[nzlug] Bind question:

Steve Holdoway steve at greengecko.co.nz
Fri Jun 6 15:05:33 NZST 2008 

;; WARNING: recursion requested but not available is reported by ns1, but ns2 is perfectly happy. So ns2, using recursion, is providing an incorrect answer. Worrying!

Could it be that your slaves group definition contains incorrect ip addresses? Did you update the master, but not reset the serial??? Just about all I can think of!

Steve



On Fri, 06 Jun 2008 14:29:37 +1200
Chris Hodgetts <chris at archnetnz.com> wrote:

> Having some really odd things with Bind.
> I am running a hiddden master server:
> 
> shaggy
> 
> This server contains the following in a zone file:
> 
> 
> $TTL 86400
> @               IN      SOA     ns1.example.com.      soa.example.com. (
>                         2008060710      ; serial number
>                         28800           ; Refresh
>                         7200            ; Retry
>                         864000          ; Expire
>                         86400           ; Min TTL
>                         )
> 
>                 NS      ns1.example.com.
>                 NS      ns2.example.com.
> 
>                 A       XXX.XXX.XXX.XXX
> 
> caitlin         A       XXX.XXX.XXX.XXX
> 
> 
> This is in the named.conf
> 
> zone "example.com" {
>         type master;
>         file "bw-master-fwd/example.com";
>         notify yes;
>         allow-transfer { "slaves"; 
>                         XXX.XXX.XXX.XXX;
>                         XXX.XXX.XXX.XXX;
>                         };
> 
>         also-notify {
>                         XXX.XXX.XXX.XXX;
>                         XXX.XXX.XXX.XXX;
>         };
> };
> 
> 
> The notify works, however each of the slave servers (which are public
> accessible) (ns1.example.com and ns2.example.com) have the following in
> the slaves file:
> 
> $ORIGIN .
> $TTL 86400      ; 1 day
> example.com            IN SOA  master.example.com. soa.example.com. (
>                                 2008060710 ; serial
>                                 28800      ; refresh (8 hours)
>                                 7200       ; retry (2 hours)
>                                 864000     ; expire (1 week 3 days)
>                                 86400      ; minimum (1 day)
>                                 )
>                         NS      ns1.example.com.
>                         NS      ns2.example.com.
>                         A       202.74.198.108
> $ORIGIN example.com.
> caitlin                 A       XXX.XXX.XXX.XXX
> 
> 
> when you query each of the two name servers 
> 
> > dig SOA @ns1.example.com example.com
> > dig SOA @ns2.example.com example.com
> 
> They return the same serial number....
> 
> when you dig @ns1.example.com example.com you get the correct
> information from the zone file:
> 
> 
> caitlin:/etc/bind/primary# dig @ns1.example.com example.com
> 
> ; <<>> DiG 9.4.2 <<>> @master.example.com example.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49577
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;example.com.			IN	A
> 
> ;; ANSWER SECTION:
> example.com.		86400	IN	A	XXX.XXX.XXX.XXX
> 
> ;; Query time: 512 msec
> ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
> ;; WHEN: Fri Jun  6 14:23:12 2008
> ;; MSG SIZE  rcvd: 54
> 
> 
> but you dont get any authority sections, or additional results.
> 
> when you dig @ns2.example.com
> 
> caitlin:/etc/bind/primary# dig @ns2.example.com example.com
> 
> ; <<>> DiG 9.4.2 <<>> @master.example.com example.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64430
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;example.com.		        IN      A
> 
> ;; ANSWER SECTION:
> example.com.   		0       IN      A       XXX.XXX.XXX.XXX
> 
> ;; AUTHORITY SECTION:
> example.com.		86400   IN      NS      ns2.example.com.
> example.com.  		86400   IN      NS      ns1.example.com.
> 
> ;; Query time: 237 msec
> ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
> ;; WHEN: Fri Jun  6 14:24:55 2008
> ;; MSG SIZE  rcvd: 102
> 
> caitlin:/etc/bind/primary# 
> 
> And the A records are different, but the SOA / Serial Numbers are
> identical.
> 
> When you query internally on the same network to ns1.example.com you get
> the correct results, its just when you try and query it externally...
> 
> There are no views set up (it's bind 9.2.2) and I am stumped, I even
> tried to remove and reinstall the bind instance but that did not help
> either..
> 
> There does not appear to be any caching and when you turn off the server
> on ns2.example.com the query times out, so I am pretty certain that I am
> talking to the correct server.
> 
> Any help comments, suggestions, remarks, that might help would be
> appreciated.
> 
> Thanks.
> 
> 
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.linux.net.nz/pipermail/nzlug/attachments/20080606/0de9b4b7/attachment.pgp

More information about the NZLUG mailing list