Help again please Fwd: please fix your broken DNS server

Fri Jul 8 21:55:45 CEST 2005

On Fri, Jul 08, 2005 at 11:32:41AM -0500, Joseph T. Klein wrote:
> Why the direct dig work and the indirect resolution not?

The problem is a little bit subtle, because it is with an upstream
name server, and so the query never makes it to the name servers
that he mentions. The real problem queries are:

	dig AAAA gwise.milwaukee.gov @itmddns1x.milwaukee.gov
	dig AAAA gwise.milwaukee.gov @itmddns2x.milwaukee.gov
	dig AAAA gwise.milwaukee.gov @itmddns3x.milwaukee.gov
	dig AAAA gwise.milwaukee.gov @itmddns4x.milwaukee.gov

All these queries return SERVFAIL, and I think that that is where
the problem is comming from. I'm not sure who is responsible for
these name servers - it may or may not be the guy that you are
contacting. I would suggest that you ask him who to contact about
the itmddns*x.milwaukee.gov servers.

The reason these queries are important is because:

	% dig NS milwaukee.gov
	milwaukee.gov. 60 IN NS itmddns1x.milwaukee.gov.
	milwaukee.gov. 60 IN NS itmddns2x.milwaukee.gov.
	milwaukee.gov. 60 IN NS itmddns3x.milwaukee.gov.
	milwaukee.gov. 60 IN NS itmddns4x.milwaukee.gov.
	% dig MX milwaukee.gov
	milwaukee.gov. 60 IN MX 10 gwise.milwaukee.gov.
	milwaukee.gov. 60 IN MX 20 mhsgate.ci.mil.wi.us.
	% dig AAAA gwise.milwaukee.gov @itmddns1x.milwaukee.gov
	SERVFAIL
	% dig AAAA gwise.milwaukee.gov @itmddns2x.milwaukee.gov
	SERVFAIL
	% dig AAAA gwise.milwaukee.gov @itmddns3x.milwaukee.gov
	SERVFAIL
	% dig AAAA gwise.milwaukee.gov @itmddns4x.milwaukee.gov
	SERVFAIL

If you have the CNAME cached from some other query, then you
can get the correct result:

	% dig cname gwise.milwaukee.gov
	gwise.milwaukee.gov. 60 IN CNAME   gwise.ci.mil.wi.us.
	% dig ns gwise.ci.mil.wi.us
	gwise.ci.mil.wi.us. 4 IN NS lpitmd-isp1.mpw.net.
	gwise.ci.mil.wi.us. 4 IN NS lpitmd-isp2.mpw.net.
	% dig AAAA gwise.ci.mil.wi.us @lpitmd-isp1.mpw.net
	% dig AAAA gwise.ci.mil.wi.us @lpitmd-isp1.mpw.net

However, if you go straight after an AAAA for gwise.ci.mil.wi.us
you'll fail when you get to the ci.mil.wi.us level, because you run
into the same problem upstream nameservers again.

	% dig AAAA gwise.ci.mil.wi.us @a.root-servers.net
	us. 172800 IN NS A.GTLD.BIZ.
	us. 172800 IN NS B.GTLD.BIZ.
	us. 172800 IN NS C.GTLD.BIZ.
	% dig AAAA gwise.ci.mil.wi.us @a.gtld.biz
	mil.wi.us. 900 IN NS DNS1.SOL.NET.
	mil.wi.us. 900 IN NS DNS2.SOL.NET.
	mil.wi.us. 900 IN NS DNS3.SOL.NET.
	mil.wi.us. 900 IN NS DNS4.SOL.NET.
	mil.wi.us. 900 IN NS DNSY.SOL.NET.
	% dig AAAA gwise.ci.mil.wi.us @dns1.sol.net
	ci.mil.wi.us. 86400 IN NS itmddns1x.milwaukee.gov.
	ci.mil.wi.us. 86400 IN NS itmddns2x.milwaukee.gov.
	ci.mil.wi.us. 86400 IN NS itmddns3x.milwaukee.gov.
	ci.mil.wi.us. 86400 IN NS itmddns4x.milwaukee.gov.
	% dig AAAA gwise.ci.mil.wi.us @itmddns1x.milwaukee.gov
	SERVFAIL
	% dig AAAA gwise.ci.mil.wi.us @itmddns2x.milwaukee.gov
	SERVFAIL
	% dig AAAA gwise.ci.mil.wi.us @itmddns3x.milwaukee.gov
	SERVFAIL
	% dig AAAA gwise.ci.mil.wi.us @itmddns4x.milwaukee.gov
	SERVFAIL

Hope this helps,

	David.