> ---------- Forwarded message ---------- > From: "Torinthiel" <torinth...@data.pl> > To: "\"bind-users@lists.isc.org\"" <bind-users@lists.isc.org> > Date: Thu, 27 Jan 2011 11:08:07 +0100 > Subject: Re: Recursive DNS problem > Dnia 2011-01-27 17:38 bangla desh napisał(a): > > > >Hello all, > > > >I am running Bind 9.7.1-p2 as recursive dns. I encountered this problem > with > >the domain hsbc.com.bd. When I dig hsbc.com.bd, it gives me a connection > >timed out response. > > > > [cut] > > > >I digged further about the problem as to what causes it. I found out that > if > >I clear the cache and then dig first the ns record(s) of com.bd, before I > >dig hsbc.com.bd, I will be able to replicate the problem. > > can't reproduce it here, works for me when I try stright hsbc.com.bd, or > dig > ns com.bd beforehand, or dig both ns bd and com.bd. > > > >What bothered me is what is in com.bd that blocks the response from > >hsbc.com.bd? Please I need your inputs. > > One thing for sure. It has only one nameserver. This is plainly wrong, each > domain should have at least 2 (and SLD like this one even more). > does it work when you type > dig ns hsbc.com.bd @ns.com.bd > because that's what fails for me. > > And there's more: > > $ dig ns com.bd @dns.bd > > ; <<>> DiG 9.7.1 <<>> ns com.bd @dns.bd > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57519 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;com.bd. IN NS > > ;; ANSWER SECTION: > com.bd. 86400 IN NS ns.com.bd. > > ;; ADDITIONAL SECTION: > ns.com.bd. 86400 IN A 203.112.194.18 > > ;; Query time: 368 msec > ;; SERVER: 209.58.24.3#53(209.58.24.3) > ;; WHEN: Thu Jan 27 11:00:46 2011 > ;; MSG SIZE rcvd: 57 > > $ dig ns hsbc.com.bd @dns.bd > > ; <<>> DiG 9.7.1 <<>> ns hsbc.com.bd @dns.bd > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2379 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;hsbc.com.bd. IN NS > > ;; AUTHORITY SECTION: > hsbc.com.bd. 86400 IN NS ns11.hsbc.com.hk. > hsbc.com.bd. 86400 IN NS ns13.hsbc.com.hk. > hsbc.com.bd. 86400 IN NS ns1.hsbc.com.sg. > > ;; Query time: 368 msec > ;; SERVER: 209.58.24.3#53(209.58.24.3) > ;; WHEN: Thu Jan 27 11:01:07 2011 > ;; MSG SIZE rcvd: 107 > > Which means that DNS server for .bd domain (at leas one of them) returns > answer for ns for .com.bd (ok, it is a delegation probably), but also a > (non-authorative) answer for hsbc.com.bd. This is a bit strange, it > doesn't > provide recursive queries, it has delegation for com.bd, but it's still > willing to return deeper answers. > Now, what happens when you have clear cache is that it asks dns.bd for > reference and gets hsbc records. But if you have NS com.bd in your cache, > bind probably assumes (and quite correclty) that it shoud ask com.bd > nameservers, not the bd. ones. But com.bd ones don't provide an answer, so > you have timeout. > Looks like the com.bd zone is broken somewhat. either the delegation > should > be removed from bd, or the server needs fixing and adding another servers > is > necessary. > Torinthiel > > > I believed so that com.bd is broken. It only has 1 ns server and hsbc.com.bd, whois.com.bd and even google.com.bd they are all delegate directly from bd and not from com.bd.
I am wondering, is there a dns rule/standard (or RFC) that explains about delegation? -Bangla
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
