[conspire] DNS question

Rick Moen rick at linuxmafia.com
Tue Apr 10 12:02:36 PDT 2007


Quoting Bill Moseley (moseley at hank.org):

> I'm a bit confused about what's happening.  I was trying to lookup
> infopeople.org.  On my machine I'm able to see the NS records but not
> the A RR.

Hmm. well, for starters, I can confirm that it's something wrong that's
strictly local to your machine:

$ hostname
linuxmafia.com
$ dig infopeople.org +short
208.97.158.169

However, there are some serious problems in the domain.  

1.  The parent .ORG zone's NS records for infopeople.org are badly
messed up:

$ dig -t ns org +short
tld6.ultradns.co.uk.
A0.ORG.AFILIAS-NST.INFO.
b0.org.afilias-nst.org.
c0.ORG.AFILIAS-NST.INFO.
TLD1.ULTRADNS.NET.
TLD2.ULTRADNS.NET.
tld3.ultradns.org.
tld4.ultradns.org.
tld5.ultradns.INFO.
$ dig -t ns  infopeople.org  @tld6.ultradns.co.uk +short
$

You quoted results from a similar query, but without the "+short" flag:

> So, ask one of those about the domain:
> 
>     moseley at bumby:~$ dig @tld1.ultradns.net infopeople.org NS
>     ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
>     ;; AUTHORITY SECTION:
>     INFOPEOPLE.ORG.         172800  IN      NS      NS3.NEWDREAM.NET.
>     INFOPEOPLE.ORG.         172800  IN      NS      NS2.NEWDREAM.NET.
>     INFOPEOPLE.ORG.         172800  IN      NS      NS.NEWDREAM.NET.

Please note that that's not in 'ANSWER SECTION", but rather in
"AUTHORITY SECTION".  This is what happens when you have NS entries in
the domain's whois database, but no glue records in the parent (in this
case, .ORG) zone.

Compare what you (and I) get for infopeople.org with a similar set of
queries for linuxmafia.com:

$ dig -t ns com +short
h.gtld-servers.net.
i.gtld-servers.net.
j.gtld-servers.net.
k.gtld-servers.net.
l.gtld-servers.net.
m.gtld-servers.net.
a.gtld-servers.net.
b.gtld-servers.net.
c.gtld-servers.net.
d.gtld-servers.net.
e.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
$ dig -t ns linuxmafia.com @h.gtld-servers.net +short
ns.primate.net.
ns.tx.primate.net.
ns1.linuxmafia.com.
ns1.thecoop.net.
ns2.linuxmafia.com.
$ dig -t ns linuxmafia.com @h.gtld-servers.net 

; <<>> DiG 9.3.2 <<>> -t ns linuxmafia.com @h.gtld-servers.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61362
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5

;; QUESTION SECTION:
;linuxmafia.com.                        IN      NS

;; ANSWER SECTION:
linuxmafia.com.         172800  IN      NS      ns.primate.net.
linuxmafia.com.         172800  IN      NS      ns.tx.primate.net.
linuxmafia.com.         172800  IN      NS      ns1.linuxmafia.com.
linuxmafia.com.         172800  IN      NS      ns1.thecoop.net.
linuxmafia.com.         172800  IN      NS      ns2.linuxmafia.com.

;; ADDITIONAL SECTION:
ns.primate.net.         172800  IN      A       198.144.194.12
ns.tx.primate.net.      172800  IN      A       72.249.38.88
ns1.linuxmafia.com.     172800  IN      A       198.144.195.186
ns1.thecoop.net.        172800  IN      A       216.218.255.165
ns2.linuxmafia.com.     172800  IN      A       63.193.123.122

;; Query time: 229 msec
;; SERVER: 192.54.112.30#53(192.54.112.30)
;; WHEN: Tue Apr 10 11:40:44 2007
;; MSG SIZE  rcvd: 222
$

2.  The "NS" reference records in the domain's zone itself differ from
those in the back-end registry (the NS data in whois):

$ dig -t ns  infopeople.org  @NS.NEWDREAM.NET +short
ns1.dreamhost.com.
ns2.dreamhost.com.
ns3.dreamhost.com.

That's very bad.  You want your NS records to _always_ be kept the same
between your zonefile and the parent zone.  Basically, the parent zone
and the domain itself are telling people to consult entirely different
nameservers.  If, as often happens, the two sets of nameservers have
differing data, name resolution will be erratic -- i.e., will depend on
which machine you ask from, and thus where _it_ is asking.


Here's what I'm getting from my local nameserver -- because it seems to
be asking the Dreamhost nameserver (as opposed to the "newdream.net"
ones):

$ dig -t ns  infopeople.org  @ns1.linuxmafia.com +short 
ns2.dreamhost.com.
ns3.dreamhost.com.
ns1.dreamhost.com.
$ dig infopeople.org  @ns1.linuxmafia.com +short        
208.97.158.169


I haven't tracked down all the gory details of how and why you're
getting a null response locally on A records, but I'll bet (a) it has
something to do with which nameservers your queries go through, and (b)
all that craziness will go away immediately, if they fix their domain.





More information about the conspire mailing list