DNS Problem PLEASE HELP.

Kevin Darcy kcd at daimlerchrysler.com
Mon Jun 12 20:32:04 UTC 2000 

The "craven.com" zone has some problems:
1. You've commented out the A record for "jay.craven.com", which is the only
NS listed for the zone. (Curiosity: what's "ns.craven.com" for then, and
what's the point of setting it to the loopback address?), and
2. "localhost.", being in the *root* zone rather than in "craven.com" (since
you dot-terminated it), is perhaps being ignored by the nameserver. I say
"perhaps" because I don't remember how ancient old BIND 4 deals with
out-of-zone data. It may even depend on the exact version of BIND 4, which
you didn't specify.

Having said that, I'm not 100% sure why you're getting a "server failed",
though. Likely causes:
1. The BIND 4 you're running has rejected the zone because of one or both of
the aforementioned problems, so it answers all non-existent names in the
zone with "server failed", or
2. Unless my memory playing tricks on me (?), some of the earlier versions
of BIND 4 disliked blank lines in zone files (which could also potentially
cause the zone to be rejected), or,
3. When the initial "craven.com" lookup fails "normally" (empty answer),
"nslookup" is following its stupid search algorithm, tacking on some default
domain *other* than "craven.com", e.g. a query of
"craven.com.example.com" and then getting a "server failed" when it tries to
look up that other name. Nslookup is notorious for -- among other things --
reporting the *last* error it encounters to the user, even when the final
query that fails bears little resemblance to what the user actually asked
for. You can verify this possibility by turning on "debug" in nslookup, or,
even better, just using "dig".

Note that even if you fix all of this, the absence of any working NS for
"craven.com" is going to make it difficult for other nameservers to resolve
names in the zone. They would all have to explicitly be slaves, stubs or
forwarders to an authoritative server for the zone.

You really ought to be running BIND 8, by the way. BIND 4 is already
*very* old, and when BIND 9 comes out, it'll look positively paleolithic...


- Kevin

Justin Denney wrote:

> I'm configuring DNS on my linux machine and I've get it
> to do external queries for IP masquerading, bit I want it to
> work for my internal network.  I'm trying it on a network
> with 3 computer jay (the computer I'm trying to run the
> DNS on), terminator2 and server.  The domain name is
> craven.com and the internal network is 10.0.0.  Here a
> screen dump of what happens.
>
> [root at jay named]# nslookup
> Default Server:  localhost
> Address:  127.0.0.1
>
> > 127.0.0.1
> Server:  localhost
> Address:  127.0.0.1
>
> Name:    localhost
> Address:  127.0.0.1
>
> > set q=any
> > craven.com
> Server:  localhost
> Address:  127.0.0.1
>
> *** localhost can't find craven.com: Server failed
>
> PLEASE, PLEASE, PLEASE help me solve it, its driving me mad....
>
> Justin.......
>
> --------------------------------------------------------
> /etc/named.boot
>
> ;
> ; a caching only nameserver config
> ;
> directory       /var/named
> cache           .                      named.ca
> primary         0.0.127.in-addr.arpa   named.local
> primary         craven.com             named.craven.com
> ;primary                0.0.10.in-addr.arpa    named.10.0.0 commented out
> for the moment
>
> --------------------------------------------------------
> /var/named/named.local
> @       IN      SOA jay.craven.com. hostmaster.jay.craven.com. (
>                         1 ; serial
>                         28800 ; refresh
>                         7200 ; retry
>                         604800 ; expire
>                         86400 ; default_ttl
>                         )
>         NS      jay.craven.com.
> 1       PTR     localhost.
>
> --------------------------------------------------------
> /var/named/named.craven.com
>
> @       IN      SOA     jay.craven.com. hostmaster.jay.craven.com. (
>                         1 ; serial
>                         28800 ; refresh
>                         7200 ; retry
>                         604800 ; expire
>                         86400 ; default_ttl
>                         )
>
>                 NS              jay.craven.com.
>                 MX      10      jay.craven.com
>
> localhost.      A       127.0.0.1
> ns              A       127.0.0.1
> mail            A       127.0.0.1
>
> ; commented out
> ;server         A       10.0.0.10
> ;               HINFO   "i686"  "Windows98"
>
> ;terminator2     A       10.0.0.5
> ;               HINFO   "i686"  "Windows98"
>
> ;jay            A       10.0.0.1
> ;               HINFO   "i686"  "Linux Mandrake 7.0"

More information about the bind-users mailing list