com nameserver caching - DNS

This is a discussion on com nameserver caching - DNS ; hi all, if you lookup www.1and1.com , most queries come back with: 217.160.226.203. but i started noticing that a couple of my dns servers were returning a wrong ip: 217.160.232.1 after some digging, i noticed that the com namesavers actually ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: com nameserver caching

  1. com nameserver caching

    hi all,
    if you lookup www.1and1.com, most queries come back with:
    217.160.226.203.
    but i started noticing that a couple of my dns servers were returning
    a wrong ip: 217.160.232.1

    after some digging, i noticed that the com namesavers actually have
    this RR cached like so:
    [~]$ dig +norec @h.GTLD-SERVERS.NET www.1and1.com

    ; <<>> DiG 9.2.4 <<>> +norec @h.GTLD-SERVERS.NET www.1and1.com
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29492
    ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;www.1and1.com. IN A

    ;; ANSWER SECTION:
    www.1and1.com. 172800 IN A 217.160.232.1

    ;; AUTHORITY SECTION:
    1and1.com. 172800 IN NS ns27.1and1.com.
    1and1.com. 172800 IN NS ns28.1and1.com.

    ;; ADDITIONAL SECTION:
    ns27.1and1.com. 172800 IN A 74.208.2.3
    ns28.1and1.com. 172800 IN A 74.208.3.3

    ---------------------------------------------------------------

    is this normal? i don't see any other RR's for major companies in
    these nameservers. i assume because of this the iterative query stops
    at this point and returns this bad ip without going further to the
    authoritative nameservers for 1and1.com.

    opinions?

    thanks


  2. Re: com nameserver caching

    In article , rh
    wrote:

    > hi all,
    > if you lookup www.1and1.com, most queries come back with:
    > 217.160.226.203.
    > but i started noticing that a couple of my dns servers were returning
    > a wrong ip: 217.160.232.1
    >
    > after some digging, i noticed that the com namesavers actually have
    > this RR cached like so:
    > [~]$ dig +norec @h.GTLD-SERVERS.NET www.1and1.com
    >
    > ; <<>> DiG 9.2.4 <<>> +norec @h.GTLD-SERVERS.NET www.1and1.com
    > ; (1 server found)
    > ;; global options: printcmd
    > ;; Got answer:
    > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29492
    > ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    >
    > ;; QUESTION SECTION:
    > ;www.1and1.com. IN A
    >
    > ;; ANSWER SECTION:
    > www.1and1.com. 172800 IN A 217.160.232.1
    >
    > ;; AUTHORITY SECTION:
    > 1and1.com. 172800 IN NS ns27.1and1.com.
    > 1and1.com. 172800 IN NS ns28.1and1.com.
    >
    > ;; ADDITIONAL SECTION:
    > ns27.1and1.com. 172800 IN A 74.208.2.3
    > ns28.1and1.com. 172800 IN A 74.208.3.3
    >
    > ---------------------------------------------------------------
    >
    > is this normal? i don't see any other RR's for major companies in
    > these nameservers. i assume because of this the iterative query stops
    > at this point and returns this bad ip without going further to the
    > authoritative nameservers for 1and1.com.


    That means this is a registered glue record, i.e. a hostname registered
    as a nameserver for some domain.

    It's a common DNS administrator mistake to re-IP these hosts but forget
    to update the registration, resulting in inconsistencies like this.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


+ Reply to Thread