Lump answers

Christine.Tran at east.sun.com Christine.Tran at east.sun.com
Fri Nov 26 23:32:19 UTC 1999 

There's been a lot of questions about the hint file and internal roots on the order of "Why do I see ... in my syslog?"

    ...  sysquery: no addrs found for root NS ()
    ...  sysquery: query(foo.com) contains our address
    ...  sysquery: query() No possible A RRs
    ...  info: No root nameservers for class IN

The answers have been varying, sometime contradictory or incomplete, and
confusing.  I've searched the dejanews archive back from 09/01/99 and the fix
are, in no particular order:

    - Use zone type master, not hint.
    - Use zone type hint, not master.
    - Your forwarder is not responding to query for root NS record.
    - Run named in debug, brew some coffee and get the BIND book.
    - ignore it and upgrade to 8.2.2

I'm not saying that all the questions are the same, but they are related, and
causal.  Here's a summary of my own experimentations, supplemented with
snippets of answers from the archives.

1:  If you are running a master or slave server connected to the Internet,
    assuming you want to reach the root servers, ftp root.cache from the
    InterNIC, and specify it in a zone of type hint.
        zone "." IN { type hint; file "/var/named/root.cache"; };

2:  If you are running a master server regardless of connection to the Internet,
    assuming you do not want to reach the root servers, but rather set yourself
    up as a fake root (that is, you say that you know everything about the
    namespace), make a fake.cache file and specify it in a zone of type master.
        zone "." IN { type master; file "/var/named/fake.cache"; };
    fake.cache should contain an SOA and NS RR, like any other zone file.
    (This begs the question, what happens if I use "forward" if I am root?)
    Before 8.2.2,you will see in syslog: info: No root nameservers for class IN
    This you can ignore.  
    All slaves will use a root.cache with the master's name and address in it.

3:  If you are a master not connected directly to the Internet but use a
    forwarder, you can:
    a) use a hint file with real root servers, use zone of type hint.
    Result: named tries to contact the root servers, since it's not connected
    to the Internet, it always timeouts and retries.  If you have enough
    bandwidth and can live with constant retries, you don't need to fix this.
    It's sloppy but it still works.

    b) forget the hint file all together
    Result:  nothing works.  syslog will complain: findns: No root nameservers
    for class IN?  This is not the same as the info message in case 2.  Case 2
    applies to root servers only.  You definitely need a hint file, but what
    goes in it?  Read on.

    c) use a hint file, specify yourself in it
    Result: no problem, everything works great.  syslog doesn't complain. I
    think this is the right setup (please tell me if I'm wrong).  However, if
    this is a slave, it has a set of problem all its own.

    If this is a slave, and your hint file specifies yourself, syslog will
    complain repeatedly: sysquery: no addrs found for root NS () ; query
    (foo.com) contains our address;  I don't know why this is:  I am a slave,
    but still authoritative. It works for my master.  

    If in my hint file I specify only my master, or my forwarder, syslog 
    complains once:
    check_hints: root NS list in hints for class 1 does not match root NS list
    check_hints: no A records for G.ROOT-SERVERS.NET class 1 in hints
    check_hints: no A records for M.ROOT-SERVERS.NET class 1 in hints
    (and so on for other root servers...)

    If in my hint file I specify myself, or my master, or my forwarder, followed
    by the list of real servers, syslog complains once:
    check_hints: root NS list in hints for class 1 does not match root NS list
    I did not observe it try to contact the real root servers, as compare
    to case a) above.

    all options except for b) works, although syslog will complain as noted.  I 
    haven't found a way to shut syslog up for good with a slave, can't say 
    what the right configuration is.


This is what I have distilled from the archives and my own tweaking.  Please
do correct me where I have been wrong.  I'd hate to find out later that I've
bungled it from the beginning and led a bunch of people down the wrong path.

CT

More information about the bind-users mailing list