Resolving some domains
Peter Dambier
peter at peter-dambier.de
Sun Oct 8 12:41:26 UTC 2006
Rasheed Darras wrote:
> Thanks a lot Peter.
> But last one, why dns like ns1.ns.com or even other ISP in my area, able to
> resolve it without problems.
>
> Rasheed
>
Dig can show the way DNS walks:
; <<>> DiG 9.4.0b1 <<>> www.carnival-sa.com +trace
;; global options: printcmd
. 289560 IN NS a-root.maxmv.org.
. 289560 IN NS e-root.maxmv.org.
. 289560 IN NS d-root.maxmv.org.
. 289560 IN NS f-root.maxmv.org.
;; Received 106 bytes from 192.168.48.227#53(192.168.48.227) in 22 ms
This is my root-servers
com. 74340 IN NS d.gtld-servers.net.
com. 74340 IN NS e.gtld-servers.net.
com. 74340 IN NS f.gtld-servers.net.
com. 74340 IN NS g.gtld-servers.net.
com. 74340 IN NS h.gtld-servers.net.
com. 74340 IN NS i.gtld-servers.net.
com. 74340 IN NS j.gtld-servers.net.
com. 74340 IN NS k.gtld-servers.net.
com. 74340 IN NS l.gtld-servers.net.
com. 74340 IN NS m.gtld-servers.net.
com. 74340 IN NS a.gtld-servers.net.
com. 74340 IN NS b.gtld-servers.net.
com. 74340 IN NS c.gtld-servers.net.
;; Received 509 bytes from 24.129.114.64#53(d-root.maxmv.org) in 184 ms
That is the servers for ".com"
carnival-sa.com. 172800 IN NS ns1.sbaar.com.
carnival-sa.com. 172800 IN NS ns2.sbaar.com.
;; Received 111 bytes from 192.55.83.30#53(m.gtld-servers.net) in 360 ms
dig: couldn't get address for 'ns2.sbaar.com': not found
Here we have a problem, but we can still ask
; <<>> DiG 9.4.0b1 <<>> -t any www.carnival-sa.com @ns1.sbaar.com.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42904
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.carnival-sa.com. IN ANY
;; ANSWER SECTION:
www.carnival-sa.com. 86400 IN CNAME carnival-sa.com.
;; AUTHORITY SECTION:
carnival-sa.com. 86400 IN NS NS2.DATA20.com.
carnival-sa.com. 86400 IN NS NS1.DATA20.com.
;; ADDITIONAL SECTION:
NS1.DATA20.com. 14400 IN A 70.84.228.250
NS2.DATA20.com. 14400 IN A 70.84.228.251
;; Query time: 217 msec
;; SERVER: 70.84.228.250#53(70.84.228.250)
;; WHEN: Sun Oct 8 14:35:24 2006
;; MSG SIZE rcvd: 126
We must ask the nonexisting NS1.DATA20.com but we already have
carnival-sa.com. 172800 IN NS ns1.sbaar.com.
in our cache.
If we are lucky then bind will try too
; <<>> DiG 9.4.0b1 <<>> -t any carnival-sa.com @ns1.sbaar.com.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62794
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;carnival-sa.com. IN ANY
;; ANSWER SECTION:
carnival-sa.com. 86400 IN MX 0 carnival-sa.com.
carnival-sa.com. 86400 IN SOA NS1.DATA20.com. server11.sbaar.com. 2005100303 14400 7200 3600000 86400
carnival-sa.com. 86400 IN NS NS1.DATA20.com.
carnival-sa.com. 86400 IN NS NS2.DATA20.com.
carnival-sa.com. 86400 IN A 70.84.228.226
;; ADDITIONAL SECTION:
carnival-sa.com. 86400 IN A 70.84.228.226
NS1.DATA20.com. 14400 IN A 70.84.228.250
NS2.DATA20.com. 14400 IN A 70.84.228.251
;; Query time: 219 msec
;; SERVER: 70.84.228.250#53(70.84.228.250)
;; WHEN: Sun Oct 8 14:38:11 2006
;; MSG SIZE rcvd: 207
It depends what is in tbe bind cache. We can be lucky or not.
Kind regards
Peter and Karin
> -----Original Message-----
> From: Peter Dambier [mailto:peter at peter-dambier.de]
> Sent: Sunday, October 08, 2006 1:39 PM
> To: Rasheed Darras
> Cc: bind-users at isc.org
> Subject: Re: Resolving some domains
>
> Rasheed Darras wrote:
>
>>Dears,
>>
>>I have problem resolving many domains like www.carnival-sa.com using
>>my bind servers. If I use outside dns like ns1.ns.com or even any web
>>site tools like www.DNSstuff.com the IP resolved.
>>
>>
>>Rasheed
>>Anet
>>
>
>
> My BIND 9.4.0b2 resolver did find it, but it took very long, almost timed
> out.
>
> > natnum www.carnival-sa.com
> host_look("70.84.228.226","carnival-sa.com","1179968738").
> host_name("70.84.228.226","e2.e4.5446.static.theplanet.com").
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any www.carnival-sa.com ;; global options:
> printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21748 ;; flags: qr rd
> ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.carnival-sa.com. IN ANY
>
> ;; ANSWER SECTION:
> www.carnival-sa.com. 86400 IN CNAME carnival-sa.com.
>
> ;; AUTHORITY SECTION:
> carnival-sa.com. 86400 IN NS NS1.DATA20.com.
> carnival-sa.com. 86400 IN NS NS2.DATA20.com.
>
> ;; Query time: 376 msec
> ;; SERVER: 192.168.48.227#53(192.168.48.227) ;; WHEN: Sun Oct 8 11:59:03
> 2006 ;; MSG SIZE rcvd: 94
>
>
> I dont like CNAMES but that is not the problem here.
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any www.carnival-sa.com @NS1.DATA20.com.
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any www.carnival-sa.com @NS2.DATA20.com.
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> That is the problem. NS1.DATA20.com dont know you.
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any www.carnival-sa.com @k.gtld-servers.net ; (1
> server found) ;; global options: printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32725 ;; flags: qr rd;
> QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion
> requested but not available
>
> ;; QUESTION SECTION:
> ;www.carnival-sa.com. IN ANY
>
> ;; AUTHORITY SECTION:
> carnival-sa.com. 172800 IN NS ns1.sbaar.com.
> carnival-sa.com. 172800 IN NS ns2.sbaar.com.
>
> ;; ADDITIONAL SECTION:
> ns1.sbaar.com. 172800 IN A 70.84.228.250
> ns2.sbaar.com. 172800 IN A 70.84.228.251
>
> ;; Query time: 214 msec
> ;; SERVER: 192.52.178.30#53(192.52.178.30) ;; WHEN: Sun Oct 8 12:09:35 2006
> ;; MSG SIZE rcvd: 111
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any www.carnival-sa.com @ns1.sbaar.com.
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56644 ;; flags: qr aa rd
> ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.carnival-sa.com. IN ANY
>
> ;; ANSWER SECTION:
> www.carnival-sa.com. 86400 IN CNAME carnival-sa.com.
>
> ;; AUTHORITY SECTION:
> carnival-sa.com. 86400 IN NS NS1.DATA20.com.
> carnival-sa.com. 86400 IN NS NS2.DATA20.com.
>
> ;; ADDITIONAL SECTION:
> NS1.DATA20.com. 14400 IN A 70.84.228.250
> NS2.DATA20.com. 14400 IN A 70.84.228.251
>
> ;; Query time: 220 msec
> ;; SERVER: 70.84.228.250#53(70.84.228.250) ;; WHEN: Sun Oct 8 12:10:56 2006
> ;; MSG SIZE rcvd: 126
>
> But they do.
>
> I guess fixing your zone record on NS*.DATA20.com will do it.
>
> If the right somethings happen to be in your cache then you may be lucky to.
> I would not rely on that.
>
>
> > natnum NS1.DATA20.com
> host_look("64.74.223.9","NS1.DATA20.com","1078648585").
>
> > natnum NS2.DATA20.com
> host_look("64.74.223.9","NS2.DATA20.com","1078648585").
>
> That is not good. Your glue and DNS give different answers for
> NS1.DATA20.com and NS2.DATA20.com
>
> I guess that is the real problem.
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any DATA20.com @dns1.name-services.com ; (1
> server found) ;; global options: printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31151 ;; flags: qr aa
> rd; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5 ;; WARNING: recursion
> requested but not available
>
> ;; QUESTION SECTION:
> ;DATA20.com. IN ANY
>
> ;; ANSWER SECTION:
> DATA20.com. 1800 IN A 64.74.223.9
> DATA20.com. 1800 IN SOA dns1.name-services.com.
> info.name-services.com. 2002050701 10001 1801 604801 181
>
> ;; AUTHORITY SECTION:
> DATA20.com. 3600 IN NS dns1.name-services.com.
> DATA20.com. 3600 IN NS dns2.name-services.com.
> DATA20.com. 3600 IN NS dns3.name-services.com.
> DATA20.com. 3600 IN NS dns4.name-services.com.
> DATA20.com. 3600 IN NS dns5.name-services.com.
>
> ;; ADDITIONAL SECTION:
> dns1.name-services.com. 3600 IN A 69.25.142.1
> dns2.name-services.com. 3600 IN A 216.52.184.230
> dns3.name-services.com. 3600 IN A 63.251.92.193
> dns4.name-services.com. 3600 IN A 64.74.96.242
> dns5.name-services.com. 3600 IN A 70.42.37.1
>
> ;; Query time: 234 msec
> ;; SERVER: 69.25.142.1#53(69.25.142.1)
> ;; WHEN: Sun Oct 8 12:34:41 2006
> ;; MSG SIZE rcvd: 304
>
>
> But the namesever NS*.DATA20.com do not exist.
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any NS1.DATA20.com @dns5.name-services.com.
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39726 ;; flags: qr aa
> rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion
> requested but not available
>
> ;; QUESTION SECTION:
> ;NS1.DATA20.com. IN ANY
>
> ;; AUTHORITY SECTION:
> DATA20.com. 1800 IN SOA dns1.name-services.com.
> info.name-services.com. 2002050701 10001 1801 604801 181
>
> ;; Query time: 140 msec
> ;; SERVER: 70.42.37.1#53(70.42.37.1)
> ;; WHEN: Sun Oct 8 12:36:50 2006
> ;; MSG SIZE rcvd: 116
>
>
> ; <<>> DiG 9.4.0b1 <<>> -t any NS2.DATA20.com @dns5.name-services.com.
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37972 ;; flags: qr aa
> rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion
> requested but not available
>
> ;; QUESTION SECTION:
> ;NS2.DATA20.com. IN ANY
>
> ;; AUTHORITY SECTION:
> DATA20.com. 1800 IN SOA dns1.name-services.com.
> info.name-services.com. 2002050701 10001 1801 604801 181
>
> ;; Query time: 145 msec
> ;; SERVER: 70.42.37.1#53(70.42.37.1)
> ;; WHEN: Sun Oct 8 12:38:27 2006
> ;; MSG SIZE rcvd: 116
>
>
> Hope that helps
>
> Kind regards
> Peter and Karin
>
> --
> Peter and Karin Dambier
> Cesidian Root - Radice Cesidiana
> Graeffstrasse 14
> D-64646 Heppenheim
> +49(6252)671-788 (Telekom)
> +49(6252)750-308 (VoIP: sipgate.de)
> mail: peter at peter-dambier.de
> mail: peter at echnaton.serveftp.com
> http://iason.site.voila.fr/
> https://sourceforge.net/projects/iason/
> http://www.cesidianroot.com/
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
More information about the bind-users
mailing list