Bind 9.2.1 not resolving names
Pete Ehlke
pde at ehlke.net
Mon Jul 1 20:06:50 UTC 2002
On Mon, Jul 01, 2002 at 11:30:23AM -0700, Brett Ussher wrote:
> I tried setting my w2k workstation up to point to a new bind server and
> discovered it could not be found. Where I work is currently using two bind
> 9.2.1 servers (master, secondary) and I'm working on a test environment using a
> third, independent bind 9.2.1 server. I tried using dig from a linux console
> prompt and got the following output:
>
> # dig @140.198.8.135 140.198.4.158
>
> ; <<>> DiG 9.2.0 <<>> @140.198.8.135 140.198.4.158
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20602
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;140.198.4.158. IN A
>
> ;; AUTHORITY SECTION:
> . 10800 IN SOA A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2002070100 1800 900 604800 86400
>
> ;; Query time: 116 msec
> ;; SERVER: 140.198.8.135#53(140.198.8.135)
> ;; WHEN: Mon Jul 1 11:01:30 2002
> ;; MSG SIZE rcvd: 106
>
> The current DNS admin here found the authority section of the output interesting
> since it seems to be trying to use 'nstld.verisign-grs.com' as the name server.
No, it's not. You're seeing the SOA record for ., which was returned because
you have asked for an A record in a TLD (158.) that does not exist.
nstld at verisign-grs.com is the rname field of that record.
What I expect you *wanted* to do was:
dig @140.198.8.135 -x 140.198.4.158
or:
dig @140.198.8.135 158.4.198.140.in-addr.arpa
> I've checked to see if bind is running on my server, it is with five instances
That's an FAQ. There are not five instances running, there are five
threads running in one instance, and linux's broken implementation of
ps(1) incorrectly shows each thread as a seperate process.
> and all my zone files are being noticed in /var/log/messages with notes like
> "serial loaded <serial number>" so it looks to be starting fine.
>
> Anyone got any ideas on why my computers can't seem to reach my DNS server?
>
Well, it seems they can, in fact, reach your server. The reply to your
dig query above came from the server that you asked. You just asked it a
bogus question ;)
-P.
More information about the bind-users
mailing list