ip adresses of these it gets 3 authoritative servernames 
> for the
> zone catsys.de, but it doesn't query the adresses of these. The result is 
> that i get
> a "non-existent domain" message.
> 
> But when i first do e.g. "host ns1.catsys.de" before runnning "host 
> www.minolta-qms.de"
> the resulution works. This behaviour does not only occur with this name, 
> but with
> every name whose resolution gives me some authoritative servers in the 
> first step
> and some authoritative servers, when bind tries to get the adresses of of 
> the first
> authoritative servers.
> 
> I think there is an error in the configuration, but i don't know what 
> exactly the error is.
> 
> thx, jan
> -- 
> Jan Wätzig
> Laboringenieur
> Berufsakademie Dresden
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list