Re: experiencing something odd.

[Rob <dnsstuff@itsbeen.sent.com>]

Tobias Reckhard wrote:
> The Almighty Pegasus Epsilon wrote the following on 02.11.2006 20:15:
> > # dnsq a ns.paulbunyan.net 192.5.6.30 (a.gtld-servers.net)
> > 1 ns.paulbunyan.net:
> > 119 bytes, 1+1+2+2 records, response, noerror
> > query: 1 ns.paulbunyan.net
> > answer: ns.paulbunyan.net 172800 A 206.8.120.20
> > authority: paulbunyan.net 172800 NS ns2.paulbunyan.net
> > authority: paulbunyan.net 172800 NS ns3.paulbunyan.net
> > additional: ns2.paulbunyan.net 172800 A 209.191.199.72
> > additional: ns3.paulbunyan.net 172800 A 209.191.199.73
> >
> > the SOA is correct. the answer is NOT. the answer is also not
> > authoritative.
> They appear to have since corrected the mistake:
>
> $ date; dnsq a paulbunyan.net a.gtld-servers.net
> Fri Nov  3 07:18:31 CET 2006
> 1 paulbunyan.net:
> 100 bytes, 1+0+2+2 records, response, noerror
> query: 1 paulbunyan.net
> authority: paulbunyan.net 172800 NS ns2.paulbunyan.net
> authority: paulbunyan.net 172800 NS ns3.paulbunyan.net
> additional: ns2.paulbunyan.net 172800 A 209.191.199.72
> additional: ns3.paulbunyan.net 172800 A 209.191.199.73
>
> Cheers,
> Tobias
It isn't. He is looking at ns.paulbunyan.net, it seems the info at the .net 
server level is returning an A record for that
instead of a referral to the paulbunyan.net NS servers.

In my testing, it was not just djb software that returned the "incorrect" 
result:
Random open dns servers (from http://80.247.230.136/dns.htm? )
# dig ns.paulbunyan.net +short @4.2.2.6
209.191.199.71
# dig ns.paulbunyan.net +short @4.2.2.1
206.8.120.20
# dig ns.paulbunyan.net +short @208.217.74.35
209.191.199.71
# dig ns.paulbunyan.net +short @65.182.161.201
209.191.199.71
# dig ns.paulbunyan.net +short @204.153.81.23
206.8.120.20
# dig ns.paulbunyan.net +short @207.126.96.162
206.8.120.20
# dig ns.paulbunyan.net +short @208.185.160.10
206.8.120.20
# dig ns.paulbunyan.net +short @86.64.145.143
209.191.199.71

.net NS servers:
# dig ns.paulbunyan.net +short @a.gtld-servers.net.
206.8.120.20
# dig ns.paulbunyan.net +short @b.gtld-servers.net.
206.8.120.20
# dig ns.paulbunyan.net +short @c.gtld-servers.net.
206.8.120.20
# dig ns.paulbunyan.net +short @d.gtld-servers.net.
206.8.120.20
# dig ns.paulbunyan.net +short @e.gtld-servers.net.
206.8.120.20

If the NS servers for paulbunyan.net are in the cache already, dnscache (and 
others) answer correctly,
if we query for www.paulbunyan.net first, then the query for ns.paulbunyan.net 
goes to the paulbunyan.net NS servers.
Obviously, something is wrong with the paulbunyan.net data at the .net NS 
server level,
but a more general form of his question might be
"Under what circumstances should a cache reject answers from servers that are not 
authoritative for the query?"
(and why not in this case)

# svc -t /service/*
@40000000454c0aaf05e90dcc listening on 0a140a29
@40000000454c0aaf0666e0bc slurp 0
@40000000454c0aaf066f6084 starting

# dig  www.paulbunyan.net @10.20.10.41
; <<>> DiG 9.2.5 <<>> www.paulbunyan.net @10.20.10.41
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1429
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.paulbunyan.net.            IN      A

;; ANSWER SECTION:
www.paulbunyan.net.     1800    IN      A       209.191.199.71

;; Query time: 187 msec
;; SERVER: 10.20.10.41#53(10.20.10.41)
;; WHEN: Fri Nov  3 19:36:21 2006
;; MSG SIZE  rcvd: 52

@40000000454c0abf29eff064 query 1 0a140a29:83d6:0595 1 www.paulbunyan.net.
@40000000454c0abf29f00bbc tx 0 1 www.paulbunyan.net. . 7f350001
@40000000454c0abf2a0b2154 rr 7f350001 259200 ns net. 192.48.79.30.
@40000000454c0abf2a0b30f4 rr 7f350001 259200 ns net. 192.43.172.30.
@40000000454c0abf2a0b3cac rr 7f350001 259200 ns net. 192.54.112.30.
@40000000454c0abf2a0b4864 rr 7f350001 259200 ns net. 192.42.93.30.
@40000000454c0abf2a0b541c rr 7f350001 259200 ns net. 192.35.51.30.
@40000000454c0abf2a0b5fd4 rr 7f350001 259200 ns net. 192.12.94.30.
@40000000454c0abf2a0bcd34 rr 7f350001 259200 ns net. 192.31.80.30.
@40000000454c0abf2a0bd8ec rr 7f350001 259200 ns net. 192.26.92.30.
@40000000454c0abf2a0c59d4 rr 7f350001 259200 ns net. 192.33.14.30.
@40000000454c0abf2a0c658c rr 7f350001 259200 ns net. 192.5.6.30.
@40000000454c0abf2a0c752c rr 7f350001 259200 ns net. 192.55.83.30.
@40000000454c0abf2a0c80e4 rr 7f350001 259200 ns net. 192.41.162.30.
@40000000454c0abf2a0c8c9c rr 7f350001 259200 ns net. 192.52.178.30.
@40000000454c0abf2a0c9854 stats 1 211 1 0
@40000000454c0abf2a0ca024 tx 0 1 www.paulbunyan.net. net. c034b21e c00c5e1e 
c023331e c0210e1e c005061e c037531e c02a5d1e c02bac1e c036701e c01a5c1e 
c01f501e c029a21e c0304f1e
@40000000454c0abf2f96f9cc rr c034b21e 172800 1 ns2.paulbunyan.net. d1bfc748
@40000000454c0abf2f971524 rr c034b21e 172800 1 ns3.paulbunyan.net. d1bfc749
@40000000454c0abf2f9724c4 rr c034b21e 172800 ns paulbunyan.net. 
ns2.paulbunyan.net.
@40000000454c0abf2f97307c rr c034b21e 172800 ns paulbunyan.net. 
ns3.paulbunyan.net.
@40000000454c0abf2f97401c stats 1 381 1 0
@40000000454c0abf2f9747ec cached 1 ns2.paulbunyan.net.
@40000000454c0abf2f9753a4 cached 1 ns3.paulbunyan.net.
@40000000454c0abf2f975b74 tx 0 1 www.paulbunyan.net. paulbunyan.net. d1bfc749 
d1bfc748
@40000000454c0abf3500bf9c rr d1bfc749 1800 1 ns2.paulbunyan.net. d1bfc779
@40000000454c0abf3500d324 rr d1bfc749 1800 1 ns2.paulbunyan.net. d1bfc748
@40000000454c0abf3500dedc rr d1bfc749 1800 1 ns3.paulbunyan.net. d1bfc749
@40000000454c0abf3500ea94 rr d1bfc749 1800 1 www.paulbunyan.net. d1bfc747
@40000000454c0abf3500fa34 rr d1bfc749 1800 ns paulbunyan.net. 
ns2.paulbunyan.net.
@40000000454c0abf350105ec rr d1bfc749 1800 ns paulbunyan.net. 
ns3.paulbunyan.net.
@40000000454c0abf3501158c stats 1 601 1 0
@40000000454c0abf35011d5c sent 1 52

# dig  ns.paulbunyan.net @10.20.10.41

; <<>> DiG 9.2.5 <<>> ns.paulbunyan.net @10.20.10.41
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18681
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns.paulbunyan.net.             IN      A

;; ANSWER SECTION:
ns.paulbunyan.net.      1800    IN      A       209.191.199.71

;; Query time: 197 msec
;; SERVER: 10.20.10.41#53(10.20.10.41)
;; WHEN: Fri Nov  3 19:36:34 2006
;; MSG SIZE  rcvd: 51

@40000000454c0acc13563bc4 query 2 0a140a29:83d6:48f9 1 ns.paulbunyan.net.
@40000000454c0acc13565b04 cached ns paulbunyan.net. ns2.paulbunyan.net.
@40000000454c0acc135666bc cached ns paulbunyan.net. ns3.paulbunyan.net.
@40000000454c0acc13567274 cached 1 ns2.paulbunyan.net.
@40000000454c0acc13567e2c cached 1 ns3.paulbunyan.net.
@40000000454c0acc135689e4 tx 0 1 ns.paulbunyan.net. paulbunyan.net. d1bfc779 
d1bfc749 d1bfc748
@40000000454c0acc1f0a20fc rr d1bfc779 1800 1 ns.paulbunyan.net. d1bfc747
@40000000454c0acc1f0a386c rr d1bfc779 1800 1 ns2.paulbunyan.net. d1bfc779
@40000000454c0acc1f0a4424 rr d1bfc779 1800 1 ns2.paulbunyan.net. d1bfc748
@40000000454c0acc1f0a53c4 rr d1bfc779 1800 1 ns3.paulbunyan.net. d1bfc749
@40000000454c0acc1f0a5f7c rr d1bfc779 1800 ns paulbunyan.net. 
ns3.paulbunyan.net.
@40000000454c0acc1f0a6f1c rr d1bfc779 1800 ns paulbunyan.net. 
ns2.paulbunyan.net.
@40000000454c0acc1f0a7ad4 stats 2 820 1 0
@40000000454c0acc1f0a82a4 sent 2 51


Clear the cache and query ns.paulbunyan.net first:

# svc -t /service/*
@40000000454c0ad3221fd124 listening on 0a140a29
@40000000454c0ad3229c503c slurp 0
@40000000454c0ad322a54534 starting

# dig  ns.paulbunyan.net @10.20.10.41

; <<>> DiG 9.2.5 <<>> ns.paulbunyan.net @10.20.10.41
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21408
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns.paulbunyan.net.             IN      A

;; ANSWER SECTION:
ns.paulbunyan.net.      172800  IN      A       206.8.120.20

;; Query time: 22 msec
;; SERVER: 10.20.10.41#53(10.20.10.41)
;; WHEN: Fri Nov  3 19:36:57 2006
;; MSG SIZE  rcvd: 51

@40000000454c0ae332051b6c query 1 0a140a29:83d6:53a0 1 ns.paulbunyan.net.
@40000000454c0ae332053aac tx 0 1 ns.paulbunyan.net. . 7f350001
@40000000454c0ae332210bc4 rr 7f350001 259200 ns net. 192.48.79.30.
@40000000454c0ae332211b64 rr 7f350001 259200 ns net. 192.43.172.30.
@40000000454c0ae332212b04 rr 7f350001 259200 ns net. 192.54.112.30.
@40000000454c0ae3322136bc rr 7f350001 259200 ns net. 192.42.93.30.
@40000000454c0ae332214274 rr 7f350001 259200 ns net. 192.35.51.30.
@40000000454c0ae332214e2c rr 7f350001 259200 ns net. 192.12.94.30.
@40000000454c0ae3322159e4 rr 7f350001 259200 ns net. 192.31.80.30.
@40000000454c0ae33221659c rr 7f350001 259200 ns net. 192.26.92.30.
@40000000454c0ae33221e684 rr 7f350001 259200 ns net. 192.33.14.30.
@40000000454c0ae33221f23c rr 7f350001 259200 ns net. 192.5.6.30.
@40000000454c0ae33221fdf4 rr 7f350001 259200 ns net. 192.55.83.30.
@40000000454c0ae3322209ac rr 7f350001 259200 ns net. 192.41.162.30.
@40000000454c0ae332221564 rr 7f350001 259200 ns net. 192.52.178.30.
@40000000454c0ae33222211c stats 1 211 1 0
@40000000454c0ae3322228ec tx 0 1 ns.paulbunyan.net. net. c01f501e c02a5d1e 
c034b21e c005061e c0210e1e c01a5c1e c00c5e1e c029a21e c036701e c02bac1e 
c037531e c023331e c0304f1e
@40000000454c0ae3333703ec rr c01f501e 172800 1 ns.paulbunyan.net. ce087814
@40000000454c0ae333371774 rr c01f501e 172800 1 ns2.paulbunyan.net. d1bfc748
@40000000454c0ae333372714 rr c01f501e 172800 1 ns3.paulbunyan.net. d1bfc749
@40000000454c0ae3333732cc rr c01f501e 172800 ns paulbunyan.net. 
ns2.paulbunyan.net.
@40000000454c0ae333373e84 rr c01f501e 172800 ns paulbunyan.net. 
ns3.paulbunyan.net.
@40000000454c0ae333374e24 stats 1 426 1 0
@40000000454c0ae3333755f4 sent 1 51