Campus name servers behave differently

Jim McCullars jim at info2.uah.edu
Thu Sep 2 19:22:20 UTC 2004 

Hi, we have two name servers for our campus, and I have noticed that we can
query the two of them and sometimes get different results.  I don't know a
lot about bind, and am hoping someone can give some guidance.

The primary name server is uahis1.uah.edu and runs bind version 8.4.4 under
Solaris 9.  The secondary name server is email.uah.edu and the version string
reports 8.3.4-REL and this runs under Tru64 Unix 4.0F.  I think we compiled
both locally, rather than downloading a package.

The first time we noticed there might be a problem was when a user reported
that they were unable to send email to someone at Motlow State Community
College.  From the email server, which uses itself for name resolution, MX
records for mscc.edu are not available:

# dig mscc.edu MX

; <<>> DiG 8.3 <<>> mscc.edu MX
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      mscc.edu, type = MX, class = IN

;; Total query time: 0 msec
;; FROM: email.uah.edu to SERVER: default -- 127.0.0.1
;; WHEN: Thu Sep  2 14:15:00 2004
;; MSG SIZE  sent: 26  rcvd: 26


but from uahis1, it works:

dig @uahis1.uah.edu mscc.edu MX

; <<>> DiG 8.3 <<>> @uahis1.uah.edu mscc.edu MX
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUERY SECTION:
;;      mscc.edu, type = MX, class = IN

;; ANSWER SECTION:
mscc.edu.               1H IN MX        10 mail.mscc.edu.

;; AUTHORITY SECTION:
mscc.edu.               18h55m48s IN NS  DNS2.mscc.edu.
mscc.edu.               18h55m48s IN NS  DNS1.mscc.edu.

;; ADDITIONAL SECTION:
mail.mscc.edu.          1H IN A         198.146.112.14
DNS2.mscc.edu.          18h55m48s IN A  206.23.246.5
DNS1.mscc.edu.          18h55m48s IN A  198.146.112.16

;; Total query time: 183 msec
;; FROM: email.uah.edu to SERVER: uahis1.uah.edu  146.229.1.2
;; WHEN: Thu Sep  2 14:15:42 2004
;; MSG SIZE  sent: 26  rcvd: 141


Now, here is another anomaly.  I do a lookup on a domain name and two answers
are returned from the two hosts.  We got porn spam from some domain called
walpurga.com and from the email host it looks like this:

; <<>> DiG 8.3 <<>> walpurga.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;;      walpurga.com, type = A, class = IN

;; ANSWER SECTION:
walpurga.com.           39m49s IN A     211.158.15.58

;; AUTHORITY SECTION:
walpurga.com.           39m48s IN NS    ns1.koleyfore.org.
walpurga.com.           39m48s IN NS    ns1.kaleinc-dns-server.org.
walpurga.com.           39m48s IN NS    ns1.kaleinc-dns-server2.org.

;; ADDITIONAL SECTION:
ns1.koleyfore.org.      27m33s IN A     211.158.15.58
ns1.kaleinc-dns-server.org.  8h39m41s IN A  66.249.124.137
ns1.kaleinc-dns-server2.org.  22h50m IN A  211.158.15.58

;; Total query time: 0 msec
;; FROM: email.uah.edu to SERVER: default -- 127.0.0.1
;; WHEN: Thu Sep  2 14:17:40 2004
;; MSG SIZE  sent: 30  rcvd: 200


but if I query uahis1.uah.edu, I get this:

 dig @uahis1.uah.edu walpurga.com

; <<>> DiG 8.3 <<>> @uahis1.uah.edu walpurga.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; QUERY SECTION:
;;      walpurga.com, type = A, class = IN

;; ANSWER SECTION:
walpurga.com.           1H IN A         201.12.78.140

;; AUTHORITY SECTION:
walpurga.com.           1H IN NS        ns1.koleyfore.org.
walpurga.com.           1H IN NS        ns1.kaleinc-dns-server.org.
walpurga.com.           1H IN NS        ns1.kaleinc-dns-server2.org.

;; ADDITIONAL SECTION:
ns1.kaleinc-dns-server.org.  19h25m44s IN A  66.249.124.137

;; Total query time: 795 msec
;; FROM: email.uah.edu to SERVER: uahis1.uah.edu  146.229.1.2
;; WHEN: Thu Sep  2 14:18:23 2004
;; MSG SIZE  sent: 30  rcvd: 180


Can someone tell me what the problem could be, or where and how to start
troubleshooting this?  Thanks...

Jim McCullars
University of Alabamam in Huntsville

More information about the bind-users mailing list