Fw: nsupdate problem
Kevin Darcy
kcd at daimlerchrysler.com
Tue Apr 9 22:22:58 UTC 2002
Are you absolutely sure that *this* nameserver is getting the initial SOA query
from nsupdate? Look in the query log to verify.
- Kevin
Rakesh-Home wrote:
> Kevin,
> Yes it gives the correct info when I lookup for SOA record and also zone
> loaded without any errors, I checked the logs to verify that too.
>
> All other resolution also works fine .
> One more input this server is behind the Pix firewall can we have open
> 53/tcp/udp both in and out.
>
> Any thing else need's to be done
>
> Thank you.
> ----- Original Message -----
> From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> To: <bind-users at isc.org>
> Sent: Tuesday, April 09, 2002 2:02 PM
> Subject: Re: Fw: nsupdate problem
>
> >
> > What happens if you do an SOA query of rupalifinechem.com against the
> > 10.20.10.10 nameserver? Does it give reasonable information? If not, then
> > apparently the rupalifinechem.com zone is not loading properly. Look in
> your
> > logs to determine what the problem is.
> >
> >
> > - Kevin
> >
> > Rakesh-Shah wrote:
> >
> > > Sorry to post this question again, but if any one can help me would be
> > > great, since this seems to be a urgent issue.
> > >
> > > Thank you
> > > Rakesh Shah
> > > ----- Original Message -----
> > > From: "Rakesh-Shah" <rshah at rupalifinechem.com>
> > > To: <bind-users at isc.org>; <bind9-users at isc.org>
> > > Sent: Monday, April 08, 2002 9:12 PM
> > > Subject: nsupdate problem
> > >
> > > > Hello
> > > >
> > > > I am having some problem with the nsupdate, for some reason nsupdate
> does
> > > not do the proper updates to the zones
> > > >
> > > > My named.conf looks like this :
> > > > logging {
> > > > channel my_syslog {
> > > > syslog local0;
> > > > severity info;
> > > > };
> > > > channel stat_file {
> > > > file "/var/log/stats.log" versions 3 size 1k;
> > > > };
> > > > channel my_file {
> > > > file "/var/log/named.log" versions 3 size 10m;
> > > > severity dynamic;
> > > > print-category yes;
> > > > print-severity yes;
> > > > print-time yes;
> > > > };
> > > >
> > > > category default { my_syslog; };
> > > > category load { my_syslog; };
> > > > category update { my_syslog; };
> > > > category xfer-in { my_syslog; };
> > > > category xfer-out { my_syslog; };
> > > > category panic { my_syslog; };
> > > > category statistics { my_file; stat_file; };
> > > > category packet { my_file; };
> > > > category eventlib { my_file; };
> > > > category queries { my_file; };
> > > > };
> > > > options {
> > > > directory "/var/named";
> > > > transfer-format one-answer;
> > > > max-transfer-time-in 60; // one hour for zone
> transfering
> > > > coresize 0;
> > > > pid-file "/var/named/named.pid";
> > > > statistics-file "/var/log/named.stats";
> > > > interface-interval 10;
> > > > statistics-interval 1;
> > > > cleaning-interval 60;
> > > > allow-transfer { allow-list; };
> > > >
> > > >
> > > >
> > > > zone "." {
> > > > type hint;
> > > > file "master/db.cache";
> > > > };
> > > >
> > > > zone "0.0.127.in-addr.arpa" {
> > > > type master;
> > > > file "master/db.127.0.0";
> > > > };
> > > >
> > > >
> > > >
> > > > zone "rupalifinechem.com" {
> > > > type master;
> > > > file "master/db.rupalifinechem.com";
> > > > allow-query { any; };
> > > > allow-update { 10.20.10.10; };
> > > > };
> > > >
> > > > Here 10.20.10.10 is the internal ip of this server,
> > > >
> > > > Every thing works fine if I manually update the
> db.rupalifinechem.com
> > > and reload the named.
> > > >
> > > > Also I do not see any thing in the logs that relates to nsupdate.
> > > >
> > > > I checked my syslog.named which i a seperate syslog file for named,
> > > checked named.log and stats.log according to my conf file above
> > > >
> > > > when I give nsupdate
> > > >
> > > > >update add www.rupalifinechem.com. 1800 in a a 10.10.10.X
> > > > >
> > > > $
> > > >
> > > > It returns back to the prompt without any errors and nothing in the
> logs,
> > > I also tried giving allow-update ( any; }; for test but no luck with
> > > logging or dynamic updates, I have turned the debug on as well
> > > >
> > > >
> > > > Can you tell what am I missing here .....
> > > >
> > > > I tried using nsupdate -d and it looks like it is trying to go to
> the
> > > root servers to get the Ip address of the zone rupalifinechem.com and it
> > > times out. any help is appreciated.
> > > >
> > > > ; res_findzonecut: START dname='www.rupalifinechem.com.' class=IN,
> zsize=1025,
> > > naddr
> > > > s=3
> > > > ;; res_findzonecut: get the soa, and see if it has enough glue
> > > > ;; res_nmkquery(QUERY, www.foobar.com., IN, SOA)
> > > > ;; res_send()
> > > > ;; ->>HEADER<<- epode: QUERY, status: NOERROR, id: 45822
> > > > ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > > > ;; QUERY SECTION:
> > > > ;; www.rupalinechem.com, type = SOA, class = IN
> > > >
> > > > ;; Querying server (# 1) address = 10.20.10.10
> > > > ;; got answer:
> > > > ;; ->>HEADER<<- epode: QUERY, status: NXDOMAIN, id: 45822
> > > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
> 0
> > > > ;; QUERY SECTION:
> > > > ;; www.rupalifinechem.com, type = SOA, class = IN
> > > >
> > > > ;; AUTHORITY SECTION:
> > > > com. 1D IN SOA A.GTLD-SERVERS.NET.
> > > NSTLD.VERISIGN-GRS.c
> > > > om. (
> > > > 2002040800 ; serial
> > > > 30M ; refresh
> > > > 15M ; retry
> > > > 1W ; expiry
> > > > 1D ) ; minimum
> > > >
> > > >
> > > > ;; res_findzonecut: get the ns rrset and see if it has enough glue
> > > > ;; res_nmkquery(QUERY, com, IN, NS)
> > > > ;; res_send()
> > > > ;; ->>HEADER<<- epode: QUERY, status: NOERROR, id: 45823
> > > > ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > > > ;; QUERY SECTION:
> > > > ;; com, type = NS, class = IN
> > > >
> > > > ;; Querying server (# 1) address = 10.20.10.10
> > > > ;; got answer:
> > > > ;; ->>HEADER<<- epode: QUERY, status: NOERROR, id: 45823
> > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
> > > > ;; QUERY SECTION:
> > > > ;; com, type = NS, class = IN
> > > >
> > > > ;; ANSWER SECTION:
> > > > com. 21h19m52s IN NS K.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS E.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS M.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS A.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS G.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS H.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS C.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS I.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS B.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS D.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS L.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS F.GTLD-SERVERS.NET.
> > > > com. 21h19m52s IN NS J.GTLD-SERVERS.NET.
> > > >
> > > > ;; ADDITIONAL SECTION:
> > > > K.GTLD-SERVERS.NET. 1d20h17m4s IN A 213.177.194.5
> > > > E.GTLD-SERVERS.NET. 1d19h6m18s IN A 192.12.94.30
> > > > M.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.55.83.30
> > > > A.GTLD-SERVERS.NET. 3d16h41m18s IN A 192.5.6.30
> > > > G.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.42.93.30
> > > > H.GTLD-SERVERS.NET. 5d17h52m10s IN A 192.54.112.30
> > > > C.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.26.92.30
> > > > I.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.43.172.30
> > > > B.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.33.14.30
> > > > D.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.31.80.30
> > > > L.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.41.162.30
> > > > F.GTLD-SERVERS.NET. 1d20h17m4s IN A 192.35.51.30
> > > > J.GTLD-SERVERS.NET. 1d20h17m4s IN A 210.132.100.101
> > > >
> > > > ;; res_findzonecut: get the missing glue and see if it's finally
> enough
> > > > ;; res_findzonecut: add_addrs: 1
> > > > ;; res_findzonecut: add_addrs: 1
> > > > ;; res_findzonecut: add_addrs: 1
> > > > ;; res_findzonecut: satisfy(A.GTLD-SERVERS.NET): 3
> > > > ;; res_findzonecut: FINISH n=3 (OK)
> > > > ;; res_nupdate: res_mkupdate -> 51
> > > > ;; res_send()
> > > > ;; ->>HEADER<<- epode: UPDATE, status: NOERROR, id: 45824
> > > > ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 1, ADDITIONAL: 0
> > > > ;; com, type = SOA, class = IN
> > > > www.rupalifinechem.com. 30M IN A 10.20.10.10
> > > > ;; Querying server (# 1) address = 192.5.6.30
> > > > ;; timeout
> > > > ;; Querying server (# 2) address = 213.177.194.5
> > > > ;; new DG socket
> > > > ;; timeout
> > > > ;; Querying server (# 3) address = 192.12.94.30
> > > > ;; timeout
> > > > ;; Querying server (# 1) address = 192.5.6.30
> > > > ;; new DG socket
> > > > ;; timeout
> > > > ;; Querying server (# 2) address = 213.177.194.5
> > > > ;; timeout
> > > > ;; Querying server (# 3) address = 192.12.94.30
> > > > ;; timeout
> > > > ;; Querying server (# 1) address = 192.5.6.30
> > > > ;; timeout
> > > > ;; Querying server (# 2) address = 213.177.194.5
> > > > ^C
> > > >
> > > > All the resolution works fine.
> > > >
> > > >
> > > >
> > > >
> > > > I have Bind 8.2.3 on Solaris 8, I know that I need to upgrade soon to
> bind
> > > 9 but first I need to resolve this.
> > > >
> > > >
> > > >
> > > > Rakesh Shah
> > > >
> > > >
> > > >
> >
More information about the bind-users
mailing list