Les Caudle wrote:
On Tue, 11 Nov 2008 10:26:11 +1100, Mark Andrews
<[EMAIL PROTECTED]> wrote:
In message <[EMAIL PROTECTED]>, Les Caudle writes:
I noticed that I could not access this web page from within my
network:
http://worldnet.att.net/general-info/bls_info/block_inquiry.html
I looked at the ip BIND 9.5.0 P2 returned for worldnet.att.net:
199.70.151.234
and compared it to the ip that SwBell returned:
204.127.135.135
I can use DNS from swBell to access that web page from outside my
network, but not from inside my own network based on BIND.
I restarted BIND, and I also tried:
rndc flush
BIND is set to go drectly to the main name servers, so I'm not sure
how it is getting corrupted.
How can I debug this?
--
Thanks! Les Caudle
There is a glue record, which is incorrectly promoted to a
answer, which needs to updated (if worldnet.att.net is a
nameserver) / removed (if worldnet.att.net is not a
nameserver).
worldnet.att.net. 172800 IN A 199.70.151.234
att.net. 172800 IN NS macu.ma.mt.np.els-gms.att.net.
att.net. 172800 IN NS ohcu.oh.mt.np.els-gms.att.net.
att.net. 172800 IN NS orcu.or.br.np.els-gms.att.net.
att.net. 172800 IN NS wycu.wy.br.np.els-gms.att.net.
;; Received 219 bytes from 192.12.94.30#53(e.gtld-servers.net) in 203 ms
Mark
Mark - Are you saying that worldnet.att.net has their DNS settup
incorrectly?
Why is it that SwBell DNS returns the correct records, and BIND does
not?
How do I contact these folks if it is there problem?
Les,
I think what Mark is saying is that there are 2 problems here:
1) the "registry" database for .net has a record for worldnet.att.net
that's stale. Presumably one or more .net domains were, at one time,
delegated to this name (among other nameservers). That's why it's in the
registry database. This can't be changed directly by WorldNet; like
ordinary mortals, they would have to go through their registrar to get
this record updated/deleted
2) Whatever implementation of DNS that is being run by the .net
nameservers, it is "promoting" this stale glue record to the status of
"answer". This is generally considered to be a violation of RFCs,
although I think there's some ambiguity involved (e.g. whether the
subparts of step 3 of the "Algorithm" in RFC 1034, Section 4.3.2, are to
be evaluated sequentially or as a 3-way branch)
As for why one set of nameservers may give a different answer for
worldnet.att.net than another set of nameservers, that's just the luck
of the draw, depending on when the TTLs expired and what other queries
those nameservers may be doing that would "refresh" the existing entries
in the cache.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
