dns zone delegation
Mark Andrews
marka at isc.org
Fri Jul 3 06:12:28 UTC 2009
In message <4A4D98D9.3030601 at gmail.com>, "jittinan2 at gmail.com" writes:
> This is a multi-part message in MIME format.
> Dear All
>
> Domain "bluewin.ch" have registed 4 zone authoritative servers as follow
>
> [Querying whois.nic.ch]
> [whois.nic.ch]
> whois: This information is subject to an Acceptable Use Policy.
> See http://www.switch.ch/id/terms/aup.html
>
>
> Domain name:
> bluewin.ch
>
> Holder of domain name:
> Swisscom (Schweiz) AG
> SCS-NIT-NIO-SVO-DNW Invoice Center
> zuh. Matthias Leisi
> Alte Tiefenaustr. 6
> CH-3050 Bern
> Switzerland
> Contractual Language: German
>
> Technical contact:
> Swisscom (Schweiz) AG
> SCS-NIT-NIO-SVO-DNW Invoice Center
> zuh. Matthias Leisi
> Alte Tiefenaustr. 6
> CH-3050 Bern
> Switzerland
>
> *Name servers:
> dns1.bluewin.ch [195.186.1.110]
> dns2.bluewin.ch [195.186.1.111]
> dns3.bluewin.ch [195.186.4.110]
> dns4.bluewin.ch [195.186.4.111]*/
> /
>
> I have executed following command:
>
> #nslookup
> > server dns1.bluewin.ch
> Default server: dns1.bluewin.ch
> Address: 195.186.1.110#53
> > set debug
> > set norecure
> > set type=ns
> > bluewin.ch
> Server: dns1.bluewin.ch
> Address: 195.186.1.110#53
>
> ------------
> QUESTIONS:
> bluewin.ch, type = NS, class = IN
> ANSWERS:
> -> bluewin.ch
> nameserver = dns2.bluewin.ch.
> -> bluewin.ch
> nameserver = dns3.bluewin.ch.
> -> bluewin.ch
> nameserver = dns1.bluewin.ch.
> -> bluewin.ch
> nameserver = dns4.bluewin.ch.
> AUTHORITY RECORDS:
> ADDITIONAL RECORDS:
> ------------
> bluewin.ch nameserver = dns2.bluewin.ch.
> bluewin.ch nameserver = dns3.bluewin.ch.
> bluewin.ch nameserver = dns1.bluewin.ch.
> bluewin.ch nameserver = dns4.bluewin.ch.
>
> Zone Authorize server(dns1.bluewin.ch) has replied that there are 4
> zone authorize servers as in whois database
>
> > set type=a
> > www.bluewin.ch
> Server: dns1.bluewin.ch
> Address: 195.186.1.110#53
>
> ------------
> QUESTIONS:
> www.bluewin.ch, type = A, class = IN
> ANSWERS:
> AUTHORITY RECORDS:
> -> www.bluewin.ch
> nameserver = zhbdzgss01.bluewin.ch.
> -> www.bluewin.ch
> nameserver = zhhdzgss02.bluewin.ch.
> -> www.bluewin.ch
> nameserver = zhbdzgss02.bluewin.ch.
> -> www.bluewin.ch
> nameserver = zhhdzgss01.bluewin.ch.
> ADDITIONAL RECORDS:
> -> zhbdzgss01.bluewin.ch
> internet address = 195.186.26.21
> -> zhbdzgss02.bluewin.ch
> internet address = 195.186.26.22
> -> zhhdzgss01.bluewin.ch
> internet address = 195.186.154.21
> -> zhhdzgss02.bluewin.ch
> internet address = 195.186.154.22
> ------------
> Non-authoritative answer:
> *** Can't find www.bluewin.ch: No answer
>
> I have queied a name www.bluewin.ch type A but it send back 4
> referrals in Authority Record then I change server to zhhdzgss02.bluewin.ch
dns1.bluewin.ch does NOT serve www.bluewin.ch so it returned
a referral to the machines which do. There is nothing wrong
with this answer.
> > server zhhdzgss02.bluewin.ch
> Default server: zhhdzgss02.bluewin.ch
> Address: 195.186.154.22#53
> > www.bluewin.ch
> Server: zhhdzgss02.bluewin.ch
> Address: 195.186.154.22#53
>
> ------------
> QUESTIONS:
> www.bluewin.ch, type = A, class = IN
> ANSWERS:
> -> www.bluewin.ch
> internet address = 195.186.17.33
> AUTHORITY RECORDS:
> ADDITIONAL RECORDS:
> ------------
> Name: www.bluewin.ch
> Address: 195.186.17.33
>
> It has replied an ip of www.bluewin.ch but if I send a query name
> bluewin.ch type ns
>
> > set type=ns
> > bluewin.ch
> Server: zhhdzgss02.bluewin.ch
> Address: 195.186.154.22#53
>
> ------------
> QUESTIONS:
> bluewin.ch, type = NS, class = IN
> ANSWERS:
> AUTHORITY RECORDS:
> ADDITIONAL RECORDS:
> ------------
> *** Can't find bluewin.ch: No answer
> >
> It has replied that can not find
zhhdzgss02.bluewin.ch is a load balancer and it does NOT
fully implement the DNS protocol. Basically the vendor
decided to cut corners and not do a proper job. This causes
interoperability problems with nameservers which depend on
proper behaviour. It also causes interoperability problems
with programs which check delegations.
It really isn't that hard to make a load balancer return
SOA and NS records for the zones delegated to it.
Mark
> domain bluewin.ch have registered 4 zone authorize dns but when I query
> name www.bluewin.ch it send referral to others 4 .I have change to query
> from zhhdzgss02.bluewin.ch it can answer corretly but can not find ns
> record of bluewin.ch.Actually ns type and a of zone should be in same
> file of same dns server but in this case why dns1.bluewin.ch can replie
> ns but can not reply a record bluewin.ch and zhhdzgss02.bluewin.ch can
> reply a record of www.bluewin.ch but can not reply ns
>
>
> Jittinan Suwanrueangsri
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list