Re: Choosing authoritative nameservers

Thu, 03 Jun 2010 09:19:39 -0700

Thanks for the reply sir! Just to share, I've finally figured out why my traces always seem to be hitting ens2.bursamalaysia.com no matter what I do. A packet dump actually shows requests being sent out to both ens1.bursamalaysia.com and ens2.bursamalaysia.com but somehow only ens2.bursamalaysia.com answers my queries (with a broken answer to boot!). I've tried changing my source IP and voila ens1.bursamalaysia.com suddenly starts answering again. They must really have some strange things going on their network. Their SOA does not list any valid contacts and their WHOIS contact isn't bothered to respond...just great... 


----- Original Message ----- 
From: "Matus UHLAR - fantomas" <uh...@fantomas.sk>

To: <bind-users@lists.isc.org>
Sent: Wednesday, June 02, 2010 8:39 PM
Subject: Re: Choosing authoritative nameservers



On 02.06.10 16:20, Elias wrote:

Does anyone know how BIND chooses which authoritative server to refer to?
When a referal returns ns1.abc.com, ns2.abc.com and ns3.abc.com, will the
recursive server randomly send out a request to either ns1, ns2 or ns3 or
is there a selection algorithm?


there's algorithm preferring the server with fastest responses but
ocasionally tryiong other servers.


I've got a problem resolving www.klse.com.my and its probably caused by a
broken server along the path. But the problem is I keep hitting the same
server everytime no matter how many times I flush my caches.


it's most probably not caused by server selection in BIND but in broken
delegation.

this is provided by com.my. sevrers:


klse.com.my.            86400   IN      NS      ens1.klse.com.my.
klse.com.my.            86400   IN      NS      ens2.klse.com.my.
;; Received 103 bytes from 61.6.38.139#53(ns5.jaring.my) in 6 ms


ens1.klse.com.my.       86400   IN      A       211.25.178.3
ens2.klse.com.my.       86400   IN      A       121.123.146.80

This is provided by delegated servers:

;; ANSWER SECTION:
klse.com.my.            28800   IN      NS      ens1.bursamalaysia.com.
klse.com.my.            28800   IN      NS      ens2.bursamalaysia.com.

;; SERVER: 211.25.178.3#53(211.25.178.3)

klse.com.my.            28800   IN      NS      ens1.bursamalaysia.com.
klse.com.my.            28800   IN      NS      ens2.bursamalaysia.com.

;; SERVER: 121.123.146.80#53(121.123.146.80)


- we can safely say STOP here, the delegation is broken, fix it.


However, looking at bursamalaysia.com domain... Delegation:

;; AUTHORITY SECTION:
bursamalaysia.com.      172800  IN      NS      ens1.bursamalaysia.com.
bursamalaysia.com.      172800  IN      NS      ens2.bursamalaysia.com.

;; ADDITIONAL SECTION:
ens1.bursamalaysia.com. 172800  IN      A       211.25.178.3
ens2.bursamalaysia.com. 172800  IN      A       121.123.146.80



while ens1.bursamalaysia.com. returns same list of namservers, but does 
not

return glue records for them, the ens2.bursamalaysia.com. returns SERVFAIL
for bursamalaysia.com.

It's even more broken.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org

https://lists.isc.org/mailman/listinfo/bind-users 


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to