On Jul 15, 2007, at 11:07 PM, Olivier Nicole wrote:
No, nobody else is going to see the results your local nameserver
sends since it isn't authoritative for the domains, and the
delegation for the IP block isn't going to point to your server but
to the actual nameserver.  Take a look at what happens when someone
using an external nameserver does the same queries:

For the example I gave, I am of course authoritative.

Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results.

Perhaps part of the problem seems to be that:

% dig -t ns desktops.cs.ait.ac.th
; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;desktops.cs.ait.ac.th.         IN      NS

desktops.cs.ait.ac.th.  43049   IN      NS      dns.cs.ait.ac.th.

;; Query time: 1 msec
;; WHEN: Mon Jul 16 12:48:42 2007
;; MSG SIZE  rcvd: 57

...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability.

Notice the NXDOMAIN response...?

Stange, because I don't get such response, even when querying from
germany to my domain in Thailand. (Could have been a matter of time of
day, Friday 22:00 is busy time in Thailand, the DNS may have been hard
to reach).


The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't
match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check
would fail.

It could have been a cache issue? Same thing I get correct answer for
a request made from Germany to that Thai domain.

It's not anticipated that a reverse lookup would return a CNAME rather than a PTR.

Best of luck,

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to