In message <260066.10841...@web63105.mail.re1.yahoo.com>, Ian B writes: > Hi All, > > I found a post on this list from July 2009 with the subject: > "Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem?" > > https://lists.isc.org/pipermail/bind-users/2009-July/077045.html > > I'm having exactly the same issue but with hostname dreamteam.afl.com.au > > A sample dig is as follows: > > $ dig dreamteam.afl.com.au > > ; <<>> DiG 9.3.4-P1 <<>> dreamteam.afl.com.au > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22236 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;dreamteam.afl.com.au. IN A > > ;; ANSWER SECTION: > dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au. > > ;; AUTHORITY SECTION: > com.au. 60 IN SOA stl-bpc-gslb1500-1.bigp > ond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 4 10800 3600 604800 60 > > ;; Query time: 53 msec > ;; SERVER: 203.161.127.1#53(203.161.127.1) > ;; WHEN: Fri Feb 5 11:29:24 2010 > ;; MSG SIZE rcvd: 147 > > > My understanding of the issue is that the authoritative nameserver for dreamt > eam.afl.com.au is returning the incorrect data in the 'AUTHORITY SECTION' cau > sing PowerDNS to act unpredictably. Other DNS recursors may not have an issue > with this, as they overlook the error. Is that a correct understanding?
It looks like the two bigpond servers have been configured to serve a unofficial version of COM.AU. Normal query processing then causes the servers to find the unofficial version of COM.AU and return NXDOMAIN rather than a referral as they should. This is hard to avoid unless the normal query process rules are changed to not re-start the query after following a CNAME for a non-recursive query or only follow a CNAME if the target is in the same zone as the owner of the CNAME. The incorrect answer is then accepted and the cache is poisoned. One would think however that Telstra would have locked COM.AU out in the automatic provisioning systems for these servers as adding it can only be for nefarious purposes. Similarly any other infrastucture zones. Mark > Thanks, > Ian. > > > _______________________________________________________________________ > ___________ > Yahoo!7: Catch-up on your favourite Channel 7 TV shows easily, legally, and f > or free at PLUS7. www.tv.yahoo.com.au/plus7 > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users