[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: Re: HELP! Resolving Problems
From: Simon Waters <Simon () wretched ! demon ! co ! uk>
Date: 2003-06-30 23:50:01
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jonathan de Boyne Pollard wrote:
> SW> I think it may be failing because queries for
> SW> ns1.nameserver.ch to the ascio.com nameservers
> SW> return no authority records [...]
>
> The "nameserver.ch." content DNS servers don't add the "NS" resource
record
> set for "nameserver.ch." to all of their responses, true, but this is
> relatively benign. It merely means that the "ch." content DNS servers
will
> have to be queried afresh every 12 hours.
I think it is more catastrophic for some versions of BIND 9, which
assume if a nameserver says "it is authoritative and no nameservers"
exist for a domain, then it is believed, despite the obvious contradiction.
> he hasn't given us enough information to
> determine this). However, it is not related to the "nameserver.ch."
content
> DNS servers.
I'm sure he has supplied enough information, he gave us his recursive
server IP, which can be seen to know that pwr.ag is served by
ns[12].namecenter.ch, but if you ask it to get ns1.namecenter.ch IP
address it gives SERVFAIL, which I'm pretty sure brings us back to the
answer I gave before, that the answers for the question "what is the IP
of ns1.namecenter.ch" gives a corrupt answer.
> Given that the "*" query will be the first one made, it will be
unlikely that
> any "pwr.ag." delegation information is already cached.
Urm it is cached, just query the server, but it is incomplete.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/AMynGFXfHI9FVgYRAjUtAJwPeILgQe8Ro0DmNIjrgOFBUOn8ygCgtSSz
7dayMlaMpFhxPluyhi7xJZk=
=vaWj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic