On Sat, 27 Dec 2008 10:18:08 +1100, Mark Andrews wrote: > This is *exactly* why there is a rule in RFC 1034 prohibiting > the use of CNAME with anything else. This is also why named enforces > the rule. The operators of share-ideas.com are in violation of this > rule and their nameserver does not enforce this rule. > > RFC 1034. > > The domain system provides such a feature using the canonical name > (CNAME) RR. A CNAME RR identifies its owner name as an alias, and > specifies the corresponding canonical name in the RDATA section of > the RR. If a CNAME RR is present at a node, no other data should be > present; this ensures that the data for a canonical name and its > aliases cannot be different. This rule also insures that a cached > CNAME can be used without checking with an authoritative server for > other RR types. > > Mark > > % dig crm.share-ideas.com @ns2.hc.ru. > > ; <<>> DiG 9.3.5-P2 <<>> crm.share-ideas.com @ns2.hc.ru. ;; global > options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16891 ;; flags: qr > aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;crm.share-ideas.com. IN A > > ;; ANSWER SECTION: > crm.share-ideas.com. 3600 IN A 213.242.225.169 > > ;; Query time: 370 msec > ;; SERVER: 89.111.171.191#53(89.111.171.191) ;; WHEN: Sat Dec 27 > 10:09:49 2008 > ;; MSG SIZE rcvd: 53 > > % dig crm.share-ideas.com aaaa @ns2.hc.ru. > > ; <<>> DiG 9.3.5-P2 <<>> crm.share-ideas.com aaaa @ns2.hc.ru. ;; global > options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17137 ;; flags: qr > aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;crm.share-ideas.com. IN AAAA > > ;; ANSWER SECTION: > crm.share-ideas.com. 3600 IN CNAME share-ideas.com. > > ;; AUTHORITY SECTION: > share-ideas.com. 3600 IN SOA ns1.hc.ru. > support.hc.ru. 2008110347 3600 1800 604800 3600 > > ;; Query time: 371 msec > ;; SERVER: 89.111.171.191#53(89.111.171.191) ;; WHEN: Sat Dec 27 > 10:10:02 2008 > ;; MSG SIZE rcvd: 104 > > % > > In message <49534ef7$0$10537$db0fe...@news.zen.co.uk>, Stephen Ward > writes: >> On Wed, 24 Dec 2008 22:31:19 -0500, Robert Spangler wrote: >> >> > On Wednesday 24 December 2008 20:13, Scott Haneda wrote: >> > >> >> Trying to help a client, they stumped me today. >> > >> > OK, I get the sam answers form all the NS servers. >> > >> >> dig crm.share-ideas.com >> >> >> >> ; <<>> DiG 9.4.2-P2 <<>> crm.share-ideas.com ;; global options: >> >> printcmd >> >> ;; Got answer: >> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35978 ;; flags: >> >> qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> >> >> >> ;; QUESTION SECTION: >> >> ;crm.share-ideas.com. IN A >> >> >> >> ;; ANSWER SECTION: >> >> crm.share-ideas.com. 3600 IN A 213.242.225.169 >> >> >> >> ;; Query time: 999 msec >> >> ;; SERVER: 208.57.0.11#53(208.57.0.11) ;; WHEN: Wed Dec 24 07:51:24 >> >> 2008 >> >> ;; MSG SIZE rcvd: 53 >> > >> > Without seeing what the command line arguments were it's hard to tell >> > why you got the following. >> > >> >> ; <<>> DiG 9.4.2-P2 <<>> crm.share-ideas.com ;; global options: >> >> printcmd >> >> ;; Got answer: >> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2018 ;; flags: >> >> qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 >> >> >> >> ;; QUESTION SECTION: >> >> ;crm.share-ideas.com. IN A >> >> >> >> ;; ANSWER SECTION: >> >> crm.share-ideas.com. 3380 IN CNAME share-ideas.com. >> >> share-ideas.com. 3600 IN A 89.111.181.186 >> >> >> >> ;; Query time: 241 msec >> >> ;; SERVER: 208.57.0.10#53(208.57.0.10) ;; WHEN: Wed Dec 24 07:52:47 >> >> 2008 >> >> ;; MSG SIZE rcvd: 67 >> > >> >> Currently, I can not replicate this behavior. Maybe they made a >> >> chance, it it just did not make it out to the rr's fast, I am >> >> waiting on a reply for that question. How can I see the serial in >> >> a zone, is that possible? >> > >> > dig crm.share-ideas.com soa >> > >> >> What stumps me is the following, run here, at a coffee shop, I am >> >> using openDNS >> >> dig crm.share-ideas.com @208.57.0.10 A +trace dig >> >> crm.share-ideas.com @208.57.0.11 A +trace >> >> >> >> Both work, I get a answer back from >> >> ;; Received 126 bytes from 193.0.14.129#53(k.root-servers.net) in 2 >> >> ms crm.share-ideas.com. 1611 IN A 213.242.225.169 >> >> >> >> What also has me wonering, is if I ssh into my clients machine, >> >> which has the ISP's rr listed on that machine to be used, I can not >> >> get anything back: >> >> >> >> dig crm.share-ideas.com @208.57.0.10 A +trace ;; connection timed >> >> out; no servers could be reached >> >> >> >> dig crm.share-ideas.com @208.57.0.11 A +trace ;; global options: >> >> printcmd >> >> ;; connection timed out; no servers could be reached >> >> >> >> Those two command work anywhere else, just not on his machine for >> >> some reason. Stumped. Thanks. >> > >> > Firewall blocking the port? >> > No DNS servers setup? >> >> Can I just add - Appreciate you are using DIG here, but there is not a >> Microsnot resolver/dns cache product anywhere involved here is there? >> Not directly connected but had a similar issue with the M$ cache >> refusing to honour cost value on rr MX records. No matter how you would >> dig from the cl, Exchange would just keep grabbing the wrong (cached) >> response from it's own local cache despite all RR orders etc. > >> Without the exact problem you are getting, how you are calling it and >> the actual expected results there is not shed loads anyone can do so >> I'm probably wide of the mark. >> >> >> -- >> . . . >> _______________________________________________ bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users
I get this clue myself: ;; WARNING: recursion requested but not available -- . . . _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
