Charles MacDonald wrote: : cmacd@linux:~> host www.adox.de : Host www.adox.de not found: 3(NXDOMAIN) Neat. Here's what I see: % host www.adox.de www.adox.de has address 217.160.28.134 Host www.adox.de not found: 3(NXDOMAIN) www.adox.de is an alias for adox.de.adox.de. % : Playing with nslookup: : : cmacd@linux:~> nslookup : > server ns9.schlundtech.de : Default server: ns9.schlundtech.de : Address: 62.116.129.129#53 : > www.adox.de : Server: ns9.schlundtech.de : Address: 62.116.129.129#53 : : Name: www.adox.de : Address: 217.160.28.134 : > : : SO WHY can't I do a regualr lookup to the site. is it on a "funny" domain? The simple answer: they broke their DNS. The complicated answer: it's complicated. Let's take a closer look at the DNS RR (Resource Record): ----- % dig @ns9.schlundtech.de www.adox.de any +v ; <<>> DiG 9.4.3-P1 <<>> @ns9.schlundtech.de www.adox.de any +v ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65271 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.adox.de. IN ANY ;; ANSWER SECTION: www.adox.de. 86378 IN CNAME adox.de.adox.de. ;; AUTHORITY SECTION: adox.de. 86378 IN NS ns9.schlundtech.de. adox.de. 86378 IN NS ns10.schlundtech.de. ;; ADDITIONAL SECTION: ns9.schlundtech.de. 42559 IN A 62.116.129.129 ns10.schlundtech.de. 42069 IN A 62.116.163.100 ;; Query time: 218 msec ;; SERVER: 62.116.129.129#53(62.116.129.129) ;; WHEN: Mon Feb 23 01:08:12 2009 ;; MSG SIZE rcvd: 132 % ----- Okay, so the entry for www.adox.de is a CNAME for 'adox.de.adox.de'. Which is likely a typo in their zone file; someone forgot to terminate the entry with a '.'. So let's take a closer look at adox.de.adox.de: ----- % dig @ns9.schlundtech.de adox.de.adox.de any +v ; <<>> DiG 9.4.3-P1 <<>> @ns9.schlundtech.de adox.de.adox.de any +v ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12257 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;adox.de.adox.de. IN ANY ;; AUTHORITY SECTION: adox.de. 10800 IN SOA ns9.schlundtech.de. webmasterr.fotoimpex.de. 2007121000 39940 14400 604800 86400 ;; Query time: 143 msec ;; SERVER: 62.116.129.129#53(62.116.129.129) ;; WHEN: Mon Feb 23 01:10:15 2009 ;; MSG SIZE rcvd: 106 % ----- Yup, there's no RR for adox.de.adox.de (we only got the SOA (Start Of Authority) record for the zone; no actual RR for the queried name). Which kind of makes sense, as it's actually a typo in their zone file. So any request for adox.de is going to fail. But wait! ----- % host www.adox.de. ns9.schlundtech.de. Using domain server: Name: ns9.schlundtech.de. Address: 62.116.129.129#53 Aliases: www.adox.de has address 217.160.28.134 Host www.adox.de.phub.net.cable.rogers.com not found: 2(SERVFAIL) Host www.adox.de.phub.net.cable.rogers.com not found: 2(SERVFAIL) % host adox.de.adox.de. ns9.schlundtech.de. Using domain server: Name: ns9.schlundtech.de. Address: 62.116.129.129#53 Aliases: Host adox.de.adox.de. not found: 3(NXDOMAIN) % ----- Which is kinda-sorta in line with what we saw above: adox.de.adox.de doesn't exist, and www.adox.de is weird. So where's that IP address coming from? My guess is either that it's dig trying to be clever, or it's a wildcard entry they put in their zone to 'fix' their improperly-terminated CNAME RR for www.adox.de. ----- % dig @ns9.schlundtech.de. adox.de any +v ; <<>> DiG 9.4.3-P1 <<>> @ns9.schlundtech.de. adox.de any +v ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43559 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;adox.de. IN ANY ;; ANSWER SECTION: adox.de. 86148 IN SOA ns9.schlundtech.de. webmasterr.fotoimpex.de. 2007121000 39940 14400 604800 86400 adox.de. 86148 IN A 217.160.28.134 adox.de. 86148 IN MX 10 mail.adox.de. adox.de. 86148 IN NS ns10.schlundtech.de. adox.de. 86148 IN NS ns9.schlundtech.de. ;; AUTHORITY SECTION: adox.de. 86148 IN NS ns9.schlundtech.de. adox.de. 86148 IN NS ns10.schlundtech.de. ;; ADDITIONAL SECTION: ns9.schlundtech.de. 42075 IN A 62.116.129.129 ns10.schlundtech.de. 41585 IN A 62.116.163.100 ;; Query time: 141 msec ;; SERVER: 62.116.129.129#53(62.116.129.129) ;; WHEN: Mon Feb 23 01:16:16 2009 ;; MSG SIZE rcvd: 228 % ----- There we see the 217... address. Digging a little further, we see: ----- % host asdfasdf.adox.de. ns9.schlundtech.de. Using domain server: Name: ns9.schlundtech.de. Address: 62.116.129.129#53 Aliases: Host asdfasdf.adox.de. not found: 3(NXDOMAIN) % host asdfasdf.adox.de. asdfasdf.adox.de has address 8.15.7.107 asdfasdf.adox.de has address 63.251.179.17 asdfasdf.adox.de has address 65.200.200.47 Host asdfasdf.adox.de not found: 3(NXDOMAIN) Host asdfasdf.adox.de not found: 3(NXDOMAIN) % ----- And the tcpdump from the latter query: ----- # tcpdump -i wlan0 -ln port 53 01:23:18.734674 IP 192.168.1.100.39033 > 64.71.255.198.53: 49566+ A? www.adox.de. (29) 01:23:18.751364 IP 64.71.255.198.53 > 192.168.1.100.39033: 49566* 3/2/0 A 8.15.7.107,[|domain] 01:23:18.755279 IP 192.168.1.100.42309 > 64.71.255.198.53: 39868+ AAAA? www.adox.de. (29) 01:23:18.776776 IP 64.71.255.198.53 > 192.168.1.100.42309: 39868 NXDomain* 1/1/0 CNAME[|domain] 01:23:18.776978 IP 192.168.1.100.37606 > 64.71.255.198.53: 52262+[|domain] 01:23:18.796897 IP 64.71.255.198.53 > 192.168.1.100.37606: 52262 NXDomain* 0/1/0 (154) 01:23:18.797072 IP 192.168.1.100.43331 > 64.71.255.198.53: 21294+ MX? www.adox.de. (29) 01:23:18.930698 IP 64.71.255.198.53 > 192.168.1.100.43331: 21294* 1/0/0 CNAME adox.de.adox.de. (51) ^C 10 packets captured 10 packets received by filter 0 packets dropped by kernel # ----- So, here's my guess: Their DNS administrator has completely borked their zone. They made a few mistakes, changed them, and away they went. But there are still multiple copies of their zone file cached out there in other DNS servers, and their CNAME entry is bad. (Note that I've done a few other straight 'host' commands, and depending on the DNS server I query, I receive a different response. The multiple IPs come from the MX records and such; it's just dig providing odd output.) It also looks like they tried to fix their problem at one point by adding a wildcard entry to the domain, which would only really complicate matters further (I'm not sure how a CNAME would deal with a wildcard RR as the destination). This wildcard entry may or may not be in place. There's definitely something weird going on in their zone, and it's been too long since I've worked with DNS intimately, so I can't quite put my finger on the error. Needless to say, you need to wait for their zone to expire in your DNS cache before you will be able to reach it. (On a footnote, I want to say that they've somehow entered *two* entries in their zone for www.adox.de: one is the broken CNAME; and one might be a properly-terminated CNAME, or might be an A RR, but I don't know of any DNS software that would accept such a zone file. The DNS RFCs explicitly state that if a CNAME RR exists, you cannot have any other RRs for the same entry. It just doesn't make sense, but it feels like that's what's happened here.) - Damian