Problems with a BIND server
Barry Margolin
barmar at alum.mit.edu
Wed Oct 14 16:29:56 UTC 2009
In article <mailman.696.1255498841.14796.bind-users at lists.isc.org>,
Robert Moskowitz <rgm at htt-consult.com> wrote:
> Barry Margolin wrote:
> > In article <mailman.693.1255466849.14796.bind-users at lists.isc.org>,
> > Robert Moskowitz <rgm at htt-consult.com> wrote:
> >
> >
> >> I have been running BIND here on my net for quite a few years time and
> >> run 2 views on my main server, for internal and external users. I also
> >> have a separate BIND server on a test bed that uses a test TLD of htt.
> >> It has worked well for the past year.
> >>
> >> Now I have installed an Amahi server (amahi.org) and it is running its
> >> own BIND server with dynamic updates, as it is supporting NetBios
> >> clients. My Amahi server is set up for home.htt and works for systems
> >> on its subnet (it also runs DHCPD). I want access to the various Amahi
> >> apps to other systems here so I first:
> >>
> >> Set up my main server to be a slave for my test htt domain in its
> >> internal view.
> >>
> >> That is working well and I can get all the DNS information supported
> >> there (both hosts in htt and its sub-zone of mobile.htt). Fine so far.
> >>
> >> Then I added a couple records to the zone file in htt to delegate home.htt:
> >>
> >> home.htt. IN NS amahi.home.htt.
> >> amahi.home.htt. IN A 192.168.1.2
> >>
> >> And nothing.
> >>
> >> I am NOT getting any information on the home.htt. sub-zone. If I run
> >> 'nslookup - 192.168.1.2' I get all the information in the DNS, but
> >> neither of my internal BIND servers are getting information. Almost as
> >> if the Amahi server is not honoring requests from other BIND servers or
> >> perhaps not on its net.
> >>
> >
> > Are you sure they're sending the queries to it? Have you done a packet
> > capture to see what's being sent?
> >
>
> Well I did some more testing. Here are some results when host is run on
> my main DNS server which is a slave server for htt.
Can you post the named.conf file for the server you're querying, not the
server that hosts the subdomain? BTW, why are you using query
source-port 53?
>
> # host wiki.home.htt
> wiki.home.htt has address 192.168.1.2
> Host wiki.home.htt not found: 2(SERVFAIL)
> Host wiki.home.htt not found: 2(SERVFAIL)
>
> # host search.home.htt
> Host search.home.htt not found: 2(SERVFAIL)
>
> The later should also have responded with the same IP address. And why
> the two servfails? Here is records from a TCPDUMP of the first host
> command:
>
> # grep 1.2 trace.1
> 23:18:24.142341 IP 208.83.67.148.domain > 192.168.1.2.domain: 9401
> [1au] A? wiki.home.htt. (42)
> 23:18:24.144246 IP 192.168.1.2.domain > 208.83.67.148.domain: 9401*-
> 1/1/1 A 192.168.128.2 (72)
> 23:18:24.149357 IP 208.83.67.148.domain > 192.168.1.2.domain: 11640%
> [1au] A? home.htt. (37)
> 23:18:24.149786 IP 208.83.67.148.domain > 192.168.1.2.domain: 46350%
> [1au] AAAA? home.htt. (37)
> 23:18:24.150804 IP 192.168.1.2.domain > 208.83.67.148.domain: 11640*-
> 0/1/1 (78)
> 23:18:26.152190 IP 208.83.67.148.domain > 192.168.1.2.domain: 11257%
> [1au] AAAA? home.htt. (37)
> 23:18:26.152635 IP 208.83.67.148.domain > 192.168.1.2.domain: 22505%
> [1au] AAAA? hda.home.htt. (41)
> 23:18:26.153864 IP 192.168.1.2.domain > 208.83.67.148.domain: 11257*-
> 0/1/1 (78)
> 23:18:28.154700 IP 208.83.67.148.domain > 192.168.1.2.domain: 49416%
> [1au] AAAA? hda.home.htt. (41)
> 23:18:28.156390 IP 192.168.1.2.domain > 208.83.67.148.domain: 49416*-
> 0/1/1 (82)
>
> And for the second command there were NO records to 192.168.1.2
>
> And on my notebook that uses 208.83.67.148 as its only nameserver, 'host
> search.home.htt' has the following dump:
>
> # tcpdump -n -i eth1 port 53
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
> 01:28:34.615393 IP 208.83.67.158.35220 > 208.83.67.148.domain: 4544+ A?
> search.home.htt. (33)
> 01:28:34.618864 IP 208.83.67.148.domain > 208.83.67.158.35220: 4544
> ServFail 0/0/0 (33)
>
> So I am quite perplexed.
>
> >
> >> Here are the named.conf and zone files:
> >>
> >> # automatically generated file by hdactl
> >> options {
> >> listen-on-v6 port 53 { ::1; };
> >> directory "/var/named";
> >> dump-file "/var/named/data/cache_dump.db";
> >> statistics-file "/var/named/data/named_stats.txt";
> >> memstatistics-file "/var/named/data/named_mem_stats.txt";
> >> forward only;
> >> forwarders { 208.67.222.222; 208.67.220.220; };
> >> listen-on port 53 { 192.168.1.2; 127.0.0.1; };
> >> };
> >> logging {
> >> channel default_debug {
> >> file "data/named.run";
> >> severity dynamic;
> >> };
> >> };
> >> key "ddnskey" {
> >> algorithm hmac-md5;
> >> secret "----------------------";
> >> };
> >>
> >> zone "home.htt" IN {
> >> type master;
> >> notify no;
> >> file "dynamic/hda-n2a.conf";
> >> allow-update { key ddnskey; };
> >> check-names ignore;
> >> };
> >>
> >> zone "1.168.192.in-addr.arpa" IN {
> >> type master;
> >> notify no;
> >> file "dynamic/hda-a2n.conf";
> >> allow-update { key ddnskey; };
> >> check-names ignore;
> >> };
> >>
> >>
> >> and dynamic/hda-n2a.conf:
> >>
> >> $TTL 86400
> >> @ IN SOA home.htt. root.home.htt. (
> >> 0909130103 ; Serial
> >> 28800 ; Refresh
> >> 14400 ; Retry
> >> 3600000 ; Expire
> >> 86400 ) ; Minimum
> >> IN NS home.htt.
> >> IN MX 10 home.htt.
> >> * IN MX 10 home.htt.
> >>
> >> h001 A 192.168.1.1
> >> .
> >> .
> >> .
> >> hda A 192.168.1.2
> >> search A 192.168.1.2
> >> setup A 192.168.1.2
> >> calendar A 192.168.1.2
> >> help A 192.168.1.2
> >> wiki A 192.168.1.2
> >>
> >>
> >> So any tips on what to look for to get this working?
> >>
> >> I shot the day digging, and I can do things with BIND, but I am not all
> >> that skilled...
> >>
> >
> >
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list