bind-users Digest, Vol 1917, Issue 1
Bazy V
bzahy8 at gmail.com
Thu Aug 21 05:17:55 UTC 2014
My confusion arises from these 2 sections in replies from
bind-users Digest, Vol 1916, Issue 2# 4 reply states it "should be"
# 4 ----------------->
>Note that either 0.220/24 wasn't technically correct, it should be:
>220/24 NS ns2.sub.test.com.
>0.220 CNAME 0.220/24
>but that's an overkill as Phil correctly pointed out.
>--
>Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>Warning: I wish NOT to receive e-mail advertising to this address.
>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>Microsoft dick is soft to do no harm
# 3 ----------------------->
>The "220/24" isn't treated as a netmask for automatic expansion. It is
>used exactly. The only thing that generates records is the $GENERATE
>directive, but even it doesn't understand "220/24" as something for
> expansion.
> Mukund
>-------------- next part --------------
Coming to the main issue at hand, even pointing a /27 boundary from the
Linux server running BIND with the generate statements to pick up PTR from
the sub Windows Name server did not work.
>From the command line ( via dig and nslookup against the MS server) I can
lookup ip's which fall under the /27 boundary fine. So it could not be a
access or no response problem.
I have been using Bind for close to 10 years now. It documented well, lot
of resources on the web and this is the first time, I am using the mailing
list. Since what is suggested / found is not working out. I clearly
understand where the .220.20.17 PTR records need to be, and .20.17 need to
have the other NS. Stop preaching to the choir.
Since so many postings and doc's say this is the method. So it should have
worked for people and it is not working out in our scenario. I plan to
stand up another linux server and test it out. May be there is something
very specific to our setup and there might a problem with bind
doing/passing lookups against the MS DNS.
--------------------------------------------------------
>From: /dev/rob0 <rob0 at gmx.co.uk>
>Right. I wonder where the OP got that idea?
Not out of the blue, see above
Since someone owns a domain called test, are people prohibited from using
the phrase ' create a test domain' in their daily lives !!
----------------------------------------------------------
On Wed, Aug 20, 2014 at 8:00 AM, <bind-users-request at lists.isc.org> wrote:
> Send bind-users mailing list submissions to
> bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
> bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
> bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
> 1. Re: DNS reverse sub delegation NXDOMAIN problem, Class C
> (Matus UHLAR - fantomas)
> 2. no servers found (Adamiec, Lawrence)
> 3. Re: no servers found (Charles Swiger)
> 4. Re: no servers found (Adamiec, Lawrence)
> 5. Re: DNS reverse sub delegation NXDOMAIN problem, Class C
> (/dev/rob0)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Aug 2014 19:03:20 +0200
> From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
> To: bind-users at lists.isc.org
> Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C
> Message-ID: <20140819170320.GA32463 at fantomas.sk>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
> On 19.08.14 11:54, Bazy V wrote:
> >One post said 220/24 is not the correct format,
> >Another post said that is the format.
>
> no post said this.
>
> > Not sure which one is correct.
>
> 220.20.172.IN-ADDR.ARPA is the correct zone into which to put PTR records.
>
> >Setting 220 NS ns2.sub.test.com.
>
> this belongs to the 20.172.IN-ADDR.ARPA domain on your recursive nameserver
> - the one your resolv.conf points to.
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "To Boot or not to Boot, that's the question." [WD1270 Caviar]
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 19 Aug 2014 15:47:29 -0500
> From: "Adamiec, Lawrence" <ladamiec at kentlaw.iit.edu>
> To: bind-users at lists.isc.org
> Subject: no servers found
> Message-ID:
> <
> CAH89pHaEZ+ndqL8uG6G_SgiSW7sjdrdKi_YdjQtCdVbp-xsAXA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> HI,
>
> I am running BIND 9.6-ESV-R5-P1 on a Solaris 10 server. I can run queries
> without specifying a name server on my Solaris servers successfully. When
> I try to run a query on a Solaris 10 virtual server, I get "connection
> timed out; no servers could be reached" error.
>
> If I add the name servers from our main campus (or 8.8.8.8) to the virtual
> server's resolv.conf file, then dig will use the other name server and skip
> my name server to resolve the query which is successful.
>
> If i use dig and specify my master name server, then the query works fine.
>
> I do not understand why the virtual server cannot find the name servers on
> my campus (my building) unless I specify it.
>
>
> Host file contents of virtual server
> #
> # Internet host table
> #
> ::1 localhost
> 127.0.0.1 localhost
> 64.131.119.61 dnstest.kentlaw.edu dnstest loghost
> 64.131.119.11 nsa.kentlaw.edu nsa
> 64.131.119.12 nsb.kentlaw.edu nsb
>
>
> resolv.conf contents of virtual server
>
> domain kentlaw.edu
> nameserver 66.131.119.11
> nameserver 66.131.119.12
> nameserver 216.47.128.11
> nameserver 216.47.128.12
> nameserver 8.8.8.8
> search kentlaw.edu
>
>
> Larry
>
> Lawrence Adamiec
> UNIX Mgr/Web Support Specialist
> Illinois Institute of Technology-DTC
> 565 W. Adams St.
> Chicago, IL
> 60661
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20140819/563d60cf/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Tue, 19 Aug 2014 13:54:57 -0700
> From: Charles Swiger <cswiger at mac.com>
> To: "Adamiec, Lawrence" <ladamiec at kentlaw.iit.edu>
> Cc: bind-users at lists.isc.org
> Subject: Re: no servers found
> Message-ID: <2454357E-535D-41A7-834E-5F613A9A0C48 at mac.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi--
>
> On Aug 19, 2014, at 1:47 PM, "Adamiec, Lawrence" <ladamiec at kentlaw.iit.edu>
> wrote:
> > I am running BIND 9.6-ESV-R5-P1 on a Solaris 10 server. I can run
> queries without specifying a name server on my Solaris servers
> successfully. When I try to run a query on a Solaris 10 virtual server, I
> get "connection timed out; no servers could be reached" error.
> >
> > If I add the name servers from our main campus (or 8.8.8.8) to the
> virtual server's resolv.conf file, then dig will use the other name server
> and skip my name server to resolve the query which is successful.
>
> It's fairly normal for virtualization stuff to forbid network access from
> a VM to the host, via some combination of network interface configuration
> and NAT/firewall rules.
>
> If you're using VirtualBox, look into "bridged adaptor", ie:
>
> https://www.virtualbox.org/manual/ch06.html#network_bridged
>
> Regards,
> --
> -Chuck
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20140819/b27eb40b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Tue, 19 Aug 2014 16:07:50 -0500
> From: "Adamiec, Lawrence" <ladamiec at kentlaw.iit.edu>
> To: Charles Swiger <cswiger at mac.com>
> Cc: bind-users at lists.isc.org
> Subject: Re: no servers found
> Message-ID:
> <CAH89pHYeWd1VyhJzcNU86xyQkThWKVm+La=
> sb99hpYqw4jKZkA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I should have said it was a Solaris 10 zone (container). I am not using
> VirtualBox, VMware, or other third party software.
>
> Larry
>
>
>
> On Tue, Aug 19, 2014 at 3:54 PM, Charles Swiger <cswiger at mac.com> wrote:
>
> > Hi--
> >
> > On Aug 19, 2014, at 1:47 PM, "Adamiec, Lawrence" <
> ladamiec at kentlaw.iit.edu>
> > wrote:
> >
> > I am running BIND 9.6-ESV-R5-P1 on a Solaris 10 server. I can run
> queries
> > without specifying a name server on my Solaris servers successfully.
> When
> > I try to run a query on a Solaris 10 virtual server, I get "connection
> > timed out; no servers could be reached" error.
> >
> > If I add the name servers from our main campus (or 8.8.8.8) to the
> virtual
> > server's resolv.conf file, then dig will use the other name server and
> skip
> > my name server to resolve the query which is successful.
> >
> >
> > It's fairly normal for virtualization stuff to forbid network access from
> > a VM to the host, via some combination of network interface configuration
> > and NAT/firewall rules.
> >
> > If you're using VirtualBox, look into "bridged adaptor", ie:
> >
> > https://www.virtualbox.org/manual/ch06.html#network_bridged
> >
> > Regards,
> > --
> > -Chuck
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20140819/aadca1f3/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Tue, 19 Aug 2014 18:21:44 -0500
> From: /dev/rob0 <rob0 at gmx.co.uk>
> To: bind-users at lists.isc.org
> Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C
> Message-ID: <20140819232144.GU23739 at harrier.slackbuilds.org>
> Content-Type: text/plain; charset=us-ascii
>
> Sorry, this is going to be a pedantic post, so I might as well start
> here:
>
> > Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C
>
> No, there's no such thing as "Class C", so please forget that. It's
> a /24 network. CIDR is in; class is dismissed.
>
> On Tue, Aug 19, 2014 at 07:03:20PM +0200, Matus UHLAR - fantomas wrote:
> > On 19.08.14 11:54, Bazy V wrote:
> > >One post said 220/24 is not the correct format,
> > >Another post said that is the format.
> >
> > no post said this.
>
> Right. I wonder where the OP got that idea?
>
> > >Not sure which one is correct.
> >
> > 220.20.172.IN-ADDR.ARPA is the correct zone into which to put PTR
> > records.
> >
> > >Setting 220 NS ns2.sub.test.com.
>
> Test.com is a real Internet domain. Please don't use that if you
> aren't the actual owner.
>
> > this belongs to the 20.172.IN-ADDR.ARPA domain
>
> Yes, to repeat, and enhanced for RFC 2606 compliance:
>
> 220 NS ns2.sub.example.com.
>
> > on your recursive nameserver
> > - the one your resolv.conf points to.
>
> Well no, not necessarily. This is authoritative service we are
> discussing here.
>
> That said, sure, typically you're going to host such internal-only
> zones on a server that also does recursion. That's not required,
> however. The recursive server could have stub or static-stub zones,
> or even an alternate root zone, which points to the authoritative
> server.
>
> Pedantry complete.
> --
> http://rob0.nodns4.us/
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
>
>
> ------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> End of bind-users Digest, Vol 1917, Issue 1
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140821/14ba9fcb/attachment-0001.html>
More information about the bind-users
mailing list