[dns-operations] CNAME as NS-RRdata
Mark Andrews
Mark_Andrews at isc.org
Wed May 16 12:54:53 UTC 2007
> ; <<>> DiG 9.4.1 <<>> -x 194.29.32.197 @NS-EXT.ISC.ORG.
> ;; QUESTION SECTION:
> ;197.32.29.194.in-addr.arpa. IN PTR
> ;; AUTHORITY SECTION:
> 32.29.194.in-addr.arpa. 172800 IN NS ns1.checkpoint.com.
> 32.29.194.in-addr.arpa. 172800 IN NS ns4.checkpoint.com.
>
> ; <<>> DiG 9.4.1 <<>> ns1.checkpoint.com
> ;; QUESTION SECTION:
> ;ns1.checkpoint.com. IN A
> ;; ANSWER SECTION:
> ns1.checkpoint.com. 3600 IN CNAME ns6.checkpoint.com.
> ns6.checkpoint.com. 3086 IN A 194.29.32.199
> ;; AUTHORITY SECTION:
> checkpoint.com. 155987 IN NS ns6.checkpoint.com.
> checkpoint.com. 155987 IN NS ns8.checkpoint.com.
> ;; ADDITIONAL SECTION:
> ns8.checkpoint.com. 2997 IN A 216.228.148.29
>
>
> ; <<>> DiG 9.4.1 <<>> ns4.checkpoint.com
> ;; QUESTION SECTION:
> ;ns4.checkpoint.com. IN A
> ;; ANSWER SECTION:
> ns4.checkpoint.com. 3600 IN CNAME ns8.checkpoint.com.
> ns8.checkpoint.com. 2965 IN A 216.228.148.29
> ;; AUTHORITY SECTION:
> checkpoint.com. 155955 IN NS ns6.checkpoint.com.
> checkpoint.com. 155955 IN NS ns8.checkpoint.com.
> ;; ADDITIONAL SECTION:
> ns6.checkpoint.com. 3054 IN A 194.29.32.199
>
>
> Is there a way to tell them, what's wrong?
NS records cannot refer to CNAMEs. The configuration above
is broken.
> They got an email yesterday, nothing happened.
They were lucky yesterday and got the glue record from the
parent zone.
ns1.checkpoint.com. 172800 IN A 194.29.32.197
checkpoint.com. 172800 IN NS ns6.checkpoint.com.
checkpoint.com. 172800 IN NS ns8.checkpoint.com.
;; Received 120 bytes from 192.54.112.30#53(H.GTLD-SERVERS.NET) in 332 ms
The fix is to replace the CNAMEs by A records.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list