Re: [OT] DNS insights required

Wed, 19 Sep 2012 03:24:41 -0700 

On 19 Sep 2012, at 10:36, Ralf Hildebrandt wrote:


I'm trying to debug a DNS issue:

# host www.pimda.eu


You'll get better results if you use The One True DNS tool: dig.
The DNS admin for pimda.eu has screwed up. He/she has created a delegation for www.pimda.eu and failed to configure the name servers that allegedly serve this new zone. 

gromit% dig www.pimda.eu any

; <<>> DiG 9.9.1-vjs197.15-P2 <<>> www.pimda.eu any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53756
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.pimda.eu.                  IN      ANY

;; ANSWER SECTION:
www.pimda.eu.           3407    IN      NS      ns2.bdm.microsoftonline.com.
www.pimda.eu.           3407    IN      NS      ns1.bdm.microsoftonline.com.
www.pimda.eu. 3407 IN SOA ns1.bdm.microsoftonline.com. msnhst.microsoft.com. 2007070100 10800 1800 691200 3600 

;; ADDITIONAL SECTION:
ns1.bdm.microsoftonline.com. 39 IN      A       207.46.15.59
ns2.bdm.microsoftonline.com. 31 IN      A       157.56.81.41

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 19 10:54:26 2012
;; MSG SIZE  rcvd: 185


# host www.pimda.eu
www.pimda.eu has address 88.208.252.197
Host www.pimda.eu not found: 3(NXDOMAIN)
Host www.pimda.eu not found: 3(NXDOMAIN)

Where does the NXDOMAIN come from?
The broken name server at ns1.bdm.microsoftonline.com. The other one is rightly returning NOHOST responses when asked for AAAA or MX records for www.pimda.eu. If your resolving server happens to pick the really broken name server for this domain instead of the broken one, you'll see NXDOMAINs instead of NOHOSTs. Which one your server chooses to query is essentially random.
This is yet another reason to use dig for DNS troubleshooting: you can actually see which server is answering and what it says. 


But why am I getting three results? Usually I'm only getting ONE!


You've made three different DNS queries, so expect different answers.
You really should use dig so you can actually see what's in the DNS packets. DNS experts will not use anything else and heap deserved scorn on the mostly useless host or worse than useless nslookup.

Reply via email to