|
|
Trouble with incomplete additional section data: msg#00642network.dns.bind.user
Dear All: Following is the situation I encountered: Question : NS RR of domain "capital.com.tw" When I sent the above question to authoritative name servers of 'com.tw', b.twnic.net.tw or c.twnic.net.tw, I got the following anwser: ============================================ ;; res options: init defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18133 ;; flags: qr; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3 ;; QUERY SECTION: ;; capital.com.tw, type = NS, class = IN ;; ANSWER SECTION: capital.com.tw. 1D IN NS dns03.capital.com.tw. capital.com.tw. 1D IN NS dns01.capital.com.tw. capital.com.tw. 1D IN NS dns02.capital.com.tw. ;; ADDITIONAL SECTION: dns03.capital.com.tw. 1D IN A 218.32.197.86 dns01.capital.com.tw. 1D IN A 211.72.241.88 dns02.capital.com.tw. 1D IN A 211.72.241.89 ============================================= But, when I send the same Question to my name server, I got following different answer : ***************************************************** ;; ANSWER SECTION: capital.com.tw. 17h5m47s IN NS dns01.capital.com.tw. capital.com.tw. 17h5m47s IN NS dns02.capital.com.tw. capital.com.tw. 17h5m47s IN NS dns03.capital.com.tw. ;; ADDITIONAL SECTION: <--- incomplete dns03.capital.com.tw. 15h51s IN A 218.32.197.86 ***************************************************** and I knew the dns03 is broken!! Well, the Question is here -- Why is there only one A record of NS RRs in additional section? -- How does named build its ADDITIONAL SECTION data while the 'Fetch-Glue' option is 'NO' ( This is my configuration now )? -- By using tcpdump, I found that named would send queries of A? dns02.capital.com.tw, A? dns01.capital.com.tw, AND A? www.capital.com.tw. WHILE it received a request 'A? www.capital.com.tw. ' sent by dig. AND the query destination was dns03.capital.com.tw. Following is the packets exchanged. 10:48:09.219521 192.168.64.30.4700 > dns03.capital.com.tw.domain: 10032 [1au] A? dns02.capital.com.tw. (49) 10:48:09.219548 192.168.64.30.4700 > dns03.capital.com.tw.domain: 20861 [1au] A? dns01.capital.com.tw. (49) 10:48:09.219588 192.168.64.30.4700 > dns03.capital.com.tw.domain: 51515 [1au] A? www.capital.com.tw. Of course, my named would NOT got any response while dns03.capital.com.tw was BROKEN !! At last, my dig would 'Operation timeout' !! _My Question is : Why didn't my named send query of A? dns01.capital.com.tw, A? dns02.capital.com.tw TO authoritative name servers, like b.twnic.net.tw, c.twnic.net.tw to get the correct IP Addresses ? It did NOT do this and still ONLY send queries to the "Broken" name server, dns03.capital.com.tw., while it could not get any response. It is NOT SMART enough to change the query destination although it has THREE NS records to use. How could my named get the IP Addresses of dns01, dns02.capital.com.tw ???? |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Weird problem help?: 00642, Barry Margolin |
|---|---|
| Next by Date: | portscan: 00642, Mark |
| Previous by Thread: | feature not availablei: 00642, Don Pandori |
| Next by Thread: | Re: Trouble with incomplete additional section data: 00642, Kevin Darcy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |