CNAME www. resolves on primary DNS put not on others

Pete Ehlke pde at ehlke.net
Sun Aug 4 13:27:17 UTC 2002 

On Sat, Aug 03, 2002 at 02:02:28PM -0700, rickster wrote:
> 
> I have a domain where ihomesforyou.com resolves fine (everybody) but my
> CNAME www.ihomesforyou.com doesn't resolve on others (resolves fine
> on mine with dig).   Here are my files or is it a firewall issue?
> 
> named.conf (relevant portion)
> 
> zone "ihomesforyou.com" in {
> type master;
> notify no;
> file "ihomesforyou.com.for";
> allow-transfer { key 4797.16673.nominum.; };
> };
> 
> zone "67.112.164.in-addr.arpa" { 

This zone is not delegated to you; it's delegated to the state police in
Queensland, Australia. Remember that you reverse the octets in an
in-addr.arpa zone. The block 67.112.164.0/24 is served as
164.112.67.in-addr.arpa.

Even then, 164.112.67.in-addr.arpa. looks to be a pacbell DSL block;
they're unlikely to delegate it to you, so your server will never be
consulted for these lookups. How much address space do you have? Contact
pacbell and ask how to do your own reverse DNS. It will likely involve
some variation on RFC 2317.

>            type master;             
>            file "67.112.164.rev"; 
>                            /* This is an example entry for a generic
>                             * subnet, it's syntax will be the same as
>                             * the localhost.db as they serve similar
>                             * functions
>                             */
>    };
> 
>  ihomesforyou.com.for
> 
> $TTL    86400
> @       IN      SOA     ns1.ihomesforyou.com. ns1.secondary.com. (
                                                ^^^^^^^^^^^^^^^^^
This field does not specify your secondary server, it encodes the email
address of the person responsible for the zone. There *may* be a valid
address of ns1 at secondary.com, but I seriously doubt that they'll answer
email about your domain. You probably want something like
rick.ihomesforyou.com. here.

>                         20020232 ; Serial, todays date + todays serial

If you're really encoding the date in your serial number, why does it
indicate that you last modified the zone on February 32nd? ;)

>                         80000      ; Refresh
>                         20000   ; Retry
>                         604800      ; Expire
>                         86400 
>                           )     ; Minimum TTL
>  IN        NS        ns1.ihomesforyou.com.
>  IN        NS         ns2.secondary.com

You forgot to dot terminate the RHS of this record, leaving you with an
NS record pointing to ns2.secondary.com.ihomesforyou.com.

> ihomesforyou.com.     IN NS ns1.secondary.com.
> ihomesforyou.com.     IN NS ns2.secondary.com.
> 
ns1.secondary.com is not listed as a server for ihomesforyou.com in the
com zone. If you're using both ns1 and ns2.secondary.com, you should go
back to your registrar and add the third server to your delegation data.

>  IN        A  67.112.164.194
>  MX        10   ihomesforyou.com.       
> www.ihomesforyou.com.             IN      CNAME   ihomesforyou.com.
> 
You need to have an A record for ns1.ihomesforyou.com in the
ihomesforyou.com zone. Lots of people mistakenly relied on BIND 8's
ebhaviour about this and are now suffering the loss of their zone's
visibility to people using BIND 9 resolver hosts. See
http://www.theregister.co.uk/content/55/26381.html for a recent, high
profile example.

> 67.112.164.rev
> 
> $TTL    86400
> @       IN      SOA     ns1.ihomesforyou.com. ns2.secondary.com. (
>                         20020710 ; Serial, todays date + todays serial
>                         3600     ; Refresh
>                         600   ; Retry
>                         3648000      ; Expire
>                         86400 
>                         )     ; Minimum TTL
>                    NS ns1.ihomesforyou.com.
> 1       PTR  ns1.ihomesforyou.com.

The gtld servers have an A record for ns1.ihomesforyou.com at
61.53.93.236. You seem to say here that its address is 67.112.164.1,
accounting for the incorrect way you defined the zone name. Why the
discrepancy? If ns1.ihomesforyou.com has moved from 61.53.93.236 to
67.112.164.1, you must update the glue record with your registrar.

Regardless of which address is correct, no server is answering on either
one. If your master server does not answer, your slave will either never
get the zone in the first place or will expire it. The secondary.com
servers are returning REFUSED to queries for ihomesforyou.com, which
indicates that they are not authoritative. Since you have configured a
nominum key, I'll assume that you actually did set up secondary.com to
slave your zone, so they have likely never transferred the data or it
has expired because they can't reghfresh it due to your non-functioning
master.

The reason that people can resolve ihomesforyou.com but not the CNAME
www.ihomesforyou.com is that there is a glue record for ihomesforyou.com
in the gtld servers, but there are no functioning name servers for the
zone. Why did you register a HOST record for ihomesforyou.com? That's
really a horrible idea, IMNSHO.

No offense, but are you sure you really want to be doing your own DNS?

-Pete

More information about the bind-users mailing list