Bind 9.2.1 not resolving names

Pete Ehlke pde at ehlke.net
Mon Jul 1 20:06:50 UTC 2002 

On Mon, Jul 01, 2002 at 11:30:23AM -0700, Brett Ussher wrote:
> I tried setting my w2k workstation up to point to a new bind server and
> discovered it could not be found.  Where I work is currently using two bind
> 9.2.1 servers (master, secondary) and I'm working on a test environment using a
> third, independent bind 9.2.1 server.  I tried using dig from a linux console
> prompt and got the following output:
> 
> # dig @140.198.8.135 140.198.4.158
> 
> ; <<>> DiG 9.2.0 <<>> @140.198.8.135 140.198.4.158
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20602
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;140.198.4.158.                 IN      A
> 
> ;; AUTHORITY SECTION:
> .                       10800   IN      SOA     A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2002070100 1800 900 604800 86400
> 
> ;; Query time: 116 msec
> ;; SERVER: 140.198.8.135#53(140.198.8.135)
> ;; WHEN: Mon Jul  1 11:01:30 2002
> ;; MSG SIZE  rcvd: 106
> 
> The current DNS admin here found the authority section of the output interesting
> since it seems to be trying to use 'nstld.verisign-grs.com' as the name server.

No, it's not. You're seeing the SOA record for ., which was returned because 
you have asked for an A record in a TLD (158.) that does not exist. 
nstld at verisign-grs.com is the rname field of that record.

What I expect you *wanted* to do was:

dig @140.198.8.135 -x 140.198.4.158

or:

dig @140.198.8.135 158.4.198.140.in-addr.arpa


> I've checked to see if bind is running on my server, it is with five instances

That's an FAQ. There are not five instances running, there are five
threads running in one instance, and linux's broken implementation of
ps(1) incorrectly shows each thread as a seperate process.

> and all my zone files are being noticed in /var/log/messages with notes like
> "serial loaded <serial number>" so it looks to be starting fine.
> 
> Anyone got any ideas on why my computers can't seem to reach my DNS server?
> 

Well, it seems they can, in fact, reach your server. The reply to your
dig query above came from the server that you asked. You just asked it a
bogus question ;)

-P.

More information about the bind-users mailing list