Dns-operations mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

That looks like you're reading the info from the TLD zone itself, rather
than what is in the root zone.  I *think* that when a user does a query,
the dns server checks its root hints and sees the available list of
nameservers that can resolve that TLD, then asks one of those
nameservers to provide a lookup.  But when you dig the TLD zone, you get
a list of nameservers that the TLD itself is saying are supposed to be
available to resolve the zone.

In this case, the pirate zone has extra entries listed that simply
should not be there, however the root zone is providing a 'corrected'
list of where answers can be found.  When I generate the root zone
entries, I completely ignore when the TLD says it's nameservers are.  I
query every T1 server to detect if that server is answering for each TLD
zone, and add the appropriate entries.  So even if the TLD's NS entries
are wrong, the root zone still contains the right information to
properly direct client queries.


On 05/16/2012 08:02 PM, Bryon Eldridge wrote:
> On Wed, May 16, 2012 at 9:02 AM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
>> If you look at the current root zone (2012051603) you will see that NS4
>> and NS6 are *not* listed for the pirate zone, and NS4 is not listed for
>> the neo zone.  This is one of the functions of the hourly rebuild of the
>> root zone -- to de-list any T1 servers which are not currently resolving
>> each zone.
> Then I don't think it's working.  In fact, there's even ns1 in there,
> which doesn't even exist.  And it seems like we're missing glue
> records for ns21 (cause it should be in ADDITIONAL, right?)
>
>
>
> ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> ns pirate 
> @ns5.opennic.glue
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14606
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 13
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;pirate.                                IN      NS
>
> ;; ANSWER SECTION:
> pirate.                 172800  IN      NS      ns9.opennic.glue.
> pirate.                 172800  IN      NS      ns21.opennic.glue.
> pirate.                 172800  IN      NS      ns1.opennic.glue.
> pirate.                 172800  IN      NS      ns2.opennic.glue.
> pirate.                 172800  IN      NS      ns3.opennic.glue.
> pirate.                 172800  IN      NS      ns4.opennic.glue.
> pirate.                 172800  IN      NS      ns5.opennic.glue.
> pirate.                 172800  IN      NS      ns6.opennic.glue.
> pirate.                 172800  IN      NS      ns7.opennic.glue.
> pirate.                 172800  IN      NS      ns8.opennic.glue.
>
> ;; ADDITIONAL SECTION:
> ns2.opennic.glue.       14400   IN      A       216.87.84.210
> ns2.opennic.glue.       14400   IN      AAAA    2001:470:8388:10:0:100:53:10
> ns3.opennic.glue.       14400   IN      A       199.30.58.57
> ns3.opennic.glue.       14400   IN      AAAA    2001:470:8ca1::53
> ns4.opennic.glue.       14400   IN      A       84.200.228.200
> ns5.opennic.glue.       14400   IN      A       128.177.28.254
> ns6.opennic.glue.       14400   IN      A       207.192.71.13
> ns6.opennic.glue.       14400   IN      AAAA    2002:cfc0:470d::1
> ns7.opennic.glue.       14400   IN      A       66.244.95.11
> ns7.opennic.glue.       14400   IN      AAAA    2001:470:1f10:c6::11
> ns8.opennic.glue.       14400   IN      A       178.63.116.152
> ns8.opennic.glue.       14400   IN      AAAA    2a01:4f8:110:6221::999
> ns9.opennic.glue.       14400   IN      A       209.141.35.9