"host" cannot see sites in .org

"host" on Fedora 8 (bind-utils-9.5.0-23.b1.fc8.x86_64) and MacOS 10.5 both suffer this bug.

However, Fedora's named (bind-9.5.0-23.b1.fc8.x86_64) does not have this problem!

  Fedora8> host -t ns sourceforge.org. localhost.
  Using domain server:
  Name: localhost.
  Address: 127.0.0.1#53
  Aliases:

  sourceforge.org name server ns3.ostg.com.
  sourceforge.org name server ns1.ostg.com.
  sourceforge.org name server ns2.ostg.com.

However, ubuntu named fails:

  ubuntu> host -t ns mirrorservice.org. localhost.
<time passes>
  ;; connection timed out; no servers could be reached

I can't reproduce this behavior:

7.10 amd64 version:

$ host -v -t ns sourceforge.org. localhost.
Trying "sourceforge.org"
Using domain server:
Name: localhost.
Address: 127.0.0.1#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62616
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;sourceforge.org. IN NS

;; ANSWER SECTION:
sourceforge.org. 7200 IN NS ns2.ostg.com.
sourceforge.org. 7200 IN NS ns1.ostg.com.
sourceforge.org. 7200 IN NS ns3.ostg.com.

;; ADDITIONAL SECTION:
ns1.ostg.com. 172800 IN A 66.35.250.10
ns2.ostg.com. 172800 IN A 66.35.250.11
ns3.ostg.com. 172800 IN A 12.31.165.71

Received 143 bytes from 127.0.0.1#53 in 616 ms

7.10 i386 version:

# host -v -t ns sourceforge.org. localhost.
Trying "sourceforge.org"
Using domain server:
Name: localhost.
Address: 127.0.0.1#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28577
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;sourceforge.org. IN NS

;; ANSWER SECTION:
sourceforge.org. 1934 IN NS ns1.ostg.com.
sourceforge.org. 1934 IN NS ns2.ostg.com.
sourceforge.org. 1934 IN NS ns3.ostg.com.

;; ADDITIONAL SECTION:
ns1.ostg.com. 106157 IN A 66.35.250.10
ns2.ostg.com. 106157 IN A 66.35.250.11
ns3.ostg.com. 106157 IN A 12.31.165.71

Received 143 bytes from 127.0.0.1#53 in 12 ms

Both 6.06 i386 and 8.04 i386 also produce correct outputs.

All wokring fine here .. :

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.10
DISTRIB_CODENAME=gutsy
DISTRIB_DESCRIPTION="Ubuntu 7.10"

$ host -t ns sourceforge.org localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

sourceforge.org name server ns3.ostg.com.
sourceforge.org name server ns1.ostg.com.
sourceforge.org name server ns2.ostg.com.

$ host -t ns mirrorservice.org localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

mirrorservice.org name server dns2.mirrorservice.org.
mirrorservice.org name server dns0.mirrorservice.org.

this is the bind I'm using

bind9 1:9.4.1-P1-3ub Internet Domain Name Server

1. Did you try "host -t ns sourceforge.org. tld1.ultradns.net." ?
This fails for me.

2. Did you try "host -t ns mirrorservice.org. localhost." ?
This fails for me, though most other .org domains via named now seem to be working (e.g., wikipedia.org).

Does your named use forwarders? (mine does not.)

O.K., one mystery is solved: My named fails on some hosts due to some obscure routing in our firewall (you just can't get the staff nowadays (me!)), so many appologgies for that.

The "sourceforge.org has no NS record" error from host still stands though. This seems to be a generic problem with the host command, being present on MacOS and Fedora.

From Redhat's bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=432615

"Main problem is that com. nameservers are broken (http://marc.info/?t=120291582900002&r=1&w=2) because they returns NS records in answer section without AA flag so host utility simply use them. When you try query "correct" servers (non-authoritative data is not returned in answer section) and servers doesn't have recursion enabled this is intentional behavior of host (discussed with upstream)."

So, a bug in host seemingly.

On Fri, Feb 15, 2008 at 02:02:59PM -0000, Robert Bogomip wrote:
> "Main problem is that com. nameservers are broken
> (http://marc.info/?t=120291582900002&r=1&w=2) because they returns NS
> records in answer section without AA flag so host utility simply use
> them. When you try query "correct" servers (non-authoritative data is
> not returned in answer section) and servers doesn't have recursion
> enabled this is intentional behavior of host (discussed with upstream)."
>
> So, a bug in host seemingly.

How do you get from "this is intentional behavior of host" to "bug in
host"?

--
Soren Hansen | Virtualisation Specialist
Ubuntu Server Team | http://www.ubuntu.com/

A "bug in host" comes from following the http://marc.info/?t=120291582900002&r=1&w=2 link.

1) when you tell host to ask a nameserver for an answer, it prints out what it gets for answers.

2) If you ask a server that does not provide recursion, and it returns only a referral, and you didn't ask to see the non-answer part of the reply, then you get (correctly) that there are 'no answers' for your query.

Either (1) ask a nameserver that is going to deal with following the referrals, or (2) use a tool (host -v, or preferrably dig) to follow the referrals yourself.

Not a bug.

If I ask one of the .org nameservers for the nameservers for a subdomain ("sourceforge.org" say), then that should work, yes? (and no, it's not a recursive request.)

  $ host -t ns sourceforge.org. c0.org.afilias-nst.info.
  .
  .
  .
  sourceforge.org has no NS record

host -v does indeed show the required information coming back from c0.org.afilias-nst.info (correctly) in the Authority Section. host seems unable to recognise this though.