Campus name servers behave differently

Edvard Tuinder lunytune at gmail.com
Thu Sep 2 21:36:30 UTC 2004 

According to Jim McCullars:
> Hi, we have two name servers for our campus, and I have noticed that we can
> query the two of them and sometimes get different results.  I don't know a
> lot about bind, and am hoping someone can give some guidance.
>
> The primary name server is uahis1.uah.edu and runs bind version 8.4.4 under
> Solaris 9.  The secondary name server is email.uah.edu and the version string
> reports 8.3.4-REL and this runs under Tru64 Unix 4.0F.  I think we compiled
> both locally, rather than downloading a package.
>
> The first time we noticed there might be a problem was when a user reported
> that they were unable to send email to someone at Motlow State Community
> College.  From the email server, which uses itself for name resolution, MX
> records for mscc.edu are not available:

The nameservice for mscc.edu is seriously broken.

According to the registry there nameservers are
;; AUTHORITY SECTION:
mscc.edu.               172800  IN      NS      DNS2.mscc.edu.
mscc.edu.               172800  IN      NS      DNS1.mscc.edu.

But according to those machines, there is only one nameserver:
; <<>> DiG 9.3.0rc3 <<>> @206.23.246.5 mscc.edu. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 467
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mscc.edu.                      IN      NS

;; ANSWER SECTION:

;; ANSWER SECTION:
mscc.edu.               3600    IN      NS      mscc-bdc.mscc.edu.

;; Query time: 170 msec
;; SERVER: 206.23.246.5#53(206.23.246.5)
;; WHEN: Thu Sep  2 22:54:07 2004
;; MSG SIZE  rcvd: 49

So they say that mscc-bdc.mscc.edu is their nameserver. This in itself is
a bad setup but could work. The real problem however is that both "original"
nameservers claim that mscc-bdc.mscc.edu does NOT exist.
; <<>> DiG 9.3.0rc3 <<>> @206.23.246.5 mscc-bdc.mscc.edu. a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 973
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mscc-bdc.mscc.edu.             IN      A

So any dns lookup will fail eventually. It might query the nameservers
returned from the .edu nameservers, but after one query to those, it will
no longer query them, as they are not listed as nameservers.

Though the versions of bind you are using are obsolete and there are
new versions available with various (security related) fixes, that in
itself is not the problemn. mscc.edu should get their dns act together
and fix their zone.

-Ed

More information about the bind-users mailing list