Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
- From: Ian B <porjo38@xxxxxxxxxxxx>
- Date: Sun, 7 Feb 2010 17:19:47 -0800 (PST)
The Bigpond nameserver server would now appear to be returning 'correct' data for the 'authority section'. Dig to my recursor gives:
$ dig dreamteam.afl.com.au
; <<>> DiG 9.3.4-P1 <<>> dreamteam.afl.com.au
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24819
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dreamteam.afl.com.au. IN A
;; ANSWER SECTION:
dreamteam.afl.com.au. 14 IN CNAME afl.virtualsports.com.au.
afl.virtualsports.com.au. 2997 IN A 174.120.186.226
afl.virtualsports.com.au. 2997 IN A 174.120.187.106
afl.virtualsports.com.au. 2997 IN A 174.120.186.242
afl.virtualsports.com.au. 2997 IN A 174.120.186.250
afl.virtualsports.com.au. 2997 IN A 174.120.187.114
afl.virtualsports.com.au. 2997 IN A 174.120.187.122
afl.virtualsports.com.au. 2997 IN A 174.120.187.138
afl.virtualsports.com.au. 2997 IN A 174.120.187.146
afl.virtualsports.com.au. 2997 IN A 174.120.186.218
afl.virtualsports.com.au. 2997 IN A 174.120.186.234
afl.virtualsports.com.au. 2997 IN A 174.120.187.10
afl.virtualsports.com.au. 2997 IN A 174.120.187.130
;; Query time: 1 msec
;; SERVER: 203.161.127.1#53(203.161.127.1)
;; WHEN: Mon Feb 8 09:15:24 2010
;; MSG SIZE rcvd: 262
Dig off the authoratative nameserver for afl.com.au:
$ dig dreamteam.afl.com.au @ns1bpc.bigpond.com
; <<>> DiG 9.6.1-P2 <<>> dreamteam.afl.com.au @ns2bpc.bigpond.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33750
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;dreamteam.afl.com.au. IN A
;; ANSWER SECTION:
dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au.
;; AUTHORITY SECTION:
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
;; Query time: 53 msec
;; SERVER: 61.9.170.18#53(61.9.170.18)
;; WHEN: Mon Feb 8 08:57:31 2010
;; MSG SIZE rcvd: 281
Ian.
--- On Fri, 5/2/10, Mark Andrews <marka@xxxxxxx> wrote:
From: Mark Andrews <marka@xxxxxxx>
Subject: Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
To: "Ian B" <porjo38@xxxxxxxxxxxx>
Cc: bind-users@xxxxxxxxxxxxx
Received: Friday, 5 February, 2010, 2:47 PM
In message <260066.10841.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Ian B writes:
Hi All,subject:
I found a post on this list from July 2009 with the
"Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNSproblem?"
dreamteam.afl.com.au
https://lists.isc.org/pipermail/bind-users/2009-July/077045.html
I'm having exactly the same issue but with hostname
dreamteam.afl.com.au
A sample dig is as follows:
$ dig dreamteam.afl.com.au
; <<>> DiG 9.3.4-P1 <<>>
;; global options: printcmdNXDOMAIN, id: 22236
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,ADDITIONAL: 0
IN A
;; QUESTION SECTION:
;dreamteam.afl.com.au.
30 IN
;; ANSWER SECTION:
dreamteam.afl.com.au.
CNAME afl.virtualsports.com.au.
60 IN
;; AUTHORITY SECTION:
com.au.
SOA stl-bpc-gslb1500-1.bigp
ond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 410800 3600 604800 60
authoritative nameserver for dreamt
;; Query time: 53 msec
;; SERVER: 203.161.127.1#53(203.161.127.1)
;; WHEN: Fri Feb 5 11:29:24 2010
;; MSG SIZE rcvd: 147
My understanding of the issue is that the
eam.afl.com.au is returning the incorrect data in the'AUTHORITY SECTION' cau
sing PowerDNS to act unpredictably. Other DNSrecursors may not have an issue
with this, as they overlook the error. Is that acorrect understanding?
It looks like the two bigpond servers have been configured
to serve
a unofficial version of COM.AU. Normal query
processing then causes
the servers to find the unofficial version of COM.AU and
return
NXDOMAIN rather than a referral as they should. This
is hard to
avoid unless the normal query process rules are changed to
not
re-start the query after following a CNAME for a
non-recursive query
or only follow a CNAME if the target is in the same zone as
the
owner of the CNAME.
The incorrect answer is then accepted and the cache is
poisoned.
One would think however that Telstra would have locked
COM.AU out
in the automatic provisioning systems for these servers as
adding
it can only be for nefarious purposes. Similarly any
other
infrastucture zones.
Mark
Thanks,_______________________________________________________________________
Ian.
___________easily, legally, and f
Yahoo!7: Catch-up on your favourite Channel 7 TV shows
or free at PLUS7. www.tv.yahoo.com.au/plus7--
_______________________________________________
bind-users mailing list
bind-users@xxxxxxxxxxxxx
https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
INTERNET: marka@xxxxxxx
__________________________________________________________________________________
Yahoo!7: Catch-up on your favourite Channel 7 TV shows easily, legally, and for free at PLUS7. www.tv.yahoo.com.au/plus7
.
- Prev by Date: Re: reverse Zone example!
- Next by Date: A signed root zone and BIND
- Previous by thread: Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
- Next by thread: BIND Log
- Index(es):
Relevant Pages
|
