The problem is that their servers are returning non-authoritative answers from the cache without also adding the NS records for the child zone to allow the interative resolver to find a authoritative answer. The parent server is configured as a recursive server not a authoritative server.
On top of that you appear to be running BIND 9.7.0 which rejects non-authoritative answers when it is supposed to be talking to authoritative servers. Upgrade named and you should be fine. Mark In message <01f1f5b3-72a3-4bb7-a506-5cc4fc1d4...@mail1.datasyncorp.com>, Tim Kel ley writes: > > We've been having this issues with neweggbusiness.com - it seems the A rec for > neweggbusiness.com is round robin load balanced: > > ;; ANSWER SECTION: > neweggbusiness.com. 3600 IN A 216.52.208.154 > neweggbusiness.com. 3600 IN A 204.14.213.154 > > ;; ANSWER SECTION: > neweggbusiness.com. 3600 IN NS dns2.magnellmail.net. > neweggbusiness.com. 3600 IN NS dns1.magnellmail.net. > > ... and "www.neweggbusiness.com" is an actual zone delegated to a different se > t of name servers > > ;; ANSWER SECTION: > www.neweggbusiness.com. 3600 IN NS ns14b.newegg.com. > www.neweggbusiness.com. 3600 IN NS ns13b.newegg.com. > > The website uses links with both these names, and much of it doesn't work when > using our bind server for recursive queries - the A rec for "www.neweggbusine > ss.com" does not resolve using my bind9 server (DNS format error), but does re > turn if I query the NS for neweggbusiness.com directly (below). I see this is > not an authoritative answer, which it should be for the A record, no? The zone > delegation and the A rec for www.neweggbusiness.com should both exist on the > NS for parent zone, right? Is this the problem? If I dig against the NS for "w > ww.neweggbusiness.com" I get an aa flag, but I should get an aa flag from the > nameservers for the parent zone on that same query, I think. Nevertheless, the > site works for most people - google's nameserver (8.8.8.8) seems to have no p > roblem with it, for example. > > querying the NS for neweggbusiness.com - > > dig @216.52.208.156 www.neweggbusiness.com a > > ; <<>> DiG 9.7.0-P1 <<>> @216.52.208.156 www.neweggbusiness.com a > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13532 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.neweggbusiness.com. IN A > > ;; ANSWER SECTION: > www.neweggbusiness.com. 1348 IN A 216.52.208.168 > > ;; Query time: 61 msec > ;; SERVER: 216.52.208.156#53(216.52.208.156) > ;; WHEN: Wed Mar 28 09:29:50 2012 > ;; MSG SIZE rcvd: 56 > > > > Tim Kelley > t...@c4tech.com > 504-896-8324 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
