| Author |
Message |
funkytastic
Joined: 10 Aug 2008
Posts: 99
Location: ~$
|
| Posted: Wed Mar 30, 2011 11:40 am Post subject: NXDOMAIN weirdness |
|
|
Noticed some strange DNS behavior today on my 'node in Newark. If I try to resolve a nonexistent hostname that is a subdomain of anything in the root zone, it searches under .members.linode.com:
Code: $ host nonexistent-example.com
Host nonexistent-example.com.members.linode.com not found: 5(REFUSED)
If I try to resolve a bogus hostname that's not in the root zone hierarchy, I get an NXDOMAIN, as it should be.
Code: $ host steve.jobs
Host steve.jobs.members.linode.com not found: 5(REFUSED)
$ host bill.gates
Host bill.gates not found: 3(NXDOMAIN)
My /etc/resolv.conf:
Code: domain members.linode.com
search members.linode.com
nameserver 97.107.133.4
nameserver 207.192.69.4
nameserver 207.192.69.5
I definitely used to get all NXDOMAINs for these types of queries on this box. Any ideas? |
|
| Back to top |
|
mnordhoff
Joined: 03 May 2008
Posts: 451
|
| Posted: Wed Mar 30, 2011 11:57 am Post subject: |
|
|
When you look up a non-fully qualified domain name (i.e., one that doesn't end in "."), and it doesn't exist, the resolver then tries looking up "<the name>.<your search domain from resolv.conf>". For some reason, Linode's recursive nameservers return REFUSED for things like com.members.linode.com. 'host' thinks that's weird, so it returns an error.
'host' is doing the .members.linode.com. lookup for "bill.gates", too; it just doesn't tell you about it because it received an ordinary NXDOMAIN. |
|
| Back to top |
|
funkytastic
Joined: 10 Aug 2008
Posts: 99
Location: ~$
|
| Posted: Wed Mar 30, 2011 2:21 pm Post subject: |
|
|
mnordhoff wrote: For some reason, Linode's recursive nameservers return REFUSED for things like com.members.linode.com. 'host' thinks that's weird, so it returns an error.
OK, so that's what changed. The resolvers in the other Linode datacenters I have access to don't seem to be refusing those queries. Weird. Is this just Newark? Any way to fix this behavior, other than not using the linode search domain in resolv.conf?
I wonder why the resolvers are only refusing those queries where the most significant level under members.linode.com is in the root zone. I can't think of a good reason for it. |
|
| Back to top |
|
obs
Joined: 07 Mar 2010
Posts: 1400
Location: Earth
|
| Posted: Wed Mar 30, 2011 3:17 pm Post subject: |
|
|
| If it only happens in newark I'd raise a ticket and ask support. |
|
| Back to top |
|
mnordhoff
Joined: 03 May 2008
Posts: 451
|
| Posted: Thu Mar 31, 2011 8:20 pm Post subject: |
|
|
I can confirm the odd behaviour in Dallas. And so can you -- the US recursive nameservers are open to any US node. (London is not, for some reason.)
I'm not filing a ticket about it, though. |
|
| Back to top |
|
| |
