Misconfigured slave?
Sten Carlsen
stenc at s-carlsen.dk
Thu Apr 29 16:23:33 UTC 2010
Delegation is not in order as I see it:
$ dig ns letharion.se
; <<>> DiG 9.6.0-APPLE-P2 <<>> ns letharion.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25863
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;letharion.se. IN NS
;; ANSWER SECTION:
letharion.se. 172800 IN NS 85.227.194.156.letharion.se.
letharion.se. 172800 IN NS ns1.letharion.se.
;; ADDITIONAL SECTION:
ns1.letharion.se. 172800 IN A 94.247.168.189
;; Query time: 98 msec
;; SERVER: 192.168.15.2#53(192.168.15.2)
;; WHEN: Thu Apr 29 18:18:27 2010
;; MSG SIZE rcvd: 93
Versus whois:
# Result of search for registered domain names under
# the .SE top level domain.
# The data is in the UTF-8 character set and the result is
# printed with eight bits.
state: active
domain: letharion.se
holder: clagyl0702-00001
admin-c: -
tech-c: -
billing-c: -
created: 2004-11-12
modified: 2010-04-16
expires: 2010-11-12
nserver: ns1.everlast.se
nserver: ns2.everlast.se
nserver: ns.letharion.se 94.247.168.189
dnssec: unsigned delegation
status: ok
registrar: SE Direkt
Unless I misunderstood something large scale, these two sets of
information should be identical. None of the nameservers are the same
when asking via dig and whois.
On 29/04/10 17:04, Chris Thompson wrote:
> On Apr 29 2010, Torsten wrote:
>
>> Am Thu, 29 Apr 2010 10:33:37 +0200
>> schrieb Claes Gyllenswärd <letharion at gmail.com>:
> [...]
>>> 2) Glue for DNS-server ns1.letharion.se differs between child and
>>> parent zone. This is a configuration problem that should be corrected.
>>
>> According to the .se nameservers the authoritative Nameservers for
>> letharion.se should be:
>>
>> letharion.se. 604800 IN NS ns3.everlast.se.
>> letharion.se. 604800 IN NS ns1.everlast.se.
>> letharion.se. 604800 IN NS ns2.everlast.se.
>
> Well, no. The delegation looks like this:
>
> $ dig +norec +nostats foobar.letharion.se. @a.ns.se.
>
> [...]
>
> ;; QUESTION SECTION:
> ;foobar.letharion.se. IN A
>
> ;; AUTHORITY SECTION:
> letharion.se. 86400 IN NS ns1.everlast.se.
> letharion.se. 86400 IN NS ns2.everlast.se.
> letharion.se. 86400 IN NS ns.letharion.se.
>
> ;; ADDITIONAL SECTION:
> ns.letharion.se. 86400 IN A 94.247.168.189
> ns1.everlast.se. 86400 IN A 87.251.215.11
> ns2.everlast.se. 86400 IN A 195.28.28.32
>
> The servers ns1.everlast.se & ns2.everlast.se do have a version
> of the zone in which they and ns3.everlast.se are the nameservers.
>
> However, your nameserver has a quite different version:
>
> $ dig +norec +nostats soa letharion.se. @94.247.168.189
>
> [...]
>
> ;; QUESTION SECTION:
> ;letharion.se. IN SOA
>
> ;; ANSWER SECTION:
> letharion.se. 172800 IN SOA ns1.letharion.se.
> ADMIN.letharion.se. 10042601 10800 3600 604800 86400
>
> ;; AUTHORITY SECTION:
> letharion.se. 172800 IN NS
> 85.227.194.156.letharion.se.
> letharion.se. 172800 IN NS ns1.letharion.se.
>
> ;; ADDITIONAL SECTION:
> ns1.letharion.se. 172800 IN A 94.247.168.189
>
> It's apparent the what you called SLAVE_IP in your posting was
> actually a dotted quad "85.227.194.156", (which has been qualified
> by your domain name because it didn't end in a dot). That's a
> totally bogus thing to do - the data for an NS record must be
> a name.
>
> You've clearly still got quite a mess to sort out here.
>
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100429/9fcbfb96/attachment.html>
More information about the bind-users
mailing list