Men and MiceMen and Mice annversary logo

spain france german china
Knowledgehub


Why are these name servers responding non-authoritatively?

Answered Wed, 16 Jan 2002

> I've had "DNS and BIND" on my bookshelf since about the second edition and
> have found it enormously helpful.

That's great to hear!

> Perhaps you could help me understand the following situation...
>
> The person who runs our company's e-mail servers reported to me that he was
> having trouble sending mail to a number of other organizations, apparently
> because of some DNS issue. In poking around using nslookup, I was able to
> learn the authoritative nameservers for the domains in question, but when I
> query them, they always return non-authoritative answers. What could cause this?
>
> A specific example (feel free to change the names to protect the innocent!) is
> "doengeschoice.com". The authoritative nameservers are supposed to be
> ns1.webice.net and ns2.webice.net, but both return non-authoritative
> responses for doengeschoice.com (and also for webice.net, for that
> matter). The zone serial numbers they report look like they might be
> rather old. Could the reason I'm getting non-authoritative answers be that
> the zone data hasn't been updated for so long that it has timed out?

After sending a few queries to those two name servers, it looks to me like ns1.webice.net is returning non-authoritative answers for queries in doengeschoice.com because of an error in that zone's data file. Older BIND name servers, including the version they're running, will load a zone that contains syntax errors and
mark it as non-authoritative.

ns2.webice.net, on the other hand, looks as though it isn't configured as authoritative for oengeschoice.com at all. (In other words, it's not configured as a primary master or slave for that zone.) So it's no surprise it isn't responding authoritatively to queries in that zone.

Moreover, both name servers appear to be running BIND 8.2.2-P5, which has a really severe vulnerability, and both appear to be on the same subnet, which is also a no-no.

Should we forward a copy of this message to administrator@webice.net?

cricket


Next steps...

Try the Men & Mice Suite
Request a Video Demo
Request more info
Men & Mice Whitepapers

 

Copyright © 2009. Men & Mice.All rights reserved. Men & Mice privacy policy