The Bigpond nameserver server would now appear to be returning 'correct' data for the 'authority section'. Dig to my recursor gives:
$ dig dreamteam.afl.com.au ; <<>> DiG 9.3.4-P1 <<>> dreamteam.afl.com.au ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24819 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamteam.afl.com.au. IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 14 IN CNAME afl.virtualsports.com.au. afl.virtualsports.com.au. 2997 IN A 174.120.186.226 afl.virtualsports.com.au. 2997 IN A 174.120.187.106 afl.virtualsports.com.au. 2997 IN A 174.120.186.242 afl.virtualsports.com.au. 2997 IN A 174.120.186.250 afl.virtualsports.com.au. 2997 IN A 174.120.187.114 afl.virtualsports.com.au. 2997 IN A 174.120.187.122 afl.virtualsports.com.au. 2997 IN A 174.120.187.138 afl.virtualsports.com.au. 2997 IN A 174.120.187.146 afl.virtualsports.com.au. 2997 IN A 174.120.186.218 afl.virtualsports.com.au. 2997 IN A 174.120.186.234 afl.virtualsports.com.au. 2997 IN A 174.120.187.10 afl.virtualsports.com.au. 2997 IN A 174.120.187.130 ;; Query time: 1 msec ;; SERVER: 203.161.127.1#53(203.161.127.1) ;; WHEN: Mon Feb 8 09:15:24 2010 ;; MSG SIZE rcvd: 262 Dig off the authoratative nameserver for afl.com.au: $ dig dreamteam.afl.com.au @ns1bpc.bigpond.com ; <<>> DiG 9.6.1-P2 <<>> dreamteam.afl.com.au @ns2bpc.bigpond.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33750 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dreamteam.afl.com.au. IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au. ;; AUTHORITY SECTION: . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. ;; Query time: 53 msec ;; SERVER: 61.9.170.18#53(61.9.170.18) ;; WHEN: Mon Feb 8 08:57:31 2010 ;; MSG SIZE rcvd: 281 Ian. --- On Fri, 5/2/10, Mark Andrews <ma...@isc.org> wrote: > From: Mark Andrews <ma...@isc.org> > Subject: Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem? > To: "Ian B" <porj...@yahoo.com.au> > Cc: bind-users@lists.isc.org > Received: Friday, 5 February, 2010, 2:47 PM > > In message <260066.10841...@web63105.mail.re1.yahoo.com>, > Ian B writes: > > Hi All, > > > > I found a post on this list from July 2009 with the > subject: > > "Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS > problem?" > > > > https://lists.isc.org/pipermail/bind-users/2009-July/077045.html > > > > I'm having exactly the same issue but with hostname > dreamteam.afl.com.au > > > > A sample dig is as follows: > > > > $ dig dreamteam.afl.com.au > > > > ; <<>> DiG 9.3.4-P1 <<>> > dreamteam.afl.com.au > > ;; global options: printcmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: > NXDOMAIN, id: 22236 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, > ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;dreamteam.afl.com.au. > IN A > > > > ;; ANSWER SECTION: > > dreamteam.afl.com.au. > 30 IN > CNAME afl.virtualsports.com.au. > > > > ;; AUTHORITY SECTION: > > com.au. > 60 IN > SOA stl-bpc-gslb1500-1.bigp > > ond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 4 > 10800 3600 604800 60 > > > > ;; Query time: 53 msec > > ;; SERVER: 203.161.127.1#53(203.161.127.1) > > ;; WHEN: Fri Feb 5 11:29:24 2010 > > ;; MSG SIZE rcvd: 147 > > > > > > My understanding of the issue is that the > authoritative nameserver for dreamt > > eam.afl.com.au is returning the incorrect data in the > 'AUTHORITY SECTION' cau > > sing PowerDNS to act unpredictably. Other DNS > recursors may not have an issue > > with this, as they overlook the error. Is that a > correct understanding? > > It looks like the two bigpond servers have been configured > to serve > a unofficial version of COM.AU. Normal query > processing then causes > the servers to find the unofficial version of COM.AU and > return > NXDOMAIN rather than a referral as they should. This > is hard to > avoid unless the normal query process rules are changed to > not > re-start the query after following a CNAME for a > non-recursive query > or only follow a CNAME if the target is in the same zone as > the > owner of the CNAME. > > The incorrect answer is then accepted and the cache is > poisoned. > > One would think however that Telstra would have locked > COM.AU out > in the automatic provisioning systems for these servers as > adding > it can only be for nefarious purposes. Similarly any > other > infrastucture zones. > > Mark > > > Thanks, > > Ian. > > > > > > > _______________________________________________________________________ > > ___________ > > Yahoo!7: Catch-up on your favourite Channel 7 TV shows > easily, legally, and f > > or free at PLUS7. www.tv.yahoo.com.au/plus7 > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 > INTERNET: ma...@isc.org > __________________________________________________________________________________ Yahoo!7: Catch-up on your favourite Channel 7 TV shows easily, legally, and for free at PLUS7. www.tv.yahoo.com.au/plus7 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
