-----BEGIN PGP SIGNED MESSAGE-----
Well, It's nice to know my servers aren't at fault :-)
I originally asked about the following entries in my log files, and what
they meant (and should I panic :-))
Oct 14 19:07:38 nebula named[105]: Lame server on 'dat.com' (in 'dat.com'?):
[198.145.109.8].53 'ROGUE.dat.com': learnt (A=192.36.148.17,NS=192.36.148.17)
Oct 14 19:09:27 nebula named[105]: Lame server on 'ctronsoft.co.au' (in 'AU'?):
[198.6.1.1].53 'NS.UU.NET': learnt (A=128.63.48.85,NS=128.63.2.53)
Oct 14 21:07:21 nebula named[105]: Lame server on 'fugue.com' (in 'fugue.com'?):
[198.6.1.1].53 'NS.UU.NET': learnt (A=128.63.48.85,NS=192.36.148.17)
Answer:
it's not my fault :-)
The TCP-IP/Domains FAQ (internet/tcp-ip/domains-faq/part1) has some information
on this. A copy of the May 95 (old...?) version is available at
http://www.shmooze.net/~infopit/faqs/tcpip.txt - check out section 3.5
(but 3.3 is relevant as well.
Basically a lame delegation is one where the domain hierarchy above (eg
COM) servers have NS records pointing to a machine (ie a delegation) but
that machine doesn't respond with an "authorative" answer.
eg if I ask for the NS records for "mr-fundsdirect.com."
% nslookup -type=ns mr-fundsdirect.com.
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
mr-fundsdirect.com nameserver = NS3.CHINA.COM
mr-fundsdirect.com nameserver = NS1.CHINA.COM
Authoritative answers can be found from:
NS3.CHINA.COM internet address = 202.84.1.103
NS1.CHINA.COM internet address = 202.84.1.101
But if I ask NS3.CHINA.COM the same question, the answer does not come back
authorative:
% nslookup -type=ns mr-fundsdirect.com. ns3.china.com
Server: china.com
Address: 202.84.1.103
Non-authoritative answer:
mr-fundsdirect.com nameserver = NS1.CHINA.COM
mr-fundsdirect.com nameserver = NS3.CHINA.COM
Authoritative answers can be found from:
MR-FundsDirect.com nameserver = NS1.CHINA.COM
MR-FundsDirect.com nameserver = NS3.CHINA.COM
NS1.CHINA.COM internet address = 202.84.1.101
NS3.CHINA.COM internet address = 202.84.1.103
So the delegation to NS3.CHINA.COM is "Lame".
How can Lame delegations come about? A number of ways:
1) the designated server doesn't have a "primary" or "secondary" line in
the named.boot file
2) the Zone file has a parse error
3) Zone transfer from primary fails (Bill Townsley: is this your problem
with rogue? It seems to be responding authorative now!)
Ugh, there are a LOT of Lame servers out there...:-(
Thanks to:
Gokhan Ozkan
Rachel Polanskis
Raju Krishnamurthy
David Schiffrin
Reto Lichtensteiger
rgds
Stephen
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQB1AwUBMmNQRXNl46r30GVNAQEwHwMAoEmbj5KBtoN+pGBv1E8ubtoMXKkk/9f8
ANsXyXLaDvMOnpWbwb4AoNggxW2JFjnW2Vf+3iKLJhh2Llu9hhyX07Ir615M0BkX
3kFWrFXx70f0aoCok6ooitJzWpZWq7cP
=jTz4
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:13 CDT