very strange DNS problem, (whoa , many responses) clarification

Charles Steinkuehler charles at steinkuehler.net
Thu Apr 24 18:22:09 CDT 2003 

Walker (Zachary) Tippit wrote:
> --- Charles Steinkuehler <charles at steinkuehler.net>
> wrote:
>>
>> > nbbc    164772  IN      NS      NS1.nbbc.edu. 
>> > ;Cr=addtnl[192.55.83.32]
>> > 
>> >         164772  IN      NS      NS2.nbbc.edu.  
>> > ;Cr=addtnl [192.55.83.32]
>> > 
>  
>> A bit more investigation shows that the *CORRECT*
>> IP's for the nbbc name 
>> serves *DIFFER* from what you've got in your named
>> dump, above.  Output 
>> from my working system:
> 
> 
> Are you talking about the IP 192.55.83.32  listed
> above?  That's the IP of a root server for .edu.  

...so it is.  Do you have any A records cached for any systems in the 
.nbbc.edu domain?

> I find it a little strange that  to lookup
> www.nbbc.edu, I must first lookup ns1.nbbc.edu.. seems
> like a catch-22 there, but I just started this job
> after not working with bind for 3 years so my memory
> is a bit foggy.

Typically, name servers are "special" hosts, with their IP's entered to 
the top-level name servers (via your registrar).

A general recursive query would therefore look like the following:
(Note you need a list of root-level name servers for this to work)

Q1: Ask a root-level name-server for www.nbbc.edu

R1: Root-level server replies with ns records for .edu domain, and IP's 
in the additional section

Q2: Query one of the .edu servers for www.nbbc.edu

R2: Top-level .edu server return ns records for .nbbc.edu domain *AND* 
the IP(s) of those name servers (as entered by the nbbc.edu domain 
administrator via his/her registrar) in the additional section.

Q3: Query one of the .nbbc.edu servers for www.nbbc.edu

R3: Typically you'll recieve the desired IP, although it's possible you 
could be redirected to another nameserver, sent a cname, or get some 
other response.

An example session follows, starting with a dig query to identify the 
root name servers.  After each response, a new query is made to one of 
the provided lower-level name-server IP's.

[root at falcon root]# dig +norecursive

; <<>> DiG 9.2.1 <<>> +norecursive
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60226
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       507831  IN      NS      L.ROOT-SERVERS.NET.
.                       507831  IN      NS      M.ROOT-SERVERS.NET.
.                       507831  IN      NS      A.ROOT-SERVERS.NET.
.                       507831  IN      NS      B.ROOT-SERVERS.NET.
.                       507831  IN      NS      C.ROOT-SERVERS.NET.
.                       507831  IN      NS      D.ROOT-SERVERS.NET.
.                       507831  IN      NS      E.ROOT-SERVERS.NET.
.                       507831  IN      NS      F.ROOT-SERVERS.NET.
.                       507831  IN      NS      G.ROOT-SERVERS.NET.
.                       507831  IN      NS      H.ROOT-SERVERS.NET.
.                       507831  IN      NS      I.ROOT-SERVERS.NET.
.                       507831  IN      NS      J.ROOT-SERVERS.NET.
.                       507831  IN      NS      K.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET.     594231  IN      A       192.58.128.30

;; Query time: 7 msec
;; SERVER: 199.79.203.10#53(199.79.203.10)
;; WHEN: Thu Apr 24 13:09:47 2003
;; MSG SIZE  rcvd: 244

[root at falcon root]# dig +norecursive www.nbbc.edu @192.58.128.30

; <<>> DiG 9.2.1 <<>> +norecursive www.nbbc.edu @192.58.128.30
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36454
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;www.nbbc.edu.                  IN      A

;; AUTHORITY SECTION:
edu.                    172800  IN      NS      L3.NSTLD.COM.
edu.                    172800  IN      NS      D3.NSTLD.COM.
edu.                    172800  IN      NS      A3.NSTLD.COM.
edu.                    172800  IN      NS      E3.NSTLD.COM.
edu.                    172800  IN      NS      C3.NSTLD.COM.
edu.                    172800  IN      NS      F3.NSTLD.COM.
edu.                    172800  IN      NS      G3.NSTLD.COM.
edu.                    172800  IN      NS      B3.NSTLD.COM.
edu.                    172800  IN      NS      M3.NSTLD.COM.

;; ADDITIONAL SECTION:
L3.NSTLD.COM.           172800  IN      A       192.41.162.32
D3.NSTLD.COM.           172800  IN      A       192.31.80.32
A3.NSTLD.COM.           172800  IN      A       192.5.6.32
E3.NSTLD.COM.           172800  IN      A       192.12.94.32
C3.NSTLD.COM.           172800  IN      A       192.26.92.32
F3.NSTLD.COM.           172800  IN      A       192.35.51.32
G3.NSTLD.COM.           172800  IN      A       192.42.93.32
B3.NSTLD.COM.           172800  IN      A       192.33.14.32
M3.NSTLD.COM.           172800  IN      A       192.55.83.32

;; Query time: 143 msec
;; SERVER: 192.58.128.30#53(192.58.128.30)
;; WHEN: Thu Apr 24 13:10:21 2003
;; MSG SIZE  rcvd: 336

[root at falcon root]# dig +norecursive www.nbbc.edu @192.41.162.32

; <<>> DiG 9.2.1 <<>> +norecursive www.nbbc.edu @192.41.162.32
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20402
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.nbbc.edu.                  IN      A

;; AUTHORITY SECTION:
nbbc.edu.               172800  IN      NS      NS1.nbbc.edu.
nbbc.edu.               172800  IN      NS      NS2.nbbc.edu.

;; ADDITIONAL SECTION:
NS1.nbbc.edu.           172800  IN      A       207.250.169.11
NS2.nbbc.edu.           172800  IN      A       207.250.169.12

;; Query time: 59 msec
;; SERVER: 192.41.162.32#53(192.41.162.32)
;; WHEN: Thu Apr 24 13:10:34 2003
;; MSG SIZE  rcvd: 98

[root at falcon root]# dig +norecursive www.nbbc.edu @207.250.169.11

; <<>> DiG 9.2.1 <<>> +norecursive www.nbbc.edu @207.250.169.11
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44489
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;www.nbbc.edu.                  IN      A

;; ANSWER SECTION:
www.nbbc.edu.           38400   IN      A       207.250.169.8

;; AUTHORITY SECTION:
nbbc.edu.               38400   IN      NS      ns2.nbbc.edu.
nbbc.edu.               38400   IN      NS      ns1.nbbc.edu.

;; ADDITIONAL SECTION:
ns1.nbbc.edu.           38400   IN      A       207.250.169.11
ns1.nbbc.edu.           38400   IN      A       207.250.169.111
ns2.nbbc.edu.           38400   IN      A       207.250.169.112
ns2.nbbc.edu.           38400   IN      A       207.250.169.12

;; Query time: 63 msec
;; SERVER: 207.250.169.11#53(207.250.169.11)
;; WHEN: Thu Apr 24 13:10:45 2003
;; MSG SIZE  rcvd: 146

-----------------------
END OF SAMPLE OUTPUT
-----------------------

IMPORTANT THINGS TO NOTE:

The query of the .edu name server (L3.NSTLD.COM. or 192.41.162.32) 
returned one IP each for ns1.nbbc.edu and ns2.nbbc.edu.  The same query 
to the actual nbbc.edu name server returned two IP's for each machine. 
This is a good example of the fact that you're dealing with two seperate 
zone files...the one maintained as part of the DNS infrastructure (the 
answer returned by L3.NSTLD.COM), and the one maintained by the 
administrator of the nbbc.edu domain on their own DNS server(s).

Note also that of the two IP's returned by the .edu name server, one of 
these IP's was offline, at least temporarily (207.250.169.12 was giving 
me timeouts before, but seems to be working OK now).

PS:  Is there a reason you keep removing the list from your replies, and 
sending them directly to me?

-- 
Charles Steinkuehler
charles at steinkuehler.net

More information about the Kclug mailing list