Problems with a BIND server

Robert Moskowitz rgm at htt-consult.com
Wed Oct 14 05:41:22 UTC 2009 

Barry Margolin wrote:
> In article <mailman.693.1255466849.14796.bind-users at lists.isc.org>,
>  Robert Moskowitz <rgm at htt-consult.com> wrote:
>
>   
>> I have been running BIND here on my net for quite a few years time and 
>> run 2 views on my main server, for internal and external users.  I also 
>> have a separate BIND server on a test bed that uses a test TLD of htt.  
>> It has worked well for the past year.
>>
>> Now I have installed an Amahi server (amahi.org) and it is running its 
>> own BIND server with dynamic updates, as it is supporting NetBios 
>> clients.  My Amahi server is set up for home.htt and works for systems 
>> on its subnet (it also runs DHCPD).  I want access to the various Amahi 
>> apps to other systems here so I first:
>>
>> Set up my main server to be a slave for my test htt domain in its 
>> internal view.
>>
>> That is working well and I can get all the DNS information supported 
>> there (both hosts in htt and its sub-zone of mobile.htt).  Fine so far.
>>
>> Then I added a couple records to the zone file in htt to delegate home.htt:
>>
>> home.htt.   IN   NS   amahi.home.htt.
>> amahi.home.htt.   IN   A   192.168.1.2
>>
>> And nothing.
>>
>> I am NOT getting any information on the home.htt. sub-zone.  If I run 
>> 'nslookup - 192.168.1.2' I get all the information in the DNS, but 
>> neither of my internal BIND servers are getting information.  Almost as 
>> if the Amahi server is not honoring requests from other BIND servers or 
>> perhaps not on its net.
>>     
>
> Are you sure they're sending the queries to it?  Have you done a packet 
> capture to see what's being sent?
>   

Well I did some more testing.  Here are some results when host is run on 
my main DNS server which is a slave server for htt.

# host wiki.home.htt
wiki.home.htt has address 192.168.1.2
Host wiki.home.htt not found: 2(SERVFAIL)
Host wiki.home.htt not found: 2(SERVFAIL)

# host search.home.htt
Host search.home.htt not found: 2(SERVFAIL)

The later should also have responded with the same IP address. And why 
the two servfails?  Here is records from a TCPDUMP of the first host 
command:

# grep 1.2 trace.1
23:18:24.142341 IP 208.83.67.148.domain > 192.168.1.2.domain:  9401 
[1au] A? wiki.home.htt. (42)
23:18:24.144246 IP 192.168.1.2.domain > 208.83.67.148.domain:  9401*- 
1/1/1 A 192.168.128.2 (72)
23:18:24.149357 IP 208.83.67.148.domain > 192.168.1.2.domain:  11640% 
[1au] A? home.htt. (37)
23:18:24.149786 IP 208.83.67.148.domain > 192.168.1.2.domain:  46350% 
[1au] AAAA? home.htt. (37)
23:18:24.150804 IP 192.168.1.2.domain > 208.83.67.148.domain:  11640*- 
0/1/1 (78)
23:18:26.152190 IP 208.83.67.148.domain > 192.168.1.2.domain:  11257% 
[1au] AAAA? home.htt. (37)
23:18:26.152635 IP 208.83.67.148.domain > 192.168.1.2.domain:  22505% 
[1au] AAAA? hda.home.htt. (41)
23:18:26.153864 IP 192.168.1.2.domain > 208.83.67.148.domain:  11257*- 
0/1/1 (78)
23:18:28.154700 IP 208.83.67.148.domain > 192.168.1.2.domain:  49416% 
[1au] AAAA? hda.home.htt. (41)
23:18:28.156390 IP 192.168.1.2.domain > 208.83.67.148.domain:  49416*- 
0/1/1 (82)

And for the second command there were NO records to 192.168.1.2

And on my notebook that uses 208.83.67.148 as its only nameserver, 'host 
search.home.htt' has the following dump:

# tcpdump -n -i eth1 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:28:34.615393 IP 208.83.67.158.35220 > 208.83.67.148.domain:  4544+ A? 
search.home.htt. (33)
01:28:34.618864 IP 208.83.67.148.domain > 208.83.67.158.35220:  4544 
ServFail 0/0/0 (33)

So I am quite perplexed.

>   
>> Here are the named.conf and zone files:
>>
>> # automatically generated file by hdactl
>> options {
>>         listen-on-v6 port 53 { ::1; };
>>         directory "/var/named";
>>         dump-file "/var/named/data/cache_dump.db";
>>         statistics-file "/var/named/data/named_stats.txt";
>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>>         forward only;
>>         forwarders { 208.67.222.222; 208.67.220.220; };
>>         listen-on port 53 { 192.168.1.2; 127.0.0.1; };
>> };
>> logging {
>>         channel default_debug {
>>                 file "data/named.run";
>>                 severity dynamic;
>>         };
>> };
>> key "ddnskey" {
>>         algorithm hmac-md5;
>>         secret "----------------------";
>> };
>>
>> zone "home.htt" IN {
>>         type master;
>>         notify no;
>>         file "dynamic/hda-n2a.conf";
>>         allow-update { key ddnskey; };
>>         check-names ignore;
>> };
>>
>> zone "1.168.192.in-addr.arpa" IN {
>>         type master;
>>         notify no;
>>         file "dynamic/hda-a2n.conf";
>>         allow-update { key ddnskey; };
>>         check-names ignore;
>> };
>>
>>
>> and dynamic/hda-n2a.conf:
>>
>> $TTL    86400
>> @ IN SOA home.htt. root.home.htt. (
>>         0909130103 ; Serial
>>         28800   ; Refresh
>>         14400   ; Retry
>>         3600000 ; Expire
>>         86400 ) ; Minimum
>>                 IN NS home.htt.
>>                 IN MX 10 home.htt.
>> *       IN MX 10 home.htt.
>>
>> h001            A       192.168.1.1
>> .
>> .
>> .
>> hda             A       192.168.1.2
>> search          A       192.168.1.2
>> setup           A       192.168.1.2
>> calendar                A       192.168.1.2
>> help            A       192.168.1.2
>> wiki            A       192.168.1.2
>>
>>
>> So any tips on what to look for to get this working?
>>
>> I shot the day digging, and I can do things with BIND, but I am not all 
>> that skilled...
>>     
>
>

More information about the bind-users mailing list