How not to set up your DNS (part 15)

July 6, 2007

This is one of those interesting little DNS glitches:

  • the nameservers for the pk country domain say that lists as nameservers and
  • if you ask sooraj what's nameservers are, it gives you a non-authoritative reply saying that they are sooraj, chand, and
  • doesn't respond.
  • if you ask chand what's nameservers are, you sometimes get a reply without any actual data but with an 'additional authority' section that says that chand and sooraj are the nameservers, as if chand wasn't actually an authoritative nameserver for

The net result seems to be that every so often, our nameservers can't resolve anything to do with because they have decided to query chand and have gotten answers back that make them throw up their hands in disgust.

What seems to be going on is that sooraj and chand are actually general recursive nameservers (for example, neither claim to be authoritative on any answers) that can also talk to ns1, which is presumably an internal-only machine. For some reason sooraj has a local copy of the data (for example, its TTLs on results never count down) but chand does not; if you query chand during a time when it doesn't have things in its cache, you get useless results.

Written on 06 July 2007.
« What OpenID is good for
What the flags on DNS query responses mean »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Jul 6 16:05:48 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.