Tired of failing DNS queries

Mark Andrews Mark_Andrews at isc.org
Mon Jun 25 23:05:00 UTC 2007 

> Hello,
> 
> I have posted this or similar to this problem several times and I am
> well aware that the problem is at the names I or more accurately my
> clients are trying to resolve
> for example the domain msn77.com I know the DNS configuration of that
> domain is messed up and it is missing the stealth records and the proper
> way to set up a DNS, but on the other hand my clients are not accepting
> this as an answer, they don't care about technicality and moreover the
> very same site resolves and opens fine when they connect to other ISPs.

	So the other ISP's are lucky.

> I really would appreciate if someone can tell me how can I have my BIND
> deal more flexibly with such records.
> I am currently using two BIND versions,

	The point of RFC's is to promote interopability.  This site is
	not following the rules from the RFC's which allow the DNS to
	work.

	This is very much a case of Garbage In - Garbarge Out.  You
	should complain to the registry that they are not following
	RFC 1034, Section 4.2.2. Administrative considerations.
	This is a systemic problem that the registry should be
	addressing.

	You should also complain the zone's administrators.

As the last installation step, the delegation NS RRs and glue RRs
necessary to make the delegation effective should be added to the parent
zone.  The administrators of both zones should insure that the NS and
glue RRs which mark both sides of the cut are consistent and remain so.

	NS records differ and there are no address records for the
	nameservers listed in the zone.

msn77.com.              172800  IN      NS      ns3.uae-dns.com.
msn77.com.              172800  IN      NS      ns4.uae-dns.com.
;; Received 103 bytes from 2001:503:a83e::2:30#53(A.GTLD-SERVERS.NET) in 360 ms

msn77.com.              86400   IN      NS      ns1.ahladesin.com.
msn77.com.              86400   IN      NS      ns2.ahladesin.com.
;; Received 89 bytes from 208.64.27.91#53(ns4.uae-dns.com) in 173 ms


; <<>> DiG 9.3.4 <<>> ns1.ahladesin.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26639
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.ahladesin.com.		IN	A

;; AUTHORITY SECTION:
ahladesin.com.		10450	IN	SOA	ns3.uae-dns.com. support.design4host.com. 2006052201 86400 7200 3600000 86400

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 26 08:54:51 2007
;; MSG SIZE  rcvd: 103


; <<>> DiG 9.3.4 <<>> ns2.ahladesin.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19181
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns2.ahladesin.com.		IN	A

;; AUTHORITY SECTION:
ahladesin.com.		10800	IN	SOA	ns3.uae-dns.com. support.design4host.com. 2006052201 86400 7200 3600000 86400

;; Query time: 439 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 26 08:55:00 2007
;; MSG SIZE  rcvd: 103



> Primary: 
> DNS Version: 9.4.1
> OS: Debian etch
> configuration command:  ./configure --enable-libbind --enable-threads
> --sysconfdir=/etc --localstatedir=/var
> 
> ===========named.conf==============
> acl badguys { 
>     0.0.0.0/8; 
>     1.0.0.0/8; 
>     2.0.0.0/8; 
>     5.0.0.0/8; 
>     7.0.0.0/8; 
>     10.0.0.0/8; 
>     23.0.0.0/8; 
>     27.0.0.0/8; 
>     31.0.0.0/8; 
>     36.0.0.0/8; 
>     37.0.0.0/8; 
>     39.0.0.0/8; 
>     42.0.0.0/8; 
>     49.0.0.0/8; 
>     50.0.0.0/8; 
>     94.0.0.0/8; 
>     95.0.0.0/8; 
>     100.0.0.0/8; 
>     101.0.0.0/8; 
>     102.0.0.0/8; 
>     103.0.0.0/8; 
>     104.0.0.0/8; 
>     105.0.0.0/8; 
>     106.0.0.0/8; 
>     107.0.0.0/8; 
>     108.0.0.0/8; 
>     109.0.0.0/8; 
>     110.0.0.0/8; 
>     111.0.0.0/8; 
>     112.0.0.0/8; 
>     113.0.0.0/8; 
>     114.0.0.0/8; 
>     115.0.0.0/8; 
>     169.254.0.0/16; 
>     173.0.0.0/8; 
>     174.0.0.0/8; 
>     175.0.0.0/8; 
>     176.0.0.0/8; 
>     177.0.0.0/8; 
>     178.0.0.0/8; 
>     179.0.0.0/8; 
>     180.0.0.0/8; 
>     181.0.0.0/8; 
>     182.0.0.0/8; 
>     183.0.0.0/8; 
>     184.0.0.0/8; 
>     185.0.0.0/8; 
>     186.0.0.0/8; 
>     187.0.0.0/8; 
>     192.0.2.0/24; 
>     197.0.0.0/8; 
>     223.0.0.0/8; 
>     224.0.0.0/3;};
> acl trusted { 212.71.32.0/19; 213.181.160.0/19; 213.210.192.0/18;
> 91.151.160/22; 85.129.128.0/17; 84.9.0.0/15; 84.23.96.0/21;
> 217.145.240.0/20; 81.21.60.0/22; 192.168.1.0/16; 172.16.0.0/16;
> 89.4.0.0/15; 91.147.128.0/23; 91.147.130.0/24; 193.227.127.0/24;
> 193.22.249.0/24; };
> acl secondaries {   192.168.1.101;  192.168.1.102; };
> options {
> 	directory "/var/named";
> 	dump-file "/var/named/data/cache_dump.db";
> 	pid-file "/var/named/named.pid";
> 	statistics-file "/var/named/data/named_stats.txt";
> 	version "Get Lost";
> 	allow-query { trusted; localhost; };
> 	allow-recursion { localhost; trusted; };
> //	minimal-responses yes;
> 	zone-statistics yes;
> 	blackhole { badguys;  };
> 	edns-udp-size 512;
> 	notify yes;
> //	max-ncache-ttl 1;
> 	allow-transfer { secondaries; };
>         also-notify {192.168.1.101;  }; // all zones
>         allow-notify { secondaries; };
> 	recursive-clients 300000;
> };
> 
> 
> logging {
> 
> 
> 	channel default_debug {
> 		file "/var/log/named/named.log" size 5m;
> 		severity critical;
> 		};
> 	category security {
> 		null;
> 		};
> 	category client {
> 		null;
> 		};
> 	category lame-servers {
> 		null;
> 		};
> 	category queries {
> 		null;
> 		};
> };
> 
> controls {
> 	inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
> };
> 
> ============= end of named.conf for primary ==============
> 
> 
> Thank you,
> 
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list