Why are these name servers responding non-authoritatively?
> I've had "DNS and BIND" on my
bookshelf since about the second edition and
> have found it enormously helpful.
That's great to hear!
> Perhaps you could help me understand the
following situation...
>
> The person who runs our company's e-mail
servers reported to me that he was
> having trouble sending mail to a number of
other organizations, apparently
> because of some DNS issue. In poking around
using nslookup, I was able to
> learn the authoritative nameservers for the
domains in question, but when I
> query them, they always return non-authoritative
answers. What could cause this?
>
> A specific example (feel free to change the
names to protect the innocent!) is
> "doengeschoice.com". The authoritative
nameservers are supposed to be
> ns1.webice.net and ns2.webice.net, but both
return non-authoritative
> responses for doengeschoice.com (and also
for webice.net, for that
> matter). The zone serial numbers they report
look like they might be
> rather old. Could the reason I'm getting
non-authoritative answers be that
> the zone data hasn't been updated for so
long that it has timed out?
After sending a few queries to those two name
servers, it looks to me like ns1.webice.net is
returning non-authoritative answers for queries
in doengeschoice.com because of an error in that
zone's data file. Older BIND name servers, including
the version they're running, will load a zone
that contains syntax errors and
mark it as non-authoritative.
ns2.webice.net, on the other hand, looks as though it isn't configured as authoritative for oengeschoice.com at all. (In other words, it's not configured as a primary master or slave for that zone.) So it's no surprise it isn't responding authoritatively to queries in that zone.
Moreover, both name servers appear to be running BIND 8.2.2-P5, which has a really severe vulnerability, and both appear to be on the same subnet, which is also a no-no.
Should we forward a copy of this message to administrator@webice.net?
cricket
Men & Mice
Market leaders in the world of DNS, DHCP and IP Address Management, serving thousands of customers.
Contact information