dns zone delegation

Mark Andrews marka at isc.org
Fri Jul 3 06:12:28 UTC 2009 

In message <4A4D98D9.3030601 at gmail.com>, "jittinan2 at gmail.com" writes:
> This is a multi-part message in MIME format.
> Dear All
> 
> Domain "bluewin.ch" have registed 4  zone authoritative servers as follow
> 
> [Querying whois.nic.ch]
> [whois.nic.ch]
> whois: This information is subject to an Acceptable Use Policy.
> See http://www.switch.ch/id/terms/aup.html
> 
> 
> Domain name:
> bluewin.ch
> 
> Holder of domain name:
> Swisscom (Schweiz) AG
> SCS-NIT-NIO-SVO-DNW Invoice Center
> zuh. Matthias Leisi
> Alte Tiefenaustr. 6
> CH-3050 Bern
> Switzerland
> Contractual Language: German
> 
> Technical contact:
> Swisscom (Schweiz) AG
> SCS-NIT-NIO-SVO-DNW Invoice Center
> zuh. Matthias Leisi
> Alte Tiefenaustr. 6
> CH-3050 Bern
> Switzerland
> 
> *Name servers:
> dns1.bluewin.ch [195.186.1.110]
> dns2.bluewin.ch [195.186.1.111]
> dns3.bluewin.ch [195.186.4.110]
> dns4.bluewin.ch [195.186.4.111]*/
> /
> 
> I have executed following command:
> 
> #nslookup
>  > server dns1.bluewin.ch
> Default server: dns1.bluewin.ch
> Address: 195.186.1.110#53
>  > set debug
>  > set norecure
>  > set type=ns
>  > bluewin.ch
> Server:         dns1.bluewin.ch
> Address:        195.186.1.110#53
> 
> ------------
>     QUESTIONS:
>         bluewin.ch, type = NS, class = IN
>     ANSWERS:
>     ->  bluewin.ch
>         nameserver = dns2.bluewin.ch.
>     ->  bluewin.ch
>         nameserver = dns3.bluewin.ch.
>     ->  bluewin.ch
>         nameserver = dns1.bluewin.ch.
>     ->  bluewin.ch
>         nameserver = dns4.bluewin.ch.
>     AUTHORITY RECORDS:
>     ADDITIONAL RECORDS:
> ------------
> bluewin.ch      nameserver = dns2.bluewin.ch.
> bluewin.ch      nameserver = dns3.bluewin.ch.
> bluewin.ch      nameserver = dns1.bluewin.ch.
> bluewin.ch      nameserver = dns4.bluewin.ch.
> 
> Zone Authorize server(dns1.bluewin.ch) has replied that there are 4  
> zone authorize servers as in whois database
> 
>  > set type=a
>  > www.bluewin.ch
> Server:         dns1.bluewin.ch
> Address:        195.186.1.110#53
> 
> ------------
>     QUESTIONS:
>         www.bluewin.ch, type = A, class = IN
>     ANSWERS:
>     AUTHORITY RECORDS:
>     ->  www.bluewin.ch
>         nameserver = zhbdzgss01.bluewin.ch.
>     ->  www.bluewin.ch
>         nameserver = zhhdzgss02.bluewin.ch.
>     ->  www.bluewin.ch
>         nameserver = zhbdzgss02.bluewin.ch.
>     ->  www.bluewin.ch
>         nameserver = zhhdzgss01.bluewin.ch.
>     ADDITIONAL RECORDS:
>     ->  zhbdzgss01.bluewin.ch
>         internet address = 195.186.26.21
>     ->  zhbdzgss02.bluewin.ch
>         internet address = 195.186.26.22
>     ->  zhhdzgss01.bluewin.ch
>         internet address = 195.186.154.21
>     ->  zhhdzgss02.bluewin.ch
>         internet address = 195.186.154.22
> ------------
> Non-authoritative answer:
> *** Can't find www.bluewin.ch: No answer
>
> I  have queied a name www.bluewin.ch  type A  but it send back 4 
> referrals in Authority Record then I change server to zhhdzgss02.bluewin.ch

	dns1.bluewin.ch does NOT serve www.bluewin.ch so it returned
	a referral to the machines which do.  There is nothing wrong
	with this answer.
 
>  > server zhhdzgss02.bluewin.ch
> Default server: zhhdzgss02.bluewin.ch
> Address: 195.186.154.22#53
>  > www.bluewin.ch
> Server:         zhhdzgss02.bluewin.ch
> Address:        195.186.154.22#53
> 
> ------------
>     QUESTIONS:
>         www.bluewin.ch, type = A, class = IN
>     ANSWERS:
>     ->  www.bluewin.ch
>         internet address = 195.186.17.33
>     AUTHORITY RECORDS:
>     ADDITIONAL RECORDS:
> ------------
> Name:   www.bluewin.ch
> Address: 195.186.17.33
> 
> It has replied an ip of www.bluewin.ch but if I send a query  name 
> bluewin.ch type ns
> 
>  > set type=ns
>  > bluewin.ch
> Server:         zhhdzgss02.bluewin.ch
> Address:        195.186.154.22#53
> 
> ------------
>     QUESTIONS:
>         bluewin.ch, type = NS, class = IN
>     ANSWERS:
>     AUTHORITY RECORDS:
>     ADDITIONAL RECORDS:
> ------------
> *** Can't find bluewin.ch: No answer
>  >
> It has replied that can not find

	zhhdzgss02.bluewin.ch is a load balancer and it does NOT
	fully implement the DNS protocol.  Basically the vendor
	decided to cut corners and not do a proper job.  This causes
	interoperability problems with nameservers which depend on
	proper behaviour.  It also causes interoperability problems
	with programs which check delegations.

	It really isn't that hard to make a load balancer return
	SOA and NS records for the zones delegated to it.

	Mark
 
> domain bluewin.ch have registered 4 zone authorize dns but when I query 
> name www.bluewin.ch it send referral to others 4 .I have change to query 
> from zhhdzgss02.bluewin.ch it can answer corretly but can not find ns  
> record of bluewin.ch.Actually ns type and a of zone should be in same 
> file of same dns server but in this case why dns1.bluewin.ch can replie 
> ns but can not reply a record bluewin.ch and zhhdzgss02.bluewin.ch can 
> reply a record of www.bluewin.ch but can not reply ns
> 
> 
> Jittinan Suwanrueangsri
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list