Info at the authoritative servers doesn't match the glue records. We see this all the time on our recursive resolvers.
rich-goodsons-computer:~ rgoodson$ dig +norec @ns1.thehartford.com thehartford.com NS ; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec @ns1.thehartford.com thehartford.com NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43188 ;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUESTION SECTION: ;thehartford.com. IN NS ;; ANSWER SECTION: thehartford.com. 120 IN NS hfdns4.thehartford.com. thehartford.com. 120 IN NS simns3.thehartford.com. thehartford.com. 120 IN NS simns4.thehartford.com. thehartford.com. 120 IN NS hfdns3.thehartford.com. ;; ADDITIONAL SECTION: hfdns4.thehartford.com. 120 IN A 162.136.188.4 simns3.thehartford.com. 120 IN A 162.136.190.3 simns4.thehartford.com. 120 IN A 162.136.190.4 hfdns3.thehartford.com. 120 IN A 162.136.188.3 ;; Query time: 39 msec ;; SERVER: 162.136.188.1#53(162.136.188.1) ;; WHEN: Wed Jun 15 08:55:41 2011 ;; MSG SIZE rcvd: 181 rich-goodsons-computer:~ rgoodson$ dig +norec @f.gtld-servers.net thehartford.com NS ; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec @f.gtld-servers.net thehartford.com NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3174 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;thehartford.com. IN NS ;; AUTHORITY SECTION: thehartford.com. 172800 IN NS ns1.thehartford.com. thehartford.com. 172800 IN NS ns2.thehartford.com. ;; ADDITIONAL SECTION: ns1.thehartford.com. 172800 IN A 162.136.188.1 ns2.thehartford.com. 172800 IN A 162.136.190.1 ;; Query time: 94 msec ;; SERVER: 192.35.51.30#53(192.35.51.30) ;; WHEN: Wed Jun 15 08:55:49 2011 ;; MSG SIZE rcvd: 101 On Jun 15, 2011, at 7:28 AM, M. Meadows wrote: > > > Good morning. > > We sent the following email to the dns managers at thehartford.com this > morning: > > --------------------------------------------------------------------------------- > > Hi. We’re experiencing some issues with address record lookups for > eftc.thehartford.com. We’ve got a couple questions about how this address > record is set up. > > Question : why does eftc as an address record in the thehartford.com zone > file have a 30 second TTL? Seems … very … short. I think most nameservers > won’t do less than a minute for an address record. Right? > > Question : our check of whois indicates that ns1.thehartford.com and > ns2.thehartford.com are the authoritative nameservers for thehartford.com. A > dig with a +trace for eftc.thehartford.com seems to indicate that they are > indeed the auth nameservers. It’s interesting, though, that an > http://www.kloth.net/services/nslookup.php lookup for thehartford.com query > for NS records shows a non-authoritative answer of hfdns3.thehartford.com, > hfdns4.thehartford.com, simns3.thehartford.com,simns3.thehartford.com and > simns4.thehartford.com. We’re unsure what’s going on with that. > > So we have a Microsoft set of DNS servers that seem to get confused J by > this somehow. Not really clear to us what’s going on with it … but it’s sort > of like there’s some negative caching going on for hfdns3, hfdns4, simns3 and > simns4 … at some point … where these Microsoft DNS servers think those 4 > servers are the authorities for the thehartford.com domain … and those auth > nameserver names … can’t be found … resolved. Then for a period … until the > Microsoft DNS servers have their cache cleared … they say … NOPE … no such > servers out there. Can’t get to hfdns4, hfdns3, simns3 or simns4 at all … so > we can’t resolveeftc.thehartford.com. > > Can you help us understand what’s going on? > > Thanks! > --------------------------------------------------------------------------------- > > > So now ... just in case we don't hear back from the dns folks at > thehartford.com ... I'm wondering if any of the experts on this mailing list > can help us understand this? > > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
