very strange DNS problem, (whoa , many responses) clarification
Charles Steinkuehler
charles at steinkuehler.net
Thu Apr 24 18:22:09 CDT 2003
Walker (Zachary) Tippit wrote:
> --- Charles Steinkuehler <charles at steinkuehler.net>
> wrote:
>>
>> > nbbc 164772 IN NS NS1.nbbc.edu.
>> > ;Cr=addtnl[192.55.83.32]
>> >
>> > 164772 IN NS NS2.nbbc.edu.
>> > ;Cr=addtnl [192.55.83.32]
>> >
>
>> A bit more investigation shows that the *CORRECT*
>> IP's for the nbbc name
>> serves *DIFFER* from what you've got in your named
>> dump, above. Output
>> from my working system:
>
>
> Are you talking about the IP 192.55.83.32 listed
> above? That's the IP of a root server for .edu.
...so it is. Do you have any A records cached for any systems in the
.nbbc.edu domain?
> I find it a little strange that to lookup
> www.nbbc.edu, I must first lookup ns1.nbbc.edu.. seems
> like a catch-22 there, but I just started this job
> after not working with bind for 3 years so my memory
> is a bit foggy.
Typically, name servers are "special" hosts, with their IP's entered to
the top-level name servers (via your registrar).
A general recursive query would therefore look like the following:
(Note you need a list of root-level name servers for this to work)
Q1: Ask a root-level name-server for www.nbbc.edu
R1: Root-level server replies with ns records for .edu domain, and IP's
in the additional section
Q2: Query one of the .edu servers for www.nbbc.edu
R2: Top-level .edu server return ns records for .nbbc.edu domain *AND*
the IP(s) of those name servers (as entered by the nbbc.edu domain
administrator via his/her registrar) in the additional section.
Q3: Query one of the .nbbc.edu servers for www.nbbc.edu
R3: Typically you'll recieve the desired IP, although it's possible you
could be redirected to another nameserver, sent a cname, or get some
other response.
An example session follows, starting with a dig query to identify the
root name servers. After each response, a new query is made to one of
the provided lower-level name-server IP's.
[root at falcon root]# dig +norecursive
; <<>> DiG 9.2.1 <<>> +norecursive
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60226
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 507831 IN NS L.ROOT-SERVERS.NET.
. 507831 IN NS M.ROOT-SERVERS.NET.
. 507831 IN NS A.ROOT-SERVERS.NET.
. 507831 IN NS B.ROOT-SERVERS.NET.
. 507831 IN NS C.ROOT-SERVERS.NET.
. 507831 IN NS D.ROOT-SERVERS.NET.
. 507831 IN NS E.ROOT-SERVERS.NET.
. 507831 IN NS F.ROOT-SERVERS.NET.
. 507831 IN NS G.ROOT-SERVERS.NET.
. 507831 IN NS H.ROOT-SERVERS.NET.
. 507831 IN NS I.ROOT-SERVERS.NET.
. 507831 IN NS J.ROOT-SERVERS.NET.
. 507831 IN NS K.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET. 594231 IN A 192.58.128.30
;; Query time: 7 msec
;; SERVER: 199.79.203.10#53(199.79.203.10)
;; WHEN: Thu Apr 24 13:09:47 2003
;; MSG SIZE rcvd: 244
[root at falcon root]# dig +norecursive www.nbbc.edu @192.58.128.30
; <<>> DiG 9.2.1 <<>> +norecursive www.nbbc.edu @192.58.128.30
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36454
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 9
;; QUESTION SECTION:
;www.nbbc.edu. IN A
;; AUTHORITY SECTION:
edu. 172800 IN NS L3.NSTLD.COM.
edu. 172800 IN NS D3.NSTLD.COM.
edu. 172800 IN NS A3.NSTLD.COM.
edu. 172800 IN NS E3.NSTLD.COM.
edu. 172800 IN NS C3.NSTLD.COM.
edu. 172800 IN NS F3.NSTLD.COM.
edu. 172800 IN NS G3.NSTLD.COM.
edu. 172800 IN NS B3.NSTLD.COM.
edu. 172800 IN NS M3.NSTLD.COM.
;; ADDITIONAL SECTION:
L3.NSTLD.COM. 172800 IN A 192.41.162.32
D3.NSTLD.COM. 172800 IN A 192.31.80.32
A3.NSTLD.COM. 172800 IN A 192.5.6.32
E3.NSTLD.COM. 172800 IN A 192.12.94.32
C3.NSTLD.COM. 172800 IN A 192.26.92.32
F3.NSTLD.COM. 172800 IN A 192.35.51.32
G3.NSTLD.COM. 172800 IN A 192.42.93.32
B3.NSTLD.COM. 172800 IN A 192.33.14.32
M3.NSTLD.COM. 172800 IN A 192.55.83.32
;; Query time: 143 msec
;; SERVER: 192.58.128.30#53(192.58.128.30)
;; WHEN: Thu Apr 24 13:10:21 2003
;; MSG SIZE rcvd: 336
[root at falcon root]# dig +norecursive www.nbbc.edu @192.41.162.32
; <<>> DiG 9.2.1 <<>> +norecursive www.nbbc.edu @192.41.162.32
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20402
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.nbbc.edu. IN A
;; AUTHORITY SECTION:
nbbc.edu. 172800 IN NS NS1.nbbc.edu.
nbbc.edu. 172800 IN NS NS2.nbbc.edu.
;; ADDITIONAL SECTION:
NS1.nbbc.edu. 172800 IN A 207.250.169.11
NS2.nbbc.edu. 172800 IN A 207.250.169.12
;; Query time: 59 msec
;; SERVER: 192.41.162.32#53(192.41.162.32)
;; WHEN: Thu Apr 24 13:10:34 2003
;; MSG SIZE rcvd: 98
[root at falcon root]# dig +norecursive www.nbbc.edu @207.250.169.11
; <<>> DiG 9.2.1 <<>> +norecursive www.nbbc.edu @207.250.169.11
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44489
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;www.nbbc.edu. IN A
;; ANSWER SECTION:
www.nbbc.edu. 38400 IN A 207.250.169.8
;; AUTHORITY SECTION:
nbbc.edu. 38400 IN NS ns2.nbbc.edu.
nbbc.edu. 38400 IN NS ns1.nbbc.edu.
;; ADDITIONAL SECTION:
ns1.nbbc.edu. 38400 IN A 207.250.169.11
ns1.nbbc.edu. 38400 IN A 207.250.169.111
ns2.nbbc.edu. 38400 IN A 207.250.169.112
ns2.nbbc.edu. 38400 IN A 207.250.169.12
;; Query time: 63 msec
;; SERVER: 207.250.169.11#53(207.250.169.11)
;; WHEN: Thu Apr 24 13:10:45 2003
;; MSG SIZE rcvd: 146
-----------------------
END OF SAMPLE OUTPUT
-----------------------
IMPORTANT THINGS TO NOTE:
The query of the .edu name server (L3.NSTLD.COM. or 192.41.162.32)
returned one IP each for ns1.nbbc.edu and ns2.nbbc.edu. The same query
to the actual nbbc.edu name server returned two IP's for each machine.
This is a good example of the fact that you're dealing with two seperate
zone files...the one maintained as part of the DNS infrastructure (the
answer returned by L3.NSTLD.COM), and the one maintained by the
administrator of the nbbc.edu domain on their own DNS server(s).
Note also that of the two IP's returned by the .edu name server, one of
these IP's was offline, at least temporarily (207.250.169.12 was giving
me timeouts before, but seems to be working OK now).
PS: Is there a reason you keep removing the list from your replies, and
sending them directly to me?
--
Charles Steinkuehler
charles at steinkuehler.net
More information about the Kclug
mailing list