On Apr 30, 2009, at 3:54 AM, Kal Feher wrote:
Lets check where they are delegated:
1st the hostwizard domain
$ dig ns hostwizard.com +short
ns1.hostwizard.com.
ns1.nacio.com.
Now nacio
$ dig ns nacio.com +short
ns1.nacio.com.
ns3.nacio.com.
ns2.nacio.com.
So what _should_ we see if I query ns1.nacio.com for hostwizard.com?
Since the domain is delegated there, I would expect an authoritive
answer
I would agree, that would be my hope at least, if not, I know
something is wrong.
$ dig a ns1.hostwizard.com @ns1.nacio.com
; <<>> DiG 9.4.2-P2 <<>> a ns1.hostwizard.com @ns1.nacio.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1579
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns1.hostwizard.com. IN A
;; ANSWER SECTION:
ns1.hostwizard.com. 3600 IN A 64.84.37.14
;; AUTHORITY SECTION:
hostwizard.com. 3600 IN NS ns1.nacio.com.
hostwizard.com. 3600 IN NS ns1.hostwizard.com.
;; ADDITIONAL SECTION:
ns1.nacio.com. 3600 IN A 64.84.0.18
;; Query time: 177 msec
;; SERVER: 64.84.0.18#53(64.84.0.18)
;; WHEN: Thu Apr 30 20:45:00 2009
Right, so looks good to me so far.
But what if I do the reverse? That is...query ns1.hostwizard.com for
ns1.nacio.com. We know that nacio.com isnt delegated to it. What
should
ns1.hostwizard.com answer? Normally either an upwards referral to
the root
servers or (if caching is disabled) with refused. I added some *s for
emphasis.
Here is where I would get a little blurry. Granted, you gave me the
answer :)
Had you not, I would have thought asking ns1.hostwizard.com for
ns1.nacio.com that you get nothing. I do not think I am supposed to be
answering the question of ns1.nacio.com from ns1.hostwizard.com
I would also wonder why that question ever even made it to my server.
If it does make its way, I would expect my server to do what it does
in most of the other cases when it does not know something, which is
pass the question on to a friend.
$ dig ns1.nacio.com @ns1.hostwizard.com +norec
; <<>> DiG 9.4.2-P2 <<>> ns1.nacio.com @ns1.hostwizard.com +norec
;; global options: printcmd
;; Got answer:
****;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 35446
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.nacio.com. IN A
;; Query time: 250 msec
;; SERVER: 64.84.37.14#53(64.84.37.14)
;; WHEN: Thu Apr 30 20:49:50 2009
ns1.hostwizard looks like it isn't answering from cache, (which is
fine). So
you shouldn't worry. Sorry for the overly verbose response ;)
Not at all, I truly appreciate the verbosity of your answer. I
wonder, how were you able to discern that it did not come from cache?
Just the fact it was REFUSED implied that? Or the fact you used
+norec, forces it in most cases, though not all are required from what
I am reading?
Thanks again.
--
Scott * If you contact me off list replace talklists@ with scott@ *
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
