On Wed, Jan 18, 2006 at 11:30:31PM +0100, Hans Ekbrand wrote: > On Wed, Jan 18, 2006 at 10:53:46PM +0100, Kiko Piris wrote: > > On 18/01/2006 at 22:16 +0100, Hans Ekbrand wrote: > > > > > pgp.net is not a host, it's a zone. My guess is that your nameserver > > > is broken, but I'm no DNS guru. > > > > > > Here are some of the servers that my nameserver replies to the above > > > command: > > > > His nameserver doesn't need to be broken, your's might very well be. > > His nameserver refuses to answer a zone transfer request (9 NOAUTH) > > because it's not authoritative on that zone (that's absolutely correct > > behaviour). > > OK I'll take your word for that my DNS is broken, his is not. As I > said, I am no DNS guru. > > I have bind running locally, could that explain it? > > > Your's does answer that request. The funny thing is that among the > > authoritative nameservers of the pgp.net zone, some answer the zone > > transfer request and sgme do not (5 REFUSED). I tried $ host -v -l pgp.net and it seems my dns is not queried to do zone transfers $ host -v -l pgp.net Query about pgp.net for record types A NS PTR Finding nameservers for pgp.net ... Query done, 6 answers, status: no error Found 1 address for ns1.pipex.net Found 1 address for procert.cert.dfn.de Found 1 address for auth01.ns.uu.net Found 1 address for dns0.cl.cam.ac.uk Found 1 address for nac.no Found 1 address for ns0.pipex.net Trying server 158.43.192.7 (ns1.pipex.net) ... Asking zone transfer for pgp.net ... Query failed, 0 answers, status: query refused pgp.net AXFR record query refused by ns1.pipex.net Asking SOA record for pgp.net ... Query done, 1 answer, authoritative status: no error [ my comment: host asked ns1.pipex.net for a zone transfer, got none] [ ... other servers in the list above tried, got no answers] Trying server 128.232.0.19 (dns0.cl.cam.ac.uk) ... Asking zone transfer for pgp.net ... pgp.net. 8640 IN NS nac.no. pgp.net. 8640 IN NS ns0.pipex.net. pgp.net. 8640 IN NS ns1.pipex.net. pgp.net. 8640 IN NS dns0.cl.cam.ac.uk. pgp.net. 8640 IN NS orgo.progsoc.uts.edu.au. pgp.net. 8640 IN NS robin.dfn-cert.de. pgp.net. 8640 IN NS auth01.ns.uu.net. ftp.at.pgp.net. 8640 IN A 195.64.0.34 www.at.pgp.net. 8640 IN A 195.64.0.35 ftp.au.pgp.net. 8640 IN A 203.5.112.20 www.au.pgp.net. 8640 IN A 128.232.0.23 [...] If understand things correctly, host does not ask my dns for a zone transfer for pgp.net. So my DNS is not broken. If I explicitly tell host to use my DNS, it fails: $ host -v -l pgp.net 127.0.0.1 Server: localhost.localdomain Address: 127.0.0.1 Aliases: localhost samir Query about pgp.net for record types A NS PTR Trying server 127.0.0.1 (localhost.localdomain) ... Asking zone transfer for pgp.net ... Query failed, 0 answers, status: query refused pgp.net AXFR record query refused by localhost.localdomain Asking SOA record for pgp.net ... Query failed, 0 answers, status: no error pgp.net SOA record currently not present at localhost.localdomain No nameservers for pgp.net responded So my DNS is not broken, but why did $ host -l pgp.net | grep www not work for Paul J. Lucas? Because he used host from the "bind9-host" package while I used host from the "host" package. -- Hans Ekbrand (http://sociologi.cjb.net) <hans@sociologi.cjb.net> Q. What is that strange attachment in this mail? A. My digital signature, see www.gnupg.org for info on how you could use it to ensure that this mail is from me and has not been altered on the way to you.
Attachment:
signature.asc
Description: Digital signature