Inconsistent results querying vodafonebusiness.co.uk - TCP-IP

This is a discussion on Inconsistent results querying vodafonebusiness.co.uk - TCP-IP ; I'd appreciate it if someone could explain this. If I explicitly query a nameserver for .co.uk to get the NS records for vodafonebusiness.co.uk, I get what I expect: >inchgower# dig @ns1.nic.uk vodafonebusiness.co.uk ns > >; > DiG 8.3 > @ns1.nic.uk ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Inconsistent results querying vodafonebusiness.co.uk

  1. Inconsistent results querying vodafonebusiness.co.uk

    I'd appreciate it if someone could explain this. If
    I explicitly query a nameserver for .co.uk to get the
    NS records for vodafonebusiness.co.uk, I get what I
    expect:

    >inchgower# dig @ns1.nic.uk vodafonebusiness.co.uk ns
    >
    >; <<>> DiG 8.3 <<>> @ns1.nic.uk vodafonebusiness.co.uk ns
    >; (1 server found)
    >;; res options: init recurs defnam dnsrch
    >;; got answer:
    >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19759
    >;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
    >;; QUERY SECTION:
    >;; vodafonebusiness.co.uk, type = NS, class = IN
    >
    >;; AUTHORITY SECTION:
    >vodafonebusiness.co.uk. 2D IN NS ns.projtel.co.uk.
    >vodafonebusiness.co.uk. 2D IN NS ns2.projtel.co.uk.
    >
    >;; ADDITIONAL SECTION:
    >ns.projtel.co.uk. 2D IN A 213.219.39.70
    >ns2.projtel.co.uk. 2D IN A 217.199.168.77


    But if I don't specify a nameserver then I get a different
    result:

    >inchgower# dig vodafonebusiness.co.uk ns
    >
    >; <<>> DiG 8.3 <<>> vodafonebusiness.co.uk ns
    >;; res options: init recurs defnam dnsrch
    >;; got answer:
    >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48921
    >;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    >;; QUERY SECTION:
    >;; vodafonebusiness.co.uk, type = NS, class = IN
    >
    >;; ANSWER SECTION:
    >vodafonebusiness.co.uk. 1m24s IN NS ns.vodafonebusiness.co.uk.
    >vodafonebusiness.co.uk. 1m24s IN NS ns2.vodafonebusiness.co.uk.


    Also there is no Additional Section giving the A records for the
    servers. Why would this be?

    I have stopped and restarted the named daemon so I don't think
    it is local caching.

    jim
    --
    Jim Hatfield

  2. Re: Inconsistent results querying vodafonebusiness.co.uk

    Jim Hatfield wrote:
    > But if I don't specify a nameserver then I get a different
    > result:


    In this case you're talking to your local cache, which might get the
    answer from any server for vodafonebusiness.co.uk, co.uk, uk, or the
    root.

    The co.uk servers say that the servers for vodafonebusiness.co.uk are
    {ns,ns2}.projtel.co.uk. ns.projtel.co.uk says that the servers are
    {ns,ns2}.vodafonebusiness.co.uk. ns2.projtel.co.uk says the same
    thing sometimes, and other times is lame - it's misconfigured, and
    doesn't have the zone data locally. (It's also a bad idea for
    athoritative servers to do recursive resolution at all.)

    > Also there is no Additional Section giving the A records for the
    > servers. Why would this be?


    That's normal behavior, at least for some caches. The client of an
    authoritative server is a recursive resolver - so it's going to follow
    any delegations it gets, and thus needs to know the IP addresses of
    the delegated-to servers. The client of a recursive resolver is
    expecting the final answer; it's not going to follow delegations, and
    so it doesn't need any extra information beyond what it asked for.


    paul

  3. Re: Inconsistent results querying vodafonebusiness.co.uk

    In article ,
    Jim Hatfield wrote:

    >I'd appreciate it if someone could explain this. If
    >I explicitly query a nameserver for .co.uk to get the
    >NS records for vodafonebusiness.co.uk, I get what I
    >expect:


    >But if I don't specify a nameserver then I get a different
    >result:


    >Also there is no Additional Section giving the A records for the
    >servers. Why would this be?


    The "whois" information for this domain says that its nameservers are
    ns.projtel.co.uk and ns2.projtel.co.uk, but that the registry is
    "unable to validate IP".

    A "dig ns.projtel.co.uk" turns up the disconcerting fact that this
    name *has* no "A" record. It's an alias:

    ;; QUESTION SECTION:
    ;ns.projtel.co.uk. IN A

    ;; ANSWER SECTION:
    ns.projtel.co.uk. 600 IN CNAME mail.projtel.co.uk.
    mail.projtel.co.uk. 600 IN A 213.219.39.70

    So is the other one:

    ;; QUESTION SECTION:
    ;ns2.projtel.co.uk. IN A

    ;; ANSWER SECTION:
    ns2.projtel.co.uk. 409 IN CNAME
    moocow.colo.hosteurope.com.
    moocow.colo.hosteurope.com. 43200 IN A 217.199.168.77

    I believe it's a violation of one standard or another for a domain's
    nameserver to be defined by anything other than an "A" record. Using
    a CNAME as a nameserver is probably a no-no. Pointing an NS at a name
    which is defined as a CNAME in an entirely different zone (e.g.
    hosteurope.com) is almost certainly a _big_ no-no!

    The fix for this would probably be to have the "projtel.co.uk" domain
    fix their zone files, so that these two machines are defined as "A"
    records.

    --
    Dave Platt AE6EO
    Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
    I do _not_ wish to receive unsolicited commercial email, and I will
    boycott any company which has the gall to send me such ads!

  4. Re: Inconsistent results querying vodafonebusiness.co.uk

    Jim Hatfield wrote:
    > I'd appreciate it if someone could explain this. If
    > I explicitly query a nameserver for .co.uk to get the
    > NS records for vodafonebusiness.co.uk, I get what I
    > expect:


    >>inchgower# dig @ns1.nic.uk vodafonebusiness.co.uk ns
    >>
    >>; <<>> DiG 8.3 <<>> @ns1.nic.uk vodafonebusiness.co.uk ns
    >>; (1 server found)
    >>;; res options: init recurs defnam dnsrch
    >>;; got answer:
    >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19759
    >>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
    >>;; QUERY SECTION:
    >>;; vodafonebusiness.co.uk, type = NS, class = IN
    >>
    >>;; AUTHORITY SECTION:
    >>vodafonebusiness.co.uk. 2D IN NS ns.projtel.co.uk.
    >>vodafonebusiness.co.uk. 2D IN NS ns2.projtel.co.uk.
    >>
    >>;; ADDITIONAL SECTION:
    >>ns.projtel.co.uk. 2D IN A 213.219.39.70
    >>ns2.projtel.co.uk. 2D IN A 217.199.168.77


    > But if I don't specify a nameserver then I get a different
    > result:


    >>inchgower# dig vodafonebusiness.co.uk ns
    >>
    >>; <<>> DiG 8.3 <<>> vodafonebusiness.co.uk ns
    >>;; res options: init recurs defnam dnsrch
    >>;; got answer:
    >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48921
    >>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    >>;; QUERY SECTION:
    >>;; vodafonebusiness.co.uk, type = NS, class = IN
    >>
    >>;; ANSWER SECTION:
    >>vodafonebusiness.co.uk. 1m24s IN NS ns.vodafonebusiness.co.uk.
    >>vodafonebusiness.co.uk. 1m24s IN NS ns2.vodafonebusiness.co.uk.


    > Also there is no Additional Section giving the A records for the
    > servers. Why would this be?


    > I have stopped and restarted the named daemon so I don't think
    > it is local caching.


    the zone vodafonebusiness.co.uk. is broken, it's delegated to :
    ns.projtel.co.uk. and ns2.projtel.co.uk. both with gluerecords

    The zone projtel.co.uk. is broken and dont seem to answer any queries.
    This prevents vodafonebusiness.co.uk. from working. A classical example
    of "shooting oneself in the foot"

    > jim
    > --
    > Jim Hatfield


    --
    Peter Håkanson
    IPSec Sverige ( At Gothenburg Riverside )
    Sorry about my e-mail address, but i'm trying to keep spam out,
    remove "icke-reklam" if you feel for mailing me. Thanx.

  5. Re: Inconsistent results querying vodafonebusiness.co.uk

    JH> But if I don't specify a nameserver [...]

    .... you end up querying whatever you have configured (in the BIND DNS
    Client) as your resolving proxy DNS server.

    JH> there is no Additional Section giving the A records
    JH> for the servers. Why would this be?

    For the same reason that there are no "TXT" records, either. You asked your
    resolving proxy DNS server for the "NS" resource record set. You received
    the "NS" resource record set.



    Your expectations are awry. You shouldn't expect to receive anything but
    just the answer to the exact question that you asked from a resolving proxy
    DNS server.

    What is published by the "co.uk." and "vodafonebusiness.co.uk." content
    DNS servers is awry, too.

  6. Re: Inconsistent results querying vodafonebusiness.co.uk

    DP> I believe it's a violation of one standard or another for a
    DP> domain's nameserver to be defined by anything other than an
    DP> "A" record.

    RFC 2181 asserts that the specification is "clear on this point". In fact, it
    isn't. However, making the intermediate domain name, used in a delegation, a
    client-side alias will not work in practice. I know of only one resolving
    proxy DNS server software that will actually follow, or even check for,
    client-side aliases when searching for the second halves of delegation
    information. None of the rest will.

    (This situation is different to the situation with the intermediate domain
    names in SMTP Relay server information, which RFC 2181 attempts to lump
    together with the above. In that situation, most and possibly all SMTP Relay
    client softwares *do* check for and follow client-side aliases when mapping
    the intermediate domain names to IP addresses.)

    DP> Pointing an NS at a name which is defined as a CNAME
    DP> in an entirely different zone [...] is almost certainly
    DP> a _big_ no-no!

    It's certainly bad practice for an intermediate domain name to be out of
    bailiwick, irrespective of whether it is also a client-side alias (and so
    won't work in practice for the reason already given).

+ Reply to Thread