Quoting from Matus UHLAR - fantomas's mail on Wed, Dec 22, 2010: > > Is there any solution to this problem without contacting the DNS > > administrator of that domain? I have seen this problem for many > > domains on the internet. > > Well, first find which is the real problem - domain delegated to invalisd > servers, server providing invalid data, and than you have to fix what is > broken. > > Give us a real example if we have to provider real solution.
Case 1: Domain: e-nxt.com Real Nameservers: ns1.webpresenceworld.com. ns2.webpresenceworld.com. Fake Nameservers: ns5.zenexpress.com. ns6.zenexpress.com. ============================================================== $ dig +norecurse @a.gtld-servers.net. e-nxt.com. ;; QUESTION SECTION: ;e-nxt.com. IN A ;; AUTHORITY SECTION: e-nxt.com. 172800 IN NS ns1.webpresenceworld.com. e-nxt.com. 172800 IN NS ns2.webpresenceworld.com. ============================================================== (correct) ============================================================== $ dig +norecurse @ns1.webpresenceworld.com. e-nxt.com. ;; QUESTION SECTION: ;e-nxt.com. IN A ;; ANSWER SECTION: e-nxt.com. 3600 IN A 203.201.252.134 ;; AUTHORITY SECTION: e-nxt.com. 3600 IN NS ns6.zenexpress.com. e-nxt.com. 3600 IN NS ns5.zenexpress.com. ============================================================== (authority section is not correct and should not be cached by named) ============================================================== $ dig +norecurse @ns6.zenexpress.com. e-nxt.com. ;; QUESTION SECTION: ;e-nxt.com. IN A ============================================================== (refused, this is correct) So, the authority section as reported by the tld nameservers is correct. The authority section as reported by the real nameservers is incorrect. The problem occurs when sending a mail to e-nxt.com. The following lookups are triggered: e-nxt.com A e-nxt.com MX mail1.e-nxt.com A mail2.e-nxt.com A When the named cache is empty, the first lookup succeeds. After that, the incorrect authority section is cached by named. Due to this, the second lookup fails. After the incorrect NS record expires, the second lookup succeeds during the fresh lookup. The incorrect authority section again gets cached. Then, the third and fourth lookups fail. dig +trace always gives a correct answer for all the above lookups. Clearing the cache gives the correct answer for the first lookup after that. Case 2: Domain: imagesystems.co.in Real Nameservers: ns1.servershost.net. ns2.servershost.net. Fake Nameservers: ns1.cyberasiantrade.com. ns2.cyberasiantrade.com. ============================================================== $ dig +norecurse @ns1.servershost.net. imagesystems.co.in. ;; QUESTION SECTION: ;imagesystems.co.in. IN A ;; ANSWER SECTION: imagesystems.co.in. 14400 IN A 205.234.222.71 ;; AUTHORITY SECTION: imagesystems.co.in. 43200 IN NS ns1.cyberasiantrade.com. imagesystems.co.in. 43200 IN NS ns2.cyberasiantrade.com. ============================================================== ============================================================== $ dig +norecurse @ns1.cyberasiantrade.com. imagesystems.co.in. ============================================================== (no reply, this is correct) -- Sunil Shetye. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
