Delegation question and nslookup wierdness

Kevin Darcy kcd at daimlerchrysler.com
Tue Mar 13 22:00:23 UTC 2001 

nslookup sucks (I bet you haven't heard me say *that* before!). It only does
its helpful "recognize IP addresses and automatically convert the lookup into
a reverse lookup regardless of whether the user wanted it or not" trick if the
query type is set to "A" (the default). If it's set to anything else, e.g.
q=any, then it's even dumber than usual. If you *must* use nslookup, at least
set debug mode so you can see what strange and bizarre things it's doing under
the covers. Then walk away muttering in disgust and use "dig" instead.

I'm not exactly sure what you mean by "my SOA dns is not asking the
lfa.lfc.edu SOA dns for records". There's really no such thing as a
"SOA" nameserver; there are masters and slaves. If you mean that zone
transfers aren't working, note that you have "allow-transfer { none;
};" defined on the master. What did you expect?


- Kevin

Nicholas Ritter wrote:

> I have a question regarding delegation of subdomains that also relates
> to some weird nslookup behavior.
>
> We have a class B ip space that we subnet pure class C subnets (on the
> octet boundry), with a subdomain for just about each subnet. I have a
> few subdomains that we are delegating to other institutions. With one
> domain that were are delegating, I can't seem to get it to work quite
> right, and would like to know what you all think.
>
> We are running BIND 8.2.3 on RedHat, and the zone table and named.conf
> section for the domain in question look like this:
>
> SOA DNS for lfc.edu: lfcnms.lfc.edu
> delegated SOA DNS for lfa.lfc.edu: lfapdc.lfa.lfc.edu
> subdomain: lfa.lfc.edu.
> ip subnet: 164.68.100.xxx
>
> named.conf:
>
> zone "lfa.lfc.edu" in {
>        type master;
>        file "lfa.lfc.edu.data";
>        allow-transfer { none; };
> };
>
> zone "100.68.164.in-addr.arpa" {
>        type master;
>        file "100.data";
>        allow-transfer { none; };
> };
>
> Zone files:
>
> lfa.lfc.edu:
>
> lfa.lfc.edu. IN SOA lfapdc.lfa.lfc.edu. ritter.LFC.EDU. (
>                1830428 ; Serial
>                10800 ; refresh every 3 hours
>                3600 ; retry every 1 hour
>                604800 ; expire in 1 week
>                86400 ) ; minimum TTL of 24 hours
> ;
> ;
> ; DNS servers for this arpa zone
> ;
> lfa.lfc.edu.    IN NS  lfapdc.lfa.lfc.edu.
>
> ;
> ;
> ;
> lfapdc.lfa.lfc.edu.     IN      A       164.68.100.4
>                        MX      0       gwia.lfa.lfc.edu.
>
> lfa.lfc.edu.            MX      10      gwia.lfa.lfc.edu.
> lfa.lfc.edu.            IN      A       164.68.100.4
>
> www.lfa.lfc.edu.                IN      CNAME           lfapdc.lfa.lfc.edu.
>
> gwia.lfa.lfc.edu.               IN       A       164.68.100.3
>                                MX       0       gwia.lfa.lfc.edu.
>
> 100.68.164.in-addr.arpa:
>
> 100.68.164.in-addr.arpa. IN SOA lfapdc.lfa.lfc.edu. ritter.LFC.EDU. (
>                1361516 ; Serial
>                10800 ; refresh every 3 hours
>                3600 ; retry every 1 hour
>                604800 ; expire in 1 week
>                86400 ) ; minimum TTL of 24 hours
> ;
> ;
> ; DNS servers for this arpa zone
> ;
> 100.68.164.in-addr.arpa.  IN  NS  lfapdc.lfa.lfc.edu.
> ;
> ;
> ;
> 3.100.68.164.in-addr.arpa.      IN      PTR     gwia.lfa.lfc.edu.
> 4.100.68.164.in-addr.arpa.      IN      PTR     lfapdc.lfa.lfc.edu.
> ;
>
> Is there anything wrong with the above config? I know that I am supposed
> to have two NS records for each zone, which I actually have, but not in
> yet. My question is, do I have the zones setup correctly in named.conf,
> and in the zone files themselves?
>
> On a related note, I notice that my SOA dns is not asking the
> lfa.lfc.edu SOA dns for records, and I don't know why. I figured it was
> a delegation issue of some sort, but not sure. I had to stick
> www.lfa.lfc.edu in my tables in order for it to work, even though the
> SOA server for lfa.lfc.edu has the record in it's tables.
>
> Additionally, I notice that I can do forward and reverse lookups, but I
> can't do both when I set type to any in nslookup. Any reason why? Below
> is the nslookup output.
>
> Thanx in advance for any input that you all can give me.
>
> Nicholas
>
> nslookup output:
>
> Default Server:  lfcnms.lfc.edu
> Address:  164.68.1.2
>
>  > www.lfa.lfc.edu
> Server:  lfcnms.lfc.edu
> Address:  164.68.1.2
>
> Name:    lfapdc.lfa.lfc.edu
> Address:  164.68.100.4
> Aliases:  www.lfa.lfc.edu
>
>  > lfa.lfc.edu
> Server:  lfcnms.lfc.edu
> Address:  164.68.1.2
>
> Name:    lfa.lfc.edu
> Address:  164.68.100.4
>
>  > 164.68.100.4
> Server:  lfcnms.lfc.edu
> Address:  164.68.1.2
>
> Name:    lfapdc.lfa.lfc.edu
> Address:  164.68.100.4
>
>  > set type=any
>  > lfa.lfc.edu
> Server:  lfcnms.lfc.edu
> Address:  164.68.1.2
>
> lfa.lfc.edu    nameserver = lfapdc.lfa.lfc.edu
> lfa.lfc.edu
>    origin = lfapdc.lfa.lfc.edu
>    mail addr = ritter.lfc.edu
>    serial = 1830428
>    refresh = 10800 (3H)
>    retry   = 3600 (1H)
>    expire  = 604800 (1W)
>    minimum ttl = 86400 (1D)
> lfa.lfc.edu    internet address = 164.68.100.4
> lfa.lfc.edu    preference = 10, mail exchanger = gwia.lfa.lfc.edu
> lfa.lfc.edu    nameserver = lfapdc.lfa.lfc.edu
> lfapdc.lfa.lfc.edu    internet address = 164.68.100.4
> gwia.lfa.lfc.edu    internet address = 164.68.100.3
>  > 164.68.100.4
> Server:  lfcnms.lfc.edu
> Address:  164.68.1.2
>
> *** lfcnms.lfc.edu can't find 164.68.100.4: Non-existent host/domain

More information about the bind-users mailing list