resolving problems (nat involved?)
Kevin Darcy
kcd at daimlerchrysler.com
Thu Feb 15 00:31:22 UTC 2001
This may very well be NAT-related. I'm getting a mangled response to a PTR query
from your server:
% dig -x 195.29.212.242 ptr @ns.aquariusnet.hr
; <<>> DiG 8.2 <<>> -x ptr @ns.aquariusnet.hr
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 242.212.29.195.in-addr.arpa, type = PTR, class = IN
;; ns_parserr: Message too long
;; AUTHORITY SECTION:
242.212.29.195.in-addr.arpa. 1D IN NS .
;; ns_sprintrr: No space left on device
;; ADDITIONAL SECTION:
. 1D IN A 195.29.212.242
. 1D IN A 195.29.212.243
;; Total query time: 164 msec
;; FROM: fxiod01.is.chrysler.com to SERVER: ns.aquariusnet.hr 195.29.212.242
;; WHEN: Wed Feb 14 19:26:07 2001
;; MSG SIZE sent: 45 rcvd: 140
An "ANY" query works fine though. Your ISP's nameservers are probably
encountering the same problem when trying to recurse to your servers to resolve
the PTR query. That's why they return SERVFAIL.
By the way, you should probably upgrade to BIND 8.2.3 for security reasons.
- Kevin
Sinisa Jurisic wrote:
> Hi,
>
>
> I'm running 8.2.2-P7-NOESW and my nameservers are behind NAT so my NS's real
> public IP's (195.29.212.242 / 195.29.212.243) are mapped to 192.168.20.2 /
> 192.168.20.3. My ISP told me they've delegated 195.29.212.240-247 to my
> nameservers and that's about all information I could get from them.
> I'll stick to primary nameserver from now on. I've created two rev-zone
> files for it which are identical:
>
> -- 242.212.29.195.in-addr.arpa and 2.20.168.192.in-addr.arpa
> @ IN SOA ns.aquariusnet.hr. dns-admin.aquariusnet.hr. (
> 2001021401 ; serial
> 4H ; refresh
> 2H ; retry
> 1W3D ; expire
> 1D ) ; minimum
> NS ns.aquariusnet.hr.
> NS ns2.aquariusnet.hr.
> ;
> @ PTR ns.aquariusnet.hr.
> --
>
> Locally, it works fine:
>
> [scully] /etc/bind # dig -x 195.29.212.242
>
> ; <<>> DiG 8.2 <<>> -x
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; 242.212.29.195.in-addr.arpa, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> 242.212.29.195.in-addr.arpa. 1D IN PTR ns.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 1D IN NS ns.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 1D IN NS ns2.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 1D IN SOA ns.aquariusnet.hr.
> dns-admin.aquariusnet.hr. (
> 2001021401 ; serial
> 4H ; refresh
> 2H ; retry
> 1w3d ; expiry
> 1D ) ; minimum
>
> ;; AUTHORITY SECTION:
> 242.212.29.195.in-addr.arpa. 1D IN NS ns.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 1D IN NS ns2.aquariusnet.hr.
>
> ;; ADDITIONAL SECTION:
> ns.aquariusnet.hr. 1D IN A 195.29.212.242
> ns2.aquariusnet.hr. 1D IN A 195.29.212.243
>
> ;; Total query time: 3 msec
> ;; FROM: scully to SERVER: default -- 127.0.0.1
> ;; WHEN: Wed Feb 14 15:12:31 2001
> ;; MSG SIZE sent: 45 rcvd: 214
>
> [scully] /etc/bind # dig -x 195.29.212.242 ptr
>
> ; <<>> DiG 8.2 <<>> -x ptr
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; 242.212.29.195.in-addr.arpa, type = PTR, class = IN
>
> ;; ANSWER SECTION:
> 242.212.29.195.in-addr.arpa. 1D IN PTR ns.aquariusnet.hr.
>
> ;; AUTHORITY SECTION:
> 242.212.29.195.in-addr.arpa. 1D IN NS ns.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 1D IN NS ns2.aquariusnet.hr.
>
> ;; ADDITIONAL SECTION:
> ns.aquariusnet.hr. 1D IN A 195.29.212.242
> ns2.aquariusnet.hr. 1D IN A 195.29.212.243
>
> ;; Total query time: 2 msec
> ;; FROM: scully to SERVER: default -- 127.0.0.1
> ;; WHEN: Wed Feb 14 15:02:08 2001
> ;; MSG SIZE sent: 45 rcvd: 140
>
> But querying my ISP returns:
>
> [scully] /etc/bind # dig @dns1.tel.hr -x 195.29.212.242
>
> ; <<>> DiG 8.2 <<>> @dns1.tel.hr -x
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; 242.212.29.195.in-addr.arpa, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> 242.212.29.195.in-addr.arpa. 0S IN NS ns.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 0S IN NS ns2.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 22h24m17s IN SOA ns.aquariusnet.hr.
> dns-admin.aquariusnet.hr. (
> 2001021401 ; serial
> 4H ; refresh
> 2H ; retry
> 1w3d ; expiry
> 1D ) ; minimum
>
> ;; AUTHORITY SECTION:
> 242.212.29.195.in-addr.arpa. 0S IN NS ns.aquariusnet.hr.
> 242.212.29.195.in-addr.arpa. 0S IN NS ns2.aquariusnet.hr.
>
> ;; ADDITIONAL SECTION:
> ns.aquariusnet.hr. 0S IN A 192.168.20.2
> ns2.aquariusnet.hr. 0S IN A 192.168.20.3
>
> ;; Total query time: 486 msec
> ;; FROM: scully to SERVER: dns1.tel.hr 195.29.150.3
> ;; WHEN: Wed Feb 14 15:07:39 2001
> ;; MSG SIZE sent: 45 rcvd: 200
>
> [scully] /etc/bind # dig @dns1.tel.hr -x 195.29.212.242 ptr
>
> ; <<>> DiG 8.2 <<>> @dns1.tel.hr -x ptr
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; 242.212.29.195.in-addr.arpa, type = PTR, class = IN
>
> ;; Total query time: 609 msec
> ;; FROM: scully to SERVER: dns1.tel.hr 195.29.150.3
> ;; WHEN: Wed Feb 14 15:03:01 2001
> ;; MSG SIZE sent: 45 rcvd: 45
>
> During problematic query (last one) this happened:
>
> named[10636]: XX+/127.0.0.1/dns1.tel.hr/A/IN
> named[10636]: XX /195.29.150.3/2.20.168.192.in-addr.arpa/PTR/IN
> named[10636]: XX /195.29.150.3/2.20.168.192.in-addr.arpa/PTR/IN
> named[10636]: XX /195.29.150.3/2.20.168.192.in-addr.arpa/PTR/IN
>
> It isn't over yet:
>
> [scully] ~ # nslookup
> Default Server: ns.aquariusnet.hr
> Address: 192.168.20.2
>
> > set q=ptr
> > 242.212.29.195.in-addr.arpa.
> Server: ns.aquariusnet.hr
> Address: 192.168.20.2
>
> 242.212.29.195.in-addr.arpa name = ns.aquariusnet.hr
> 242.212.29.195.in-addr.arpa nameserver = ns.aquariusnet.hr
> 242.212.29.195.in-addr.arpa nameserver = ns2.aquariusnet.hr
> ns.aquariusnet.hr internet address = 195.29.212.242
> ns2.aquariusnet.hr internet address = 195.29.212.243
> > server ns
> Default Server: ns.aquariusnet.hr
> Address: 195.29.212.242
>
> > set q=ptr
> > 242.212.29.195.in-addr.arpa.
> Server: ns.aquariusnet.hr
> Address: 195.29.212.242
>
> (name truncated?)
> *** ns.aquariusnet.hr can't find 242.212.29.195.in-addr.arpa.: Unspecified
> error
> > server ns
> Default Server: ns.aquariusnet.hr
> Address: 192.168.20.2
>
> >
>
> Bind is loading zone files without errors and it passes them to the secondary
> just fine.
> Could someone tell me what I'm doing wrong?
>
> Thanks in advance,
>
> Sinisa
More information about the bind-users
mailing list