Help tracing out a strange lookup case
Stephen Ward
stephen.usenet.ward at wibblywobblyteapot.co.uk
Sat Dec 27 10:30:05 UTC 2008
On Sat, 27 Dec 2008 10:18:08 +1100, Mark Andrews wrote:
> This is *exactly* why there is a rule in RFC 1034 prohibiting
> the use of CNAME with anything else. This is also why named
enforces
> the rule. The operators of share-ideas.com are in violation of
this
> rule and their nameserver does not enforce this rule.
>
> RFC 1034.
>
> The domain system provides such a feature using the canonical name
> (CNAME) RR. A CNAME RR identifies its owner name as an alias, and
> specifies the corresponding canonical name in the RDATA section of
> the RR. If a CNAME RR is present at a node, no other data should be
> present; this ensures that the data for a canonical name and its
> aliases cannot be different. This rule also insures that a cached
> CNAME can be used without checking with an authoritative server for
> other RR types.
>
> Mark
>
> % dig crm.share-ideas.com @ns2.hc.ru.
>
> ; <<>> DiG 9.3.5-P2 <<>> crm.share-ideas.com @ns2.hc.ru. ;; global
> options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16891 ;; flags: qr
> aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;crm.share-ideas.com. IN A
>
> ;; ANSWER SECTION:
> crm.share-ideas.com. 3600 IN A 213.242.225.169
>
> ;; Query time: 370 msec
> ;; SERVER: 89.111.171.191#53(89.111.171.191) ;; WHEN: Sat Dec 27
> 10:09:49 2008
> ;; MSG SIZE rcvd: 53
>
> % dig crm.share-ideas.com aaaa @ns2.hc.ru.
>
> ; <<>> DiG 9.3.5-P2 <<>> crm.share-ideas.com aaaa @ns2.hc.ru. ;; global
> options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17137 ;; flags: qr
> aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;crm.share-ideas.com. IN AAAA
>
> ;; ANSWER SECTION:
> crm.share-ideas.com. 3600 IN CNAME share-ideas.com.
>
> ;; AUTHORITY SECTION:
> share-ideas.com. 3600 IN SOA ns1.hc.ru.
> support.hc.ru. 2008110347 3600 1800 604800 3600
>
> ;; Query time: 371 msec
> ;; SERVER: 89.111.171.191#53(89.111.171.191) ;; WHEN: Sat Dec 27
> 10:10:02 2008
> ;; MSG SIZE rcvd: 104
>
> %
>
> In message <49534ef7$0$10537$db0fefd9 at news.zen.co.uk>, Stephen Ward
> writes:
>> On Wed, 24 Dec 2008 22:31:19 -0500, Robert Spangler wrote:
>>
>> > On Wednesday 24 December 2008 20:13, Scott Haneda wrote:
>> >
>> >> Trying to help a client, they stumped me today.
>> >
>> > OK, I get the sam answers form all the NS servers.
>> >
>> >> dig crm.share-ideas.com
>> >>
>> >> ; <<>> DiG 9.4.2-P2 <<>> crm.share-ideas.com ;; global options:
>> >> printcmd
>> >> ;; Got answer:
>> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35978 ;; flags:
>> >> qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>> >>
>> >> ;; QUESTION SECTION:
>> >> ;crm.share-ideas.com. IN A
>> >>
>> >> ;; ANSWER SECTION:
>> >> crm.share-ideas.com. 3600 IN A 213.242.225.169
>> >>
>> >> ;; Query time: 999 msec
>> >> ;; SERVER: 208.57.0.11#53(208.57.0.11) ;; WHEN: Wed Dec 24 07:51:24
>> >> 2008
>> >> ;; MSG SIZE rcvd: 53
>> >
>> > Without seeing what the command line arguments were it's hard to tell
>> > why you got the following.
>> >
>> >> ; <<>> DiG 9.4.2-P2 <<>> crm.share-ideas.com ;; global options:
>> >> printcmd
>> >> ;; Got answer:
>> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2018 ;; flags:
>> >> qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>> >>
>> >> ;; QUESTION SECTION:
>> >> ;crm.share-ideas.com. IN A
>> >>
>> >> ;; ANSWER SECTION:
>> >> crm.share-ideas.com. 3380 IN CNAME share-ideas.com.
>> >> share-ideas.com. 3600 IN A 89.111.181.186
>> >>
>> >> ;; Query time: 241 msec
>> >> ;; SERVER: 208.57.0.10#53(208.57.0.10) ;; WHEN: Wed Dec 24 07:52:47
>> >> 2008
>> >> ;; MSG SIZE rcvd: 67
>> >
>> >> Currently, I can not replicate this behavior. Maybe they made a
>> >> chance, it it just did not make it out to the rr's fast, I am
>> >> waiting on a reply for that question. How can I see the serial in
>> >> a zone, is that possible?
>> >
>> > dig crm.share-ideas.com soa
>> >
>> >> What stumps me is the following, run here, at a coffee shop, I am
>> >> using openDNS
>> >> dig crm.share-ideas.com @208.57.0.10 A +trace dig
>> >> crm.share-ideas.com @208.57.0.11 A +trace
>> >>
>> >> Both work, I get a answer back from
>> >> ;; Received 126 bytes from 193.0.14.129#53(k.root-servers.net) in 2
>> >> ms crm.share-ideas.com. 1611 IN A 213.242.225.169
>> >>
>> >> What also has me wonering, is if I ssh into my clients machine,
>> >> which has the ISP's rr listed on that machine to be used, I can not
>> >> get anything back:
>> >>
>> >> dig crm.share-ideas.com @208.57.0.10 A +trace ;; connection timed
>> >> out; no servers could be reached
>> >>
>> >> dig crm.share-ideas.com @208.57.0.11 A +trace ;; global options:
>> >> printcmd
>> >> ;; connection timed out; no servers could be reached
>> >>
>> >> Those two command work anywhere else, just not on his machine for
>> >> some reason. Stumped. Thanks.
>> >
>> > Firewall blocking the port?
>> > No DNS servers setup?
>>
>> Can I just add - Appreciate you are using DIG here, but there is not a
>> Microsnot resolver/dns cache product anywhere involved here is there?
>> Not directly connected but had a similar issue with the M$ cache
>> refusing to honour cost value on rr MX records. No matter how you would
>> dig from the cl, Exchange would just keep grabbing the wrong (cached)
>> response from it's own local cache despite all RR orders etc.
>
>> Without the exact problem you are getting, how you are calling it and
>> the actual expected results there is not shed loads anyone can do so
>> I'm probably wide of the mark.
>>
>>
>> --
>> . . .
>> _______________________________________________ bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
I get this clue myself:
;; WARNING: recursion requested but not available
--
. . .
More information about the bind-users
mailing list