Bad delegation?
doumakes at gmail.com
doumakes at gmail.com
Wed Aug 27 00:23:50 UTC 2008
I administer a web and mail server whose IP was changed some weeks
ago. Since then I've had intermittent problems, affecting only some
of my users. They get timeout errors when attempting to follow
certain links on my web pages.
The server is cohosted at my ISP. The DNS is handled by my domain
registrar, Dreamhost. (Previously I ran my own BIND server.) All of
the following looks OK to me:
$ dig @ns1.dreamhost.com -t any pinko.net
; <<>> DiG 9.4.2-P1 <<>> @ns1.dreamhost.com -t any pinko.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10719
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;pinko.net. IN ANY
;; ANSWER SECTION:
pinko.net. 14400 IN A 208.79.2.3
pinko.net. 14400 IN NS ns2.dreamhost.com.
pinko.net. 14400 IN NS ns1.dreamhost.com.
pinko.net. 14400 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com.
2008082600 20690 1800 1814400 14400
pinko.net. 14400 IN MX 10 debs.pinko.net.
pinko.net. 14400 IN NS ns3.dreamhost.com.
;; ADDITIONAL SECTION:
ns2.dreamhost.com. 14400 IN A 208.96.10.221
ns3.dreamhost.com. 14400 IN A 66.33.216.216
debs.pinko.net. 14400 IN A 208.79.2.3
ns1.dreamhost.com. 14400 IN A 66.33.206.206
;; Query time: 65 msec
;; SERVER: 66.33.206.206#53(66.33.206.206)
;; WHEN: Tue Aug 26 19:10:19 2008
;; MSG SIZE rcvd: 259
Now let's query the TLD name servers for debs.pinko.net. Note that
the A record returned for debs.pinko.net is different; that is the old
IP address.
$ dig @a.gtld-servers.net debs.pinko.net
; <<>> DiG 9.4.2-P1 <<>> @a.gtld-servers.net debs.pinko.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26253
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;debs.pinko.net. IN A
;; ANSWER SECTION:
debs.pinko.net. 172800 IN A 204.96.181.68
;; AUTHORITY SECTION:
pinko.net. 172800 IN NS ns1.dreamhost.com.
pinko.net. 172800 IN NS ns2.dreamhost.com.
pinko.net. 172800 IN NS ns3.dreamhost.com.
;; ADDITIONAL SECTION:
ns1.dreamhost.com. 172800 IN A 66.33.206.206
ns2.dreamhost.com. 172800 IN A 208.96.10.221
ns3.dreamhost.com. 172800 IN A 66.33.216.216
;; Query time: 74 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Tue Aug 26 19:13:02 2008
;; MSG SIZE rcvd: 163
Albitz & Liu, DNS and BIND, says this indicates a delegation problem,
if I understand them correctly. So does this:
$ dig @a.gtld-servers.net -t ns pinko.net
; <<>> DiG 9.4.2-P1 <<>> @a.gtld-servers.net -t ns pinko.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32942
;; flags: qr rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;pinko.net. IN NS
;; ANSWER SECTION:
pinko.net. 172800 IN NS ns1.dreamhost.com.
pinko.net. 172800 IN NS ns2.dreamhost.com.
pinko.net. 172800 IN NS ns3.dreamhost.com.
;; ADDITIONAL SECTION:
ns1.dreamhost.com. 172800 IN A 66.33.206.206
ns2.dreamhost.com. 172800 IN A 208.96.10.221
ns3.dreamhost.com. 172800 IN A 66.33.216.216
;; Query time: 79 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Tue Aug 26 19:17:04 2008
;; MSG SIZE rcvd: 142
I understand the parent shouldn't be handing out NS records in the
answer section, rather, they should appear in the authority section.
Verisign says "talk to Dreamhost." Dreamhost says "our servers are
functioning properly." If this is indeed bad delegation, what's the
right way to solve the problem? Or is my diagnosis wrong?
More information about the bind-users
mailing list