On 19.09.2012 11:36, Ralf Hildebrandt wrote:
Hi,
I'm trying to debug a DNS issue:
# host www.pimda.eu
www.pimda.eu has address 88.208.252.197
Host www.pimda.eu not found: 3(NXDOMAIN)
Host www.pimda.eu not found: 3(NXDOMAIN)
Where does the NXDOMAIN come from?
# host -t a www.pimda.eu
www.pimda.eu has address 88.208.252.197
# host -t aaaa www.pimda.eu
Host www.pimda.eu not found: 3(NXDOMAIN)
# host -t mx www.pimda.eu
Host www.pimda.eu not found: 3(NXDOMAIN)
According to the docs, host "By default, it looks for A, AAAA, and MX
records". But why am I getting three results? Usually I'm only getting
ONE!
Not exactly sure why you are getting NXDOMAIN, I'm getting SERVFAIL
because they are sending a broken horizontal referral on anything != A.
dig -t aaaa www.pimda.eu +trace @a.root-servers.net
[...]
eu. 172800 IN NS nl.dns.eu.
eu. 172800 IN NS si.dns.eu.
eu. 172800 IN NS it.dns.eu.
eu. 172800 IN NS x.dns.eu.
eu. 172800 IN NS y.dns.eu.
eu. 172800 IN NS cz.dns.eu.
eu. 172800 IN NS m.nic.eu.
eu. 172800 IN NS uk.dns.eu.
eu. 172800 IN NS l.nic.eu.
;; Received 415 bytes from 202.12.27.33#53(202.12.27.33) in 319 ms
pimda.eu. 86400 IN NS ns2.bdm.microsoftonline.com.
pimda.eu. 86400 IN NS ns1.bdm.microsoftonline.com.
;; Received 89 bytes from 193.2.221.60#53(193.2.221.60) in 61 ms
www.pimda.eu. 3600 IN NS ns1.bdm.microsoftonline.com.
www.pimda.eu. 3600 IN NS ns2.bdm.microsoftonline.com.
;; Received 177 bytes from 157.56.81.41#53(157.56.81.41) in 165 ms
www.pimda.eu. 3600 IN NS ns1.bdm.microsoftonline.com.
www.pimda.eu. 3600 IN NS ns2.bdm.microsoftonline.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 177 bytes from 207.46.15.59#53(207.46.15.59) in 151 ms
Problem is, when you are asking for A you get a legitimate answer
% dig -t a www.pimda.eu @ns1.bdm.microsoftonline.com. +norec
; <<>> DiG 9.8.1-P1 <<>> -t a www.pimda.eu @ns1.bdm.microsoftonline.com.
+norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48296
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;www.pimda.eu. IN A
;; ANSWER SECTION:
www.pimda.eu. 3600 IN A 88.208.252.197
;; AUTHORITY SECTION:
www.pimda.eu. 3600 IN NS ns1.bdm.microsoftonline.com.
www.pimda.eu. 3600 IN NS ns2.bdm.microsoftonline.com.
;; ADDITIONAL SECTION:
ns1.bdm.microsoftonline.com. 3600 IN A 207.46.15.59
ns1.bdm.microsoftonline.com. 3600 IN AAAA 2a01:111:f406:1804::59
ns2.bdm.microsoftonline.com. 3600 IN A 157.56.81.41
ns2.bdm.microsoftonline.com. 3600 IN AAAA 2a01:111:f406:3403::41
;; Query time: 145 msec
;; SERVER: 207.46.15.59#53(207.46.15.59)
;; WHEN: Wed Sep 19 11:42:38 2012
;; MSG SIZE rcvd: 193
When you ask for AAAA/MX, you get a referral (note the missing aa =
authoritative answer flag)
% dig -t aaaa www.pimda.eu @ns1.bdm.microsoftonline.com. +norec
; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.pimda.eu
@ns1.bdm.microsoftonline.com. +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9898
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;www.pimda.eu. IN AAAA
;; AUTHORITY SECTION:
www.pimda.eu. 3600 IN NS ns1.bdm.microsoftonline.com.
www.pimda.eu. 3600 IN NS ns2.bdm.microsoftonline.com.
;; ADDITIONAL SECTION:
ns1.bdm.microsoftonline.com. 3600 IN A 207.46.15.59
ns1.bdm.microsoftonline.com. 3600 IN AAAA 2a01:111:f406:1804::59
ns2.bdm.microsoftonline.com. 3600 IN A 157.56.81.41
ns2.bdm.microsoftonline.com. 3600 IN AAAA 2a01:111:f406:3403::41
;; Query time: 148 msec
;; SERVER: 207.46.15.59#53(207.46.15.59)
;; WHEN: Wed Sep 19 11:43:17 2012
;; MSG SIZE rcvd: 177
Basically ns1.bdm.microsoftonline.com says "I'm not authoritative for
that, look at ns1.bdm.microsoftonline.com" ... which is of course broken.
Bernhard
