Can't resolve a particular address

[Barry Margolin]

In article <bioprm$1q9v$1 at sf1.isc.org>,
Ian Northeast  <ian at house-from-hell.demon.co.uk> wrote:
>Barry Margolin wrote:
>> babylon.atnet.at is supposed to be a server for the domain, but it doesn't
>> appear to have the zone loaded.
>
>But the other one works so that isn't the whole problem. BTW is it

This type of error doesn't cause a failover to the other nameserver, so it
*is* the problem.

>normal for a lame server to answer non-authoritatively and quote itself
>as an authority? Just curious.

Yes, it's quite normal.  If the server has cached the delegation records
from the parent domain, it will return them in the Authority Section of the
response.  The fact that one of them happens to point to itself is never
noticed.

>The other problem seems to be a firewall somewhere in front of the
>working nameserver for info.wien.at, ns.info.wien.at, which is dropping
>DNS queries from source port 53. Bind 4 uses source port 53. Modern
>versions use high source ports by default. If I change a nameserver to
>use source port 53 it can't resolve that domain, if I let it default to
>high it can.

That's pretty bad.  Someone should notify the admin of that site that
they're blocking legitimate queries.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.