big problem - possibly dns?
Mark Andrews
Mark_Andrews at isc.org
Wed Dec 13 00:27:48 UTC 2006
> We've got a problem here that seems to be DNS related, but I'm not sure.
> We have a website http://blackboard.navarrocollege.edu. Yesterday
> some people started reporting that they couldn't access the website.
> Others can access it just fine.
>
> The problems started when we moved to a gigaman circuit, with a new
> firewall.
BIND 9 and BIND 8 support EDNS. Make sure your firewall
is configured to support EDNS. This usually requires
allowing through larger DNS/UDP packets (up to 4096 bytes
of payload). It also means allowing through IP fragments.
Check your firewall documentation.
> At the same time we began looking at upgrading our DNS
> server. Our primary server has been running Bind 4 (yes, I know!).
> Yesterday I tested a Bind 8 configuration (in preparation for moving up
> to Bind 9!). It appeared to be working, except that I had forgotten the
> CNAME for the server I'm having problems with.
Why were you re-entering data? BIND 8 and BIND 9 both read
the same master files as BIND 4 does. They are just stricter
than BIND 4 w.r.t. error in the master files.
> I switched back to my
> Bind 4 configuration thinking that we would function as before until I
> could complete the move to the new Bind.
Just go straight to BIND 9.
> I'm not sure what I should post to help diagnose this. Below is the
> primary zone file, and the in-addr.arpa. Note that we don't normally
> have TTL set to 900 - we just did that while we were trying to figure
> out this problem.
Use $TTL <value> or specify a TTL on the SOA line for the
default TTL. MINIMUM is use to specify a negative TTL.
See RFC 2308
> @ IN SOA dns.navarrocollege.edu.
> root.dns.navarrocollege.edu. (
>
> 2006121204 ; Serial Number YYMMDDxxx
> 900 ; Refresh 2dary
> 900 ; 2dary retries after ..
> 604800 ; 2dary says primary is dead after ..
> 900 ) ; TTL in cache (12 hours) - 30 min (1800)
> IN NS dns
> IN NS dns2
> navarrocollege.edu. IN MX 10 mailfoundry
> navarrocollege.edu. IN A 205.165.189.178
> mollybrown IN A 205.165.189.135
> ftp IN CNAME mollybrown
> astp IN A 205.165.189.139
> webadvisor IN CNAME astp
> testwa IN CNAME astp
> calendar IN CNAME astp
> ipac IN A 205.165.189.138
> dns IN A 205.165.189.130
> columbia IN CNAME dns
> localhost IN A 127.0.0.1
> sts IN A 205.165.189.178
> www IN CNAME sts
> layout IN CNAME sts
> foundation IN CNAME sts
> admin IN CNAME sts
> sbdc IN CNAME sts
> news IN CNAME sts
> search IN CNAME sts
> tour IN CNAME sts
> collegeday IN CNAME sts
> dns2 IN A 205.165.189.183
> apollo16 IN A 205.165.189.176
> blackboard IN CNAME apollo16
> gemini IN A 205.165.189.182
> mail IN CNAME gemini
> pop IN CNAME gemini
> gemini2 IN CNAME gemini
> ldap IN A 205.165.189.180
> mysql IN CNAME ldap
> test IN A 205.165.189.179
> navnet IN A 205.165.189.185
> catalog IN A 205.165.189.174
> mailfoundry IN A 205.165.189.184
> navarrocollege.edu. IN TXT "v=spf1 mx mx:johnwyoung.org
> mx:dana-holland.com mx:r
> oxanndawson.info mx:roddymcdowall.info ~all"
> gemini.navarrocollege.edu. IN TXT "v=spf1 a -all"
>
>
>
> @ IN SOA dns.navarrocollege.edu.
> root.dns.navarrocollege.edu. (
> 2006121203 ; Serial Number YYMMDDxxx
> 900 ; Refresh 2dary
> 900 ; 2dary retries after ..
> 604800 ; 2dary says primary is dead after ..
> 900 ) ; TTL in cache - 30 min
> 189.165.205.IN-ADDR.ARPA. IN NS dns.navarrocollege.edu.
> 189.165.205.IN-ADDR.ARPA. IN NS dns2.navarrocollege.edu.
> 130 IN PTR dns.navarrocollege.edu.
> 135 IN PTR mollybrown.navarrocollege.edu.
> 138 IN PTR ipac.navarrocollege.edu.
> 139 IN PTR astp.navarrocollege.edu.
> 178 IN PTR sts.navarrocollege.edu.
> 178 IN PTR dana-holland.com.
> 178 IN PTR johnwyoung.com.
> 178 IN PTR johnwyoung.net.
> 178 IN PTR johnwyoung.org.
> 178 IN PTR johnwyoung.info.
> 178 IN PTR dougboyte.com.
> 178 IN PTR cookplanetarium.us.
> 178 IN PTR cookcenter.us.
> 178 IN PTR pearcecollections.us.
> 178 IN PTR navarrocollege.org.
> 178 IN PTR navarrocollege.info.
> 176 IN PTR apollo16.navarrocollege.edu.
> 179 IN PTR mercury.navarrocollege.org.
> 183 IN PTR dns2.navarrocollege.edu.
> 180 IN PTR ldap.navarrocollege.edu.
> 182 IN PTR gemini.navarrocollege.edu.
> 184 IN PTR mailfoundry.navarrocollege.edu.
> 174 IN PTR catalog.navarrocollege.edu.
> 185 IN PTR navnet.navarrocollege.edu.
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list