V
V
Vladislav Yaroslavlev2012-11-23 13:12:51
Domain Name System
Vladislav Yaroslavlev, 2012-11-23 13:12:51

Incorrect NSs, but how does it work?

The NS's are invalid, but the A-record is resolved. How?

C:\>nslookup -q=NS izumrudniy-gorod.ru 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
izumrudniy-gorod.ru     nameserver = ns1.ChelnySvadba
izumrudniy-gorod.ru     nameserver = ns2.ChelnySvadba

C:\>nslookup -q=A izumrudniy-gorod.ru 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    izumrudniy-gorod.ru
Address:  77.222.40.91

Answer the question

In order to leave comments, you need to log in

3 answer(s)
M
merlin-vrn, 2012-11-25
@merlin-vrn

It works because once, in 2008, when the delegation was just being done, the zone was correct, but it was spoiled later.
Resolution happens like this:
DNS servers of the ru zone. give a response like:

$ dig -t ns izumrudniy-gorod.ru. @a.dns.ripn.net.

; <<>> DiG 9.8.1 <<>> -t ns izumrudniy-gorod.ru. @a.dns.ripn.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51951
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;izumrudniy-gorod.ru.           IN      NS

;; AUTHORITY SECTION:
izumrudniy-gorod.ru.    345600  IN      NS      ns2.r16.biz.
izumrudniy-gorod.ru.    345600  IN      NS      ns1.r16.biz.

;; Query time: 18 msec
;; SERVER: 193.232.128.6#53(193.232.128.6)
;; WHEN: Sun Nov 25 13:41:42 2012
;; MSG SIZE  rcvd: 80

Then your recursive DNS server addresses one of these servers to resolve names within the izumrudniy-gorod.ru zone, and receives the following responses from these servers:
$ dig -t ns izumrudniy-gorod.ru. @ns1.r16.biz.

; <<>> DiG 9.8.1 <<>> -t ns izumrudniy-gorod.ru. @ns1.r16.biz.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62400
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;izumrudniy-gorod.ru.           IN      NS

;; ANSWER SECTION:
izumrudniy-gorod.ru.    3600    IN      NS      ns1.ChelnySvadba.
izumrudniy-gorod.ru.    3600    IN      NS      ns2.ChelnySvadba.

;; Query time: 92 msec
;; SERVER: 5.187.0.37#53(5.187.0.37)
;; WHEN: Sun Nov 25 13:42:17 2012
;; MSG SIZE  rcvd: 85

(And the SOA record is also wrong there.)
If you remove the delegation now, and then try to do it again without correcting this nonsense in the zone, a normal registrar will delegate the domain to such servers (i.e. register records your-domain NS your -server). Now it works, I repeat, because once, when the delegation was done, the entries there were correct.

O
Otkrick, 2012-11-23
@Otkrick

From the cache? Google Public DNS is better not to use, it is not standardized. Once a day he killed to catch a mistake, it turned out that he: 1. With several A-records, he chose only the first one; 2. Didn't support round-robin.

V
VahMaster, 2012-11-23
@VahMaster

the registrar has the NSs filled out incorrectly
www.intodns.com/izumrudniy-gorod.ru

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question