[nzlug] Bind question:
Chris Hodgetts
chris at archnetnz.com
Fri Jun 6 14:29:37 NZST 2008
Having some really odd things with Bind.
I am running a hiddden master server:
shaggy
This server contains the following in a zone file:
$TTL 86400
@ IN SOA ns1.example.com. soa.example.com. (
2008060710 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.example.com.
NS ns2.example.com.
A XXX.XXX.XXX.XXX
caitlin A XXX.XXX.XXX.XXX
This is in the named.conf
zone "example.com" {
type master;
file "bw-master-fwd/example.com";
notify yes;
allow-transfer { "slaves";
XXX.XXX.XXX.XXX;
XXX.XXX.XXX.XXX;
};
also-notify {
XXX.XXX.XXX.XXX;
XXX.XXX.XXX.XXX;
};
};
The notify works, however each of the slave servers (which are public
accessible) (ns1.example.com and ns2.example.com) have the following in
the slaves file:
$ORIGIN .
$TTL 86400 ; 1 day
example.com IN SOA master.example.com. soa.example.com. (
2008060710 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
864000 ; expire (1 week 3 days)
86400 ; minimum (1 day)
)
NS ns1.example.com.
NS ns2.example.com.
A 202.74.198.108
$ORIGIN example.com.
caitlin A XXX.XXX.XXX.XXX
when you query each of the two name servers
> dig SOA @ns1.example.com example.com
> dig SOA @ns2.example.com example.com
They return the same serial number....
when you dig @ns1.example.com example.com you get the correct
information from the zone file:
caitlin:/etc/bind/primary# dig @ns1.example.com example.com
; <<>> DiG 9.4.2 <<>> @master.example.com example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49577
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 86400 IN A XXX.XXX.XXX.XXX
;; Query time: 512 msec
;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
;; WHEN: Fri Jun 6 14:23:12 2008
;; MSG SIZE rcvd: 54
but you dont get any authority sections, or additional results.
when you dig @ns2.example.com
caitlin:/etc/bind/primary# dig @ns2.example.com example.com
; <<>> DiG 9.4.2 <<>> @master.example.com example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64430
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 0 IN A XXX.XXX.XXX.XXX
;; AUTHORITY SECTION:
example.com. 86400 IN NS ns2.example.com.
example.com. 86400 IN NS ns1.example.com.
;; Query time: 237 msec
;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
;; WHEN: Fri Jun 6 14:24:55 2008
;; MSG SIZE rcvd: 102
caitlin:/etc/bind/primary#
And the A records are different, but the SOA / Serial Numbers are
identical.
When you query internally on the same network to ns1.example.com you get
the correct results, its just when you try and query it externally...
There are no views set up (it's bind 9.2.2) and I am stumped, I even
tried to remove and reinstall the bind instance but that did not help
either..
There does not appear to be any caching and when you turn off the server
on ns2.example.com the query times out, so I am pretty certain that I am
talking to the correct server.
Any help comments, suggestions, remarks, that might help would be
appreciated.
Thanks.
More information about the NZLUG
mailing list