Bind9 - Problems Adding NS record
Stafford, Paige L.
staffordp1 at ornl.gov
Wed Sep 1 15:27:59 UTC 2004
>-----Original Message-----
>From: Barry Finkel [mailto:b19141 at achilles.ctd.anl.gov]=20
>Sent: Wednesday, September 01, 2004 10:57 AM
>To: bind-users at isc.org
>Cc: Stafford, Paige L.
>Subject: Bind9 - Problems Adding NS record
>
>
>"Stafford, Paige L." <staffordp1 at ornl.gov> wrote:
>
>>I am having difficulty adding an NS records to my zone,=20
>ornl.gov. The delegation records for the AD domain controllers.
>>
>>I have tried nsupdate, and manual edits (freezing/unfreezing
then=20
>>stopping/starting), but am unable to get it to work. It works
fine=20
>>on the external Bind8 servers (ns.ornl.gov), but not the BIND9
internal=20
>>DNS (blocked at firewall), ns-int. Yet, the data in them are
exactly=20
>>the same.
>>
>>Problem: domaindnszones.ornl.gov. NS dc1.ornl.gov.=20
>>
>>There are ns records that work on ns-int, such as
>> _msdcs.ornl.gov and _tcp.ornl.gov which both=20
>point to dc1.ornl.gov.=20
>>
>>on ns-int:
>>running Bind-9.3.0rc3
>>SunOS ns1 5.9 Generic_117171-07 sun4u sparc SUNW,Sun-Fire-V240
>>
>>from named.run (running named -d )
>>31-Aug-2004 17:10:18.820 resquery 18d04f0 (fctx
193d528(domaindnszones.ornl.gov/NS)): response
>>31-Aug-2004 17:10:18.820 fctx
193d528(domaindnszones.ornl.gov/NS'): cancelquery
>>31-Aug-2004 17:10:18.820 fctx
193d528(domaindnszones.ornl.gov/NS'): add_bad
>>
>>ns-int> dig domaindnszones.ornl.gov
>>; <<>> DiG 9.3.0rc3 <<>> domaindnszones.ornl.gov
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1402
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,=20
>ADDITIONAL: 0
>>;; QUESTION SECTION:
>>;domaindnszones.ornl.gov. IN A
>>;; Query time: 5 msec
>>;; SERVER: 10.1.1.30#53(10.1.1.30)
>>;; WHEN: Tue Aug 31 21:33:40 2004
>>;; MSG SIZE rcvd: 41
>>
>>Any feedback would be appreciated.
>
>When you add the NS record=20
>
> domaindnszones.ornl.gov. NS dc1.ornl.gov.
>
>manually, what happens? You say that it does not work,=20
>but I am not sure what you mean by that. Are there messages in
the syslog? =20
no messages. I only get debugging messages that say there are 'no
addresses', and 'bad_add'.
>You gave an example=20
>
> dig domaindnszones.ornl.gov
>
>What is the output of
>
> dig _msdcs.ornl.gov
; <<>> DiG 9.3.0rc3 <<>> _msdcs.ornl.gov ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 110
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;_msdcs.ornl.gov. IN NS
;; ANSWER SECTION:
_msdcs.ornl.gov. 3600 IN NS dc1.ornl.gov.
_msdcs.ornl.gov. 3600 IN NS dc2.ornl.gov.
_msdcs.ornl.gov. 3600 IN NS dc3.ornl.gov.
;; ADDITIONAL SECTION:
dc1.ornl.gov. 86400 IN A 128.219.2.22
dc2.ornl.gov. 86400 IN A 160.91.1.16
dc3.ornl.gov. 86400 IN A 160.91.86.30
;; Query time: 3 msec
;; SERVER: 10.1.1.30#53(10.1.1.30)
;; WHEN: Wed Sep 1 11:12:37 2004
;; MSG SIZE rcvd: 135
>
>I am not sure if the "IN" is required in NS records. I=20
>always put that in my DNS records. =20
>
I've added it that way, but have also updated the file after named
rewite. When named re-writes the zone file (we're dynamic) it reorders
the records, replaces the domain "ornl.gov." with "$ORIGIN ornl.gov."
and removes the IN.
>P.S. I assume that you also have an NS record delegating the zone
>
> forestdnszones.ornl.gov
>
Yes, that's right.
>---------------------------------------------------------
>-------------
>Barry S. Finkel
>Computing and Instrumentation Solutions Division
>Argonne National Laboratory Phone: +1 (630) 252-7277
>9700 South Cass Avenue Facsimile:+1 (630) 252-4601
>Building 222, Room D209 Internet: BSFinkel at anl.gov
>Argonne, IL 60439-4828 IBMMAIL: I1004994
>
>
Named.run output (debug output)
01-Sep-2004 11:20:22.808 client 10.1.1.30#41541: UDP request
01-Sep-2004 11:20:22.808 client 10.1.1.30#41541: using view '_default'
01-Sep-2004 11:20:22.808 client 10.1.1.30#41541: request is not signed
01-Sep-2004 11:20:22.808 client 10.1.1.30#41541: recursion available
01-Sep-2004 11:20:22.808 client 10.1.1.30#41541: query
01-Sep-2004 11:20:22.808 client 10.1.1.30#41541: ns_client_attach: ref =
=3D
1
01-Sep-2004 11:20:22.809 client 10.1.1.30#41541: query
'forestdnszones.ornl.gov/NS/IN' approved
01-Sep-2004 11:20:22.809 client 10.1.1.30#41541: replace
01-Sep-2004 11:20:22.809 clientmgr @24c930: createclients
01-Sep-2004 11:20:22.809 clientmgr @24c930: recycle
01-Sep-2004 11:20:22.809 client @1947e30: udprecv
01-Sep-2004 11:20:22.809 createfetch: forestdnszones.ornl.gov NS
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'):
create
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'): join
01-Sep-2004 11:20:22.809 fetch 2229b8 (fctx
196c770(forestdnszones.ornl.gov/NS)): created
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'):
start
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'): try
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'):
cancelqueries
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'):
getaddresses
01-Sep-2004 11:20:22.809 fctx 196c770(forestdnszones.ornl.gov/NS'):
query
01-Sep-2004 11:20:22.809 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): send
01-Sep-2004 11:20:22.810 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): sent
01-Sep-2004 11:20:22.810 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): senddone
01-Sep-2004 11:20:22.810 client @1947e30: udprecv
01-Sep-2004 11:20:22.810 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): response
01-Sep-2004 11:20:22.810 fctx 196c770(forestdnszones.ornl.gov/NS'):
cancelquery
01-Sep-2004 11:20:22.810 fctx 196c770(forestdnszones.ornl.gov/NS'):
resend
01-Sep-2004 11:20:22.810 fctx 196c770(forestdnszones.ornl.gov/NS'):
query
01-Sep-2004 11:20:22.810 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): send
01-Sep-2004 11:20:22.810 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): sent
01-Sep-2004 11:20:22.810 resquery 19347e0 (fctx
196c770(forestdnszones.ornl.gov/NS)): senddone
More information about the bind-users
mailing list