On Jul 15, 2007, at 11:07 PM, Olivier Nicole wrote:
No, nobody else is going to see the results your local nameserver
sends since it isn't authoritative for the domains, and the
delegation for the IP block isn't going to point to your server but
to the actual nameserver. Take a look at what happens when someone
using an external nameserver does the same queries:
For the example I gave, I am of course authoritative.
Are you? Depending on which servers I query, I either get an
NXDOMAIN, an answer with no authoritative nameservers listed, or the
results you've shown. That implies that there is something wrong
with the DNS delegation, and/or the various nameservers aren't
returning reliable results.
Perhaps part of the problem seems to be that:
% dig -t ns desktops.cs.ait.ac.th
; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;desktops.cs.ait.ac.th. IN NS
;; ANSWER SECTION:
desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 16 12:48:42 2007
;; MSG SIZE rcvd: 57
...doesn't return any A records to go with the NS record for
dns.cs.ait.ac.th. It's also the case that every domain should have
at least two nameservers listed, and by strong preference at least
one nameserver should be on another subnet to improve reliability.
Notice the NXDOMAIN response...?
Stange, because I don't get such response, even when querying from
germany to my domain in Thailand. (Could have been a matter of time of
day, Friday 22:00 is busy time in Thailand, the DNS may have been hard
The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't
match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check
It could have been a cache issue? Same thing I get correct answer for
a request made from Germany to that Thai domain.
It's not anticipated that a reverse lookup would return a CNAME
rather than a PTR.
Best of luck,
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"