com nameserver caching

[Barry Margolin]

In article <g3k6ea$jm4$1 at sf1.isc.org>, rh <rhashemian at hotmail.com> 
wrote:

> hi all,
> if you lookup www.1and1.com, most queries come back with:
> 217.160.226.203.
> but i started noticing that a couple of my dns servers were returning
> a wrong ip: 217.160.232.1
> 
> after some digging, i noticed that the com namesavers actually have
> this RR cached like so:
> [~]$ dig +norec @h.GTLD-SERVERS.NET www.1and1.com
> 
> ; <<>> DiG 9.2.4 <<>> +norec @h.GTLD-SERVERS.NET www.1and1.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29492
> ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;www.1and1.com.                 IN      A
> 
> ;; ANSWER SECTION:
> www.1and1.com.          172800  IN      A       217.160.232.1
> 
> ;; AUTHORITY SECTION:
> 1and1.com.              172800  IN      NS      ns27.1and1.com.
> 1and1.com.              172800  IN      NS      ns28.1and1.com.
> 
> ;; ADDITIONAL SECTION:
> ns27.1and1.com.         172800  IN      A       74.208.2.3
> ns28.1and1.com.         172800  IN      A       74.208.3.3
> 
> ---------------------------------------------------------------
> 
> is this normal? i don't see any other RR's for major companies in
> these nameservers. i assume because of this the iterative query stops
> at this point and returns this bad ip without going further to the
> authoritative nameservers for 1and1.com.

That means this is a registered glue record, i.e. a hostname registered 
as a nameserver for some domain.

It's a common DNS administrator mistake to re-IP these hosts but forget 
to update the registration, resulting in inconsistencies like this.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***