Problems Resolving Active Directory Entries

Kevin Darcy kcd at daimlerchrysler.com
Thu Dec 9 21:25:07 UTC 2004 

Well, the obvious answer is that 192.168.9.10 is answering differently 
than 127.0.0.1. Do you have any "view"s defined in your config? Are you 
running multiple instances of named?

Failing that, if you "anonymized" the actual domains used for the 
purposes of posting to this list, check the original output 
*very*carefully* to verify that you didn't mistype something on your 
first query.

- Kevin


Jiann-Ming Su wrote:

>I'm using BIND 9.2.2.  I have the following in my db.mydomain.bogus file:
>
>  dc1.ad                IN      A       192.168.209.166
>  dc2.ad                IN      A       192.168.209.167
>
>  _TCP.ad             IN      NS      dc1.ad.mydomain.bogus.
>  _TCP.ad             IN      NS      dc2.ad.mydomain.bogus.
>  _UDP.ad             IN      NS      dc1.ad.mydomain.bogus.
>  _UDP.ad             IN      NS      dc2.ad.mydomain.bogus.
>  _MSDCS.ad           IN      NS      dc1.ad.mydomain.bogus.
>  _MSDCS.ad           IN      NS      dc2.ad.mydomain.bogus.
>  _SITES.ad           IN      NS      dc1.ad.mydomain.bogus.
>  _SITES.ad           IN      NS      dc2.ad.mydomain.bogus.
>  _DomainDnsZone.ad   IN      NS      dc1.ad.mydomain.bogus.
>  _DomainDnsZone.ad   IN      NS      dc2.ad.mydomain.bogus.
>  _ForrestDnsZone.ad  IN      NS      dc1.ad.mydomain.bogus.
>  _ForrestDnsZone.ad  IN      NS      dc2.ad.mydomain.bogus.
>
>Then I run dig on my master nameserver:
>
>  [ns-master]$ dig _TCP.ad.mydomain.bogus. -t SOA
>
>  ; <<>> DiG 9.2.2 <<>> _TCP.ad.mydomain.bogus. -t SOA
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36824
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;_TCP.ad.mydomain.bogus.         IN      SOA
>
>  ;; Query time: 2 msec
>  ;; SERVER: 192.168.9.10#53(192.168.9.10)
>  ;; WHEN: Thu Dec  9 15:13:11 2004
>  ;; MSG SIZE  rcvd: 39
>
>Notice that nothing returns.  But, if I specify the localhost to query:
>
>  [ns-master]$ dig @127.0.0.1 _TCP.ad.mydomain.bogus. -t SOA
>
>  ; <<>> DiG 9.2.2 <<>> @127.0.0.1 _TCP.ad.mydomain.bogus. -t SOA
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18235
>  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>
>  ;; QUESTION SECTION:
>  ;_TCP.ad.mydomain.bogus.         IN      SOA
>
>  ;; AUTHORITY SECTION:
>  _TCP.ad.mydomain.bogus.  86400   IN      NS      dc1.ad.mydomain.bogus.
>  _TCP.ad.mydomain.bogus.  86400   IN      NS      dc2.ad.mydomain.bogus.
>
>  ;; ADDITIONAL SECTION:
>  dc1.ad.mydomain.bogus. 86400 IN      A       192.168.209.166
>  dc2.ad.mydomain.bogus. 86400 IN  A       192.168.209.167
>
>  ;; Query time: 0 msec
>  ;; SERVER: 127.0.0.1#53(127.0.0.1)
>  ;; WHEN: Thu Dec  9 15:15:46 2004
>  ;; MSG SIZE  rcvd: 119
>
>For reference, dc1 and dc2 resolves:
>
>  [ns-master]$ dig dc1.ad.mydomain.bogus
>
>  ; <<>> DiG 9.2.2 <<>> dc1.ad.mydomain.bogus
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36776
>  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 8
>
>  ;; QUESTION SECTION:
>  ;dc1.ad.mydomain.bogus.      IN      A
>
>  ;; ANSWER SECTION:
>  dc1.ad.mydomain.bogus. 86400 IN      A       192.168.209.166
>
>  ;; AUTHORITY SECTION:
>  mydomain.bogus.              86400   IN      NS      ns1.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns2.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns3.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns4.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns5.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns6.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns7.mydomain.bogus.
>  mydomain.bogus.              86400   IN      NS      ns8.mydomain.bogus.
>
>  ;; ADDITIONAL SECTION:
>  ns1.mydomain.bogus.         86400   IN      A       192.168.200.30
>  ns2.mydomain.bogus.         86400   IN      A       192.168.16.100
>  ns3.mydomain.bogus.        86400   IN      A       192.168.5.100
>  ns4.mydomain.bogus.        86400   IN      A       192.168.48.100
>  ns5.mydomain.bogus.        86400   IN      A       192.168.32.100
>  ns6.mydomain.bogus.        86400   IN      A       192.168.1.1
>  ns7.mydomain.bogus.        86400   IN      A       192.168.96.100
>  ns8.mydomain.bogus.        86400   IN      A       192.168.2.1
>
>  ;; Query time: 1 msec
>  ;; SERVER: 192.168.9.10#53(192.168.9.10)
>  ;; WHEN: Thu Dec  9 15:23:15 2004
>  ;; MSG SIZE  rcvd: 353
>
>
>When I do a tcpdump of the DNS traffic, the only obvious difference I see
>is "Reply code: No such name (3)" for the one that didn't work.  Is this
>a bug?  Or, do I have something misconfigured?  Thanks for any insight.
>
>  
>

More information about the bind-users mailing list