big problem - possibly dns?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Dec 13 00:41:42 UTC 2006
OK, this is pretty confusing:
1) you upgraded your network hardware/topology, and some people (but not
others) were having problems accessing your website,
2) You took a stab at upgrading from BIND 4 to BIND 8 in preparation for
BIND 9 (why not just save some time by going directly to BIND 9?), but
you forgot to add a CNAME so you went back to BIND 4 (????). Why didn't
you just add the CNAME record that was missing?
In the interim, I'll just throw out some observations:
1) Syntactically, the only thing I (and the named-checkzone utility) see
wrong with your forward zone file is the absence of the $TTL directive,
but I think even that should be acceptable to most/all versions of BIND 8.
2) In your reverse zone, you have one name
(178.189.162.205.in-addr.arpa) that owns multiple PTR records. While
legal, this is highly DISrecommended. No known application looks beyond
the first record, so why supply more than that? It just bloats the size
of the response packet, in extreme cases to the point where the response
size overflows the allowable size of a DNS UDP packet, and the query
therefore has to be retried using TCP.
- Kevin
P.S. If and when it comes time to upgrade to BIND 9, check out the
"migration" files under doc/misc in the BIND 9 distribution.
Dana Holland wrote:
> We've got a problem here that seems to be DNS related, but I'm not sure.
> We have a website http://blackboard.navarrocollege.edu. Yesterday
> some people started reporting that they couldn't access the website.
> Others can access it just fine.
>
> The problems started when we moved to a gigaman circuit, with a new
> firewall. At the same time we began looking at upgrading our DNS
> server. Our primary server has been running Bind 4 (yes, I know!).
> Yesterday I tested a Bind 8 configuration (in preparation for moving up
> to Bind 9!). It appeared to be working, except that I had forgotten the
> CNAME for the server I'm having problems with. I switched back to my
> Bind 4 configuration thinking that we would function as before until I
> could complete the move to the new Bind.
>
> I'm not sure what I should post to help diagnose this. Below is the
> primary zone file, and the in-addr.arpa. Note that we don't normally
> have TTL set to 900 - we just did that while we were trying to figure
> out this problem.
>
> @ IN SOA dns.navarrocollege.edu.
> root.dns.navarrocollege.edu. (
>
> 2006121204 ; Serial Number YYMMDDxxx
> 900 ; Refresh 2dary
> 900 ; 2dary retries after ..
> 604800 ; 2dary says primary is dead after ..
> 900 ) ; TTL in cache (12 hours) - 30 min (1800)
> IN NS dns
> IN NS dns2
> navarrocollege.edu. IN MX 10 mailfoundry
> navarrocollege.edu. IN A 205.165.189.178
> mollybrown IN A 205.165.189.135
> ftp IN CNAME mollybrown
> astp IN A 205.165.189.139
> webadvisor IN CNAME astp
> testwa IN CNAME astp
> calendar IN CNAME astp
> ipac IN A 205.165.189.138
> dns IN A 205.165.189.130
> columbia IN CNAME dns
> localhost IN A 127.0.0.1
> sts IN A 205.165.189.178
> www IN CNAME sts
> layout IN CNAME sts
> foundation IN CNAME sts
> admin IN CNAME sts
> sbdc IN CNAME sts
> news IN CNAME sts
> search IN CNAME sts
> tour IN CNAME sts
> collegeday IN CNAME sts
> dns2 IN A 205.165.189.183
> apollo16 IN A 205.165.189.176
> blackboard IN CNAME apollo16
> gemini IN A 205.165.189.182
> mail IN CNAME gemini
> pop IN CNAME gemini
> gemini2 IN CNAME gemini
> ldap IN A 205.165.189.180
> mysql IN CNAME ldap
> test IN A 205.165.189.179
> navnet IN A 205.165.189.185
> catalog IN A 205.165.189.174
> mailfoundry IN A 205.165.189.184
> navarrocollege.edu. IN TXT "v=spf1 mx mx:johnwyoung.org
> mx:dana-holland.com mx:r
> oxanndawson.info mx:roddymcdowall.info ~all"
> gemini.navarrocollege.edu. IN TXT "v=spf1 a -all"
>
>
>
> @ IN SOA dns.navarrocollege.edu.
> root.dns.navarrocollege.edu. (
> 2006121203 ; Serial Number YYMMDDxxx
> 900 ; Refresh 2dary
> 900 ; 2dary retries after ..
> 604800 ; 2dary says primary is dead after ..
> 900 ) ; TTL in cache - 30 min
> 189.165.205.IN-ADDR.ARPA. IN NS dns.navarrocollege.edu.
> 189.165.205.IN-ADDR.ARPA. IN NS dns2.navarrocollege.edu.
> 130 IN PTR dns.navarrocollege.edu.
> 135 IN PTR mollybrown.navarrocollege.edu.
> 138 IN PTR ipac.navarrocollege.edu.
> 139 IN PTR astp.navarrocollege.edu.
> 178 IN PTR sts.navarrocollege.edu.
> 178 IN PTR dana-holland.com.
> 178 IN PTR johnwyoung.com.
> 178 IN PTR johnwyoung.net.
> 178 IN PTR johnwyoung.org.
> 178 IN PTR johnwyoung.info.
> 178 IN PTR dougboyte.com.
> 178 IN PTR cookplanetarium.us.
> 178 IN PTR cookcenter.us.
> 178 IN PTR pearcecollections.us.
> 178 IN PTR navarrocollege.org.
> 178 IN PTR navarrocollege.info.
> 176 IN PTR apollo16.navarrocollege.edu.
> 179 IN PTR mercury.navarrocollege.org.
> 183 IN PTR dns2.navarrocollege.edu.
> 180 IN PTR ldap.navarrocollege.edu.
> 182 IN PTR gemini.navarrocollege.edu.
> 184 IN PTR mailfoundry.navarrocollege.edu.
> 174 IN PTR catalog.navarrocollege.edu.
> 185 IN PTR navnet.navarrocollege.edu.
>
>
>
>
>
>
More information about the bind-users
mailing list