Re: DNS "chicken-and-egg" Problem - DNS

This is a discussion on Re: DNS "chicken-and-egg" Problem - DNS ; To summarize this problem - 1) One of my mailers is trying to find the "A" record for igpp.ucla.edu so that it can verify that mail from that domain is legitimate mail. 2) The ucla.edu name servers delegate the zone ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: DNS "chicken-and-egg" Problem

  1. Re: DNS "chicken-and-egg" Problem

    To summarize this problem -

    1) One of my mailers is trying to find the "A" record for

    igpp.ucla.edu

    so that it can verify that mail from that domain is
    legitimate mail.

    2) The ucla.edu name servers delegate the zone to a name server

    igpp.ucla.edu

    I talked with a DNS admin at UCLA, and he told me that they have
    in the ucla.edu zone a delegation and glue:

    igpp.ucla.edu. 6H IN NS igpp.ucla.edu
    igpp.ucla.edu. 6H IN A 128.97.94.1

    3) When I query the four ucla.edu name servers, dig returns:

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    ;; QUERY SECTION:
    ;; igpp.ucla.edu, type = A, class = IN

    ;; AUTHORITY SECTION:
    igpp.ucla.edu. 6H IN NS igpp.ucla.edu.

    ;; ADDITIONAL SECTION:
    igpp.ucla.edu. 6H IN A 128.97.94.1

    4) Why is this information not in the cache on my server?
    Jinmei Tatuya said it might be due to a cache-clearing bug
    in 9.5.0 (I am running 9.5.0-P2). I ran a test with
    "max-cache-size 256M", and I did not see the record cached.
    And I doubt that the cache was full.

    5) Someone (I do not remember who, and I cannot find the reply in
    the list archives) pointed out to me that the answers I am
    getting from UCLA are not authoritative - the "aa" flag is
    missing.

    What could cause glue information (that I think is correct) in the
    ucla.edu zones to be returned to my server as not authoritative?
    I now assume that the reason that my BIND does not cache the glue is
    that the glue is not marked authoritative. Thanks.
    ----------------------------------------------------------------------
    Barry S. Finkel
    Computing and Information Systems Division
    Argonne National Laboratory Phone: +1 (630) 252-7277
    9700 South Cass Avenue Facsimile:+1 (630) 252-4601
    Building 222, Room D209 Internet: BSFinkel@anl.gov
    Argonne, IL 60439-4828 IBMMAIL: I1004994


  2. Re: DNS "chicken-and-egg" Problem

    wrote in message news:ged835$r82$1@sf1.isc.org...
    > To summarize this problem -
    > ...
    > 5) Someone (I do not remember who, and I cannot find the reply in
    > the list archives) pointed out to me that the answers I am
    > getting from UCLA are not authoritative - the "aa" flag is
    > missing.
    >
    > What could cause glue information (that I think is correct) in the
    > ucla.edu zones to be returned to my server as not authoritative?
    > I now assume that the reason that my BIND does not cache the glue is
    > that the glue is not marked authoritative. Thanks.


    Because GLUE is never authoritative. To get the authoritative address
    record, you need to query the zone, not its parent.

    Your server is throwing away the glue record and cannot get to the zone.
    This is either a bug or a configuration error.

    It works for me (using a different version of BIND not 9.5.0):

    ; <<>> DiG 9.5.1b1 <<>> igpp.ucla.edu a +trace
    .... [snipped root and edu.]
    ucla.edu. 172800 IN NS DNS3.ucla.edu.
    ucla.edu. 172800 IN NS DNS2.ucla.edu.
    ucla.edu. 172800 IN NS ADNS2.BERKELEY.edu.
    ucla.edu. 172800 IN NS DNS.ucla.edu.
    ;; Received 180 bytes from 192.26.92.32#53(C3.NSTLD.COM) in 72 ms

    igpp.ucla.edu. 21600 IN NS igpp.ucla.edu.
    ;; Received 61 bytes from 164.67.128.1#53(DNS.ucla.edu) in 2 ms

    igpp.ucla.edu. 86400 IN A 128.97.94.1
    igpp.ucla.edu. 86400 IN NS igpp.ucla.edu.
    ;; Received 61 bytes from 128.97.94.1#53(igpp.ucla.edu) in 2 ms

    ; <<>> DiG 9.5.1b1 <<>> igpp.ucla.edu a
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9711
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;igpp.ucla.edu. IN A

    ;; ANSWER SECTION:
    igpp.ucla.edu. 86383 IN A 128.97.94.1

    ;; AUTHORITY SECTION:
    igpp.ucla.edu. 21583 IN NS igpp.ucla.edu.

    ;; Query time: 2 msec
    ;; SERVER: ::1#53(::1)
    ;; WHEN: Thu Oct 30 22:36:25 2008
    ;; MSG SIZE rcvd: 61

    Therefore, change your version (upgrade).




+ Reply to Thread