Bind config problem ?

[Jim Reid]

>>>>> "Per" == Per Weisteen <Per.Weisteen at hydro.com> writes:

    Per> I'm not getting the reply I expect on this DNS server. Any
    Per> ideas why ?

    Per> $ nslookup -q=ns getronics.com.  
    Per> Server: bjartur.unison.no
    Per> Address: 193.69.126.18

    Per> Authoritative answers can be found from:
    Per> COM
    Per>         origin = A.ROOT-SERVERS.NET
    Per>         mail addr = hostmaster.internic.NET
    Per>         serial = 2000061300
    Per>         refresh = 1800 (30M)
    Per>         retry = 900 (15M)
    Per>         expire = 604800 (1W)
    Per>         minimum ttl = 86400 (1D)

I wish people would stop using nslookup and use dig instead. Sigh.

The answer above is curious. It looks like your name server got a an
empty answer from root server, but with the root zone's SOA record in
the authority section of the reply. That suggests you looked up a
non-existent name. Could you have mistyped the command line in some
way so that the lookup was for a non-existent name? Or maybe nslookup
"helpfully" tacked on some name to "getronics.com" before making the
query? (That's just one of nslookup's endearing little quirks.)

Your version of nslookup is typically useless. It prints that SOA
record but doesn't seem to make it clear that the lookup presumably
failed NXDOMAIN, the answer section was empty and the SOA record came
in the authority section of the reply. All this would be blatantly
obvious if you'd used dig for the lookup.

When I use dig to ask your name server for getronics.com's NS records,
it answers correctly. Try using dig and see if it works for you. If
so, you know what to do with nslookup.. :-)

    Per> Server is running bind 8.2.2

Upgrade to 8.2.2-P5. There are security holes in 8.2.2. See
	http://www.isc.org/products/BIND/bind-security-19991108.html