In article <mailman.704.1255578769.14796.bind-us...@lists.isc.org>, Robert Moskowitz <r...@htt-consult.com> wrote:
> When I queried from home.htt (really hda.home.htt), it appears that it > does not matter that the SOA and NS are wrong and do not point to an IP > address. It is authoratative for the zone and just reports from its > cache. Likewise a client that uses it directly as its nameserver, would > never be the wiser of the problem. Only when another nameserver did the > lookup. If you look at that TCPDUMP use see the first lookup of say, > wiki.home.htt which returns the A record. Then a lookup of home.htt > which fails. From this point on, ANY lookup of any host in home.htt > fails completely. The cache is 'ruined?' with that failed lookup of the > NS from hda.home.htt. When it recurses the first time, the response includes the NS records from the authoritative server, as well as the A records if they're in-bailiwick. These take precedence over the delegation and glue records in the parent zone, which is why the cache is "ruined". This is a common cause of intermittent DNS failures out on the public Internet, when the NS records in a zone don't match the registered nameservers. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users