New Domain, DNS Problems...
Bob Vance
bvance at sbm.com
Tue May 2 11:33:44 UTC 2000
Well, I didn't stick to the story very long ;>)
For the case of
www.xyz.cox
I didn't examine the debug output very closely!
The root server actually returned an NXDOMAIN error for the first request,
which is what we *really* should have expected, since he's authoritative for
"." and there is no "cox.". The data I saw returned was the SOA record
for
root, not an NS record as I erroneously reported in my previous post
(included at the end). In the other cases, where we ended the request with
a
valid domain ("com" or "edu"), he returned a NOERROR error code along with
the NS records:
# nslookup
> server f.root-servers.net
> set debug
> www.xyz.cox
Server: f.root-servers.net
Address: 192.5.5.241
;; res_mkquery(0, www.xyz.cox, 1, 1)
BV*****-----------^^^^^^^^^^^ *********
BV***** first lookup for the non-modified request *********
------------
Got answer:
HEADER:
opcode = QUERY, id = 7244, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.xyz.cox, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 86400 (1 day)
origin = A.ROOT-SERVERS.NET
mail addr = hostmaster.internic.NET
serial = 2000050101
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
minimum ttl = 86400 (1 day)
------------
;; res_mkquery(0, www.xyz.cox.caltech.edu, 1, 1)
BV*****----------------------^^^^^^^^^^^^ *********
BV***** second request with the domain appended *********
------------
Got answer:
HEADER:
opcode = QUERY, id = 875, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 0, authority records = 4, additional = 4
QUESTIONS:
www.xyz.cox.caltech.edu, type = A, class = IN
AUTHORITY RECORDS:
-> caltech.edu
nameserver = TYBALT.caltech.edu
...
ADDITIONAL RECORDS:
-> TYBALT.caltech.edu
internet address = 131.215.139.100
ttl = 172800 (2 days)
...
------------
Name: www.xyz.cox.caltech.edu
Served by:
- TYBALT.caltech.edu
131.215.139.100
caltech.edu
...
So, the end result is the NS records for "caltech.edu".
Now, if we try
# nslookup
> server f.root-servers.net
> www.xyz.cox.
^----------- notice the dot
The only result returned (there is only one request made since we requested
an absolute name) is the NXDOMAIN error, so we get:
*** f.root-servers.net can't find www.xyz.cox.: Non-existent host/domain
This all seems to make sense to me -- scary thought.
-------------------------------------------------
Tks | <mailto:BVance at sbm.com>
BV | <mailto:bobvance at alumni.caltech.edu>
Senior Tech. Consultant, SBM, A Gates/Arrow Co.
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
=================================================
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Bob Vance
Sent: Monday, May 01, 2000 5:31 PM
To: BIND Users Group (E-mail)
Subject: RE: New Domain, DNS Problems...
>I was figuring there must've been a trailing dot missing somewhere,
>but I can't find ...
I think I found it :---> . :)
------^
All seriousness aside, I did a little research on this at my remote
account, and here's what I found, which was interesting -- to me,
anyway:
'nslookup' is going to try to emulate resolver code.
Probably the /etc/resolv.conf on the system on which you tried the
lookup looks like
# cat /etc/resolv.conf
search (or domain) crcg.edu ...
...
If the request name doesn't end with a dot, nslookup prior to 4.9.3
would have first appended each domain name in the search list to the
name you type in, trying **first**:
www.jrentertainment.net.crcg.edu
.
nslookup.4.9.3, and later, would have seen the dot in your request and
would have *first* (unless you had set "ndots" greater than 2 :) tried
www.jrentertainment.net
exactly what you typed in, and *then* tried the appended versions if it
got no hit.
So, my first guess was that maybe you were using a 'nslookup' prior to
4.9.3.
But, by using a debug in 'nslookup', I found that the version which I
was using tried the
"www.jrentertainment.net"
first, which is what we would like, and *still* got the same results as
you did!!
What happened was that we were trying to use a root server for a
recursive lookup, but they don't support recursion. The root server
simply returned a referral to the authoritative name servers that it
knows about for the domain
"jrentertainment.net"
.
Apparently, since our 'nslookup' was looking for A records, it wasn't
happy with just the NS records, so it then tried
"www.jrentertainment.net.caltech.edu" (in my case)
Again, it was returned only NS records (in my case for "caltech.edu"
in your case for "crcg.edu" ).
This was the last try 'nslookup' could make (the search list only had
the local domain, "caltech.edu" in it).
I'm guessing that 'nslookup' then simply reports its *last* attempt
and whatever it got on it -- this being the NS records for our local
domain -- if it doesn't get what it wanted in the first place
(a recursive lookup on "www.jrentertainment.net" in our case).
Normally, adding a dot to the end of the request would is a normal
reaction when doing lookups when you want to force 'nslookup' to look
for exactly a particular name.
So, we might have tried
# nslookup
> www.jrentertainment.net.
But, this would make little difference, since it will *still* get only
the NS records for "jrentertainment.net".
'nslookup' simply stops *here* and reports the NS records for
jrentertainment.net
!!
Sure enough, simply trying
# nslookup
> www.xyz.cox
I get the results:
Name: www.xyz.cox.caltech.edu
Served by:
- TYBALT.caltech.edu
131.215.139.100
caltech.edu
...
So it reports its last try.
In this last case, debug shows that the root server first returned a
referral to another root server, which makes sense. I guess he's
saying,
"I don't know anything about ".cox", so go try this other
server that's authoritative for root -- maybe he can help.
"
That's my story and I'm sticking to it -- at least until Barry or
Cricket sets us straight :>)
-------------------------------------------------
Tks | <mailto:BVance at sbm.com>
BV | <mailto:bobvance at alumni.caltech.edu>
Senior Tech. Consultant, SBM, A Gates/Arrow Co.
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
=================================================
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Roger A. Prata
Sent: Sunday, April 30, 2000 6:28 PM
To: bind-users at isc.org
Subject: New Domain, DNS Problems...
Hello All: I have just registered a new domain, and I'm having quite a bit
of trouble getting the DNS running. I'm running BIND on Solaris 7. I
created all the proper files to serve DNS for this domain, and locally
things are OK. When I do an nslookup using a root server, I get the
following however:
Here's the result of an NSLOOKUP:
agony:~ >nslookup
Default Server: agony.crcg.edu
Address: 207.252.32.123
> server h.root-servers.net
Default Server: h.root-servers.net
Address: 128.63.2.53
> www.jrentertainment.net
Server: h.root-servers.net
Address: 128.63.2.53
Name: www.jrentertainment.net.crcg.edu
Served by:
- AGONY.CRCG.EDU
207.252.32.123
CRCG.EDU
- PAIN.CRCG.EDU
207.252.32.124
CRCG.EDU
I was figuring there must've been a trailing dot missing somewhere, but I
can't find anything wrong. Here's my /etc/named.boot:
agony:/etc >cat named.boot
;
; BIND data file to boot a primary name server.
;
; directory where all the data files are stored
directory /var/dns/namedb
; load the cache data last
cache . named.ca
;
; type domain source host/file
primary crcg.edu hosts.db
primary tradenet.to tradenet.db
primary mediasec.com mediasec.db
primary ammo.to ammo.db
primary bob.to bob.db
primary odin.to odin.db
primary jrentertainment.net jr.db
primary 94.0.199.in-addr.arpa hosts.rev
primary 135.245.205.in-addr.arpa hosts.rev135
primary 32.252.207.in-addr.arpa hosts.rev32
primary 33.252.207.in-addr.arpa hosts.rev33
primary 34.252.207.in-addr.arpa hosts.rev34
primary 35.252.207.in-addr.arpa hosts.rev35
primary 138.106.199.in-addr.arpa hosts.rev
;
primary 0.0.127.in-addr.arpa named.local
;
;forwarders 192.80.214.224
;forwarders 144.228.1.40
;forwarders 144.228.8.227
;forwarders 199.0.55.3
[18:20]
Here's the zone file, jr.db:
agony:/var/dns/namedb >cat jr.db
;
; Data file of hostnames in this zone.
;
@ IN SOA agony.crcg.edu. postmaster.agony.crcg.edu. (
1999061517 ; Serial
10800 ; Refresh
3000 ; Retry
864000 ; Expire
86400 ) ; Minimum
IN NS agony.crcg.edu.
; IN A 207.252.32.124
jrentertainment.net. IN MX 100 mx.crcg.edu.
;
; add A record for mail exchanger here
;
mx.crcg.edu. IN A 207.252.32.124
;
; %HOSTS_START% - entries added by bin/make_hosts
;
localhost IN A 127.0.0.1
"hosts-0" IN CNAME localhost
;
www IN A 207.252.32.124
"hosts-1" IN CNAME www
; %HOSTS_END%
What seems to be the problem? I'm lost... Thanks in advance!
-R
+--------------+---------------------------+-----------------------------+
| | |_|_|_|_| Roger A. Prata | URL: http://www.crcg.edu/ |
| __|__|_|_|_|_| UNIX Specialist | E-MAIL: rprata at crcg.edu |
| | |_|_|_|_| Fraunhofer Center for | |
| __|__|_|_|_|_| Research in Computer | |
| __ __ __ __| Graphics (CRCG), Inc. | |
| / / / / /_ | 321 South Main St. | PH : (+1) 401 453-6363 x102 |
|/_ / | /_ /_/ | Providence, RI 02903, USA | FAX: (+1) 401 453-0444 |
+--------------+---------------------------+-----------------------------+
More information about the bind-users
mailing list