Werid mx queries to the vatician
Chris Buxton
cbuxton at menandmice.com
Sat Sep 9 23:43:46 UTC 2006
Do you perhaps have some setting that would prevent BIND from
believing an answer coming from the va TLD zone? For example, a zone
of type 'delegation-only' named 'va' would cause this.
The difference between fabricsp.va and vatican.va is, vatican.va is
delegated as a subzone, while fabricsp.va is answered directly from
the va zone.
Chris Buxton
Men & Mice
Take control of your network
On Sep 6, 2006, at 10:58 AM, Patrick Hulman wrote:
> My mail server are unable to send mail to parts of the holy see. upon
> investigation i found the following
>
> # dig mx fabricsp.va
>
> ; <<>> DiG 9.2.4 <<>> mx fabricsp.va
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29921
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;fabricsp.va. IN MX
>
> ;; Query time: 133 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed Sep 6 13:24:45 2006
> ;; MSG SIZE rcvd: 2
>
> however if i do a dig +trace i get this
>
> # dig +trace mx fabricsp.va
>
> ; <<>> DiG 9.2.4 <<>> +trace mx fabricsp.va
> ;; global options: printcmd
> . 334879 IN NS J.ROOT-SERVERS.NET.
> . 334879 IN NS K.ROOT-SERVERS.NET.
> . 334879 IN NS L.ROOT-SERVERS.NET.
> . 334879 IN NS M.ROOT-SERVERS.NET.
> . 334879 IN NS A.ROOT-SERVERS.NET.
> . 334879 IN NS B.ROOT-SERVERS.NET.
> . 334879 IN NS C.ROOT-SERVERS.NET.
> . 334879 IN NS D.ROOT-SERVERS.NET.
> . 334879 IN NS E.ROOT-SERVERS.NET.
> . 334879 IN NS F.ROOT-SERVERS.NET.
> . 334879 IN NS G.ROOT-SERVERS.NET.
> . 334879 IN NS H.ROOT-SERVERS.NET.
> . 334879 IN NS I.ROOT-SERVERS.NET.
> ;; Received 276 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
> va. 172800 IN NS DNS.NIC.IT.
> va. 172800 IN NS DNS2.IT.NET.
> va. 172800 IN NS DXMON.CERN.CH.
> va. 172800 IN NS MICHAEL.VATICAN.va.
> va. 172800 IN NS NS.RIPE.NET.
> va. 172800 IN NS JOHN.VATICAN.va.
> va. 172800 IN NS NS.URBE.IT.
> va. 172800 IN NS SETH.NAMEX.IT.
> va. 172800 IN NS OSIRIS.NAMEX.IT.
> ;; Received 416 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in
> 256 ms
>
> fabricsp.va. 86400 IN MX 10 lists.vatican.va.
> fabricsp.va. 86400 IN MX 20 paul.vatican.va.
> fabricsp.va. 86400 IN MX 50 proxy2.urbe.it.
> fabricsp.va. 86400 IN MX 90 john.vatican.va.
> va. 86400 IN NS john.vatican.va.
> va. 86400 IN NS seth.namex.it.
> va. 86400 IN NS osiris.namex.it.
> va. 86400 IN NS michael.vatican.va.
> va. 86400 IN NS ext-dns-2.cern.ch.
> va. 86400 IN NS ns.ripe.net.
> va. 86400 IN NS ns.urbe.it.
> va. 86400 IN NS dns.nic.it.
> va. 86400 IN NS dns2.it.net.
> ;; Received 510 bytes from 193.205.245.5#53(DNS.NIC.IT) in 155 ms
>
> however if i try to do a dig on vatican.va it works fine
> # dig mx vatican.va
>
> ; <<>> DiG 9.2.4 <<>> mx vatican.va
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40639
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 5
>
> ;; QUESTION SECTION:
> ;vatican.va. IN MX
>
> ;; ANSWER SECTION:
> vatican.va. 85762 IN MX 10 lists.vatican.va.
> vatican.va. 85762 IN MX 20 paul.vatican.va.
> vatican.va. 85762 IN MX 50 proxy2.urbe.it.
>
> ;; AUTHORITY SECTION:
> vatican.va. 85749 IN NS john.vatican.va.
> vatican.va. 85749 IN NS michael.vatican.va.
> vatican.va. 85749 IN NS dns2.it.net.
> vatican.va. 85749 IN NS dns3.nic.it.
>
> ;; ADDITIONAL SECTION:
> lists.vatican.va. 85762 IN A 212.77.6.62
> paul.vatican.va. 85762 IN A 212.77.0.113
> proxy2.urbe.it. 75562 IN A 193.43.128.7
> dns2.it.net. 10433 IN A 151.1.2.1
> john.vatican.va. 85749 IN A 212.77.0.110
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed Sep 6 13:28:37 2006
> ;; MSG SIZE rcvd: 270
>
> i thought i was being blocked by ip but i'm able to lookup the
> vatican.va
> but not other domain.
>
> does anyone have an idea why i'm getting this result.
>
> patrick
>
>
>
More information about the bind-users
mailing list