Query on ignoring additional section returned in replies

Elias Ahmed Kamal eliasak at tm.com.my
Wed Nov 18 10:07:57 UTC 2015 

Hi guys,

I'm having issues resolving www.fis.com.my. I'm trying to tell fis.com.my that its an issue at their end, but when checking against 8.8.8.8 it resolves fine....so it MUST be a problem with me.

1. Lookups fail, this is clear enough

root at sputnik # dig @localhost www.fis.com.my

; <<>> DiG 9.9.5-P1 <<>> @localhost www.fis.com.my
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51246
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.fis.com.my.                        IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 18 17:40:58 MYT 2015
;; MSG SIZE  rcvd: 43


2. All of fis.com.my's authoritative nameservers answer and are consistent
   It tells me that www.wip.fis.com.my is a CNAME for www.fis.com.my
   And that wan1-wan4.fis.com.my is the authoritative servers for *.wip.fis.com.my

root at sputnik # dig @ns1.fis.com.my www.fis.com.my

; <<>> DiG 9.9.5-P1 <<>> @ns1.fis.com.my www.fis.com.my
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33357
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.fis.com.my.                        IN      A

;; ANSWER SECTION:
www.fis.com.my.         38400   IN      CNAME   www.wip.fis.com.my.

;; AUTHORITY SECTION:
wip.fis.com.my.         38400   IN      NS      wan1.fis.com.my.
wip.fis.com.my.         38400   IN      NS      wan4.fis.com.my.
wip.fis.com.my.         38400   IN      NS      wan3.fis.com.my.
wip.fis.com.my.         38400   IN      NS      wan2.fis.com.my.

;; ADDITIONAL SECTION:
wan1.fis.com.my.        38400   IN      A       202.188.242.130
wan2.fis.com.my.        38400   IN      A       210.19.86.114
wan3.fis.com.my.        38400   IN      A       175.143.6.162
wan4.fis.com.my.        38400   IN      A       219.92.28.106

;; Query time: 8 msec
;; SERVER: 202.188.242.135#53(202.188.242.135)
;; WHEN: Wed Nov 18 17:41:09 MYT 2015
;; MSG SIZE  rcvd: 205


3. I now do a 3rd lookup test against wan1.fis.com.my for www.wip.fis.com.my and get the answers
   BUT, the nameserver is also returning an authority section saying wip.fis.com.my is now served by ns1.wip.fis.com.my
   [Previously I know wip.fis.com.my was served by wan1-wan4.fis.com.my, but now somehow I'm caching ns1.wip.fis.com.my instead]
   [Question: Is it the expected behaviour that this new NS will override the previous NS for wip.fis.com.my? And is there any way to ignore authority/additional answers that I get from replies?]

root at cbj-cdns21 # dig @wan1.fis.com.my www.wip.fis.com.my

; <<>> DiG 9.9.5-P1 <<>> @wan1.fis.com.my www.wip.fis.com.my
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43777
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.wip.fis.com.my.            IN      A

;; ANSWER SECTION:
www.wip.fis.com.my.     5       IN      A       175.143.6.165
www.wip.fis.com.my.     5       IN      A       202.188.242.137
www.wip.fis.com.my.     5       IN      A       210.19.86.117

;; AUTHORITY SECTION:
wip.fis.com.my.         3600    IN      NS      ns1.wip.fis.com.my.

;; Query time: 7 msec
;; SERVER: 202.188.242.130#53(202.188.242.130)
;; WHEN: Wed Nov 18 17:44:59 MYT 2015
;; MSG SIZE  rcvd: 102


4. Lo and behold, ns1.wip.fis.com.my doesn't exist! And because of this all my queries for www.fis.com.my are failing. Am I correct?

root at sputnik # dig @wan1.fis.com.my ns1.wip.fis.com.my

; <<>> DiG 9.9.5-P1 <<>> @wan1.fis.com.my ns1.wip.fis.com.my
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37457
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns1.wip.fis.com.my.            IN      A

;; AUTHORITY SECTION:
wip.fis.com.my.         3600    IN      SOA     ns1.wip.fis.com.my. webmaster. 2015111825 16384 2048 1048576 2560

;; Query time: 6 msec
;; SERVER: 202.188.242.130#53(202.188.242.130)
;; WHEN: Wed Nov 18 17:47:45 MYT 2015
;; MSG SIZE  rcvd: 81

We only send and receive email on the basis of the terms set out at http://www.tm.com.my/email_disclaimer.

More information about the bind-users mailing list