[nzlug] Bind question:

Simon Lyall simon at darkmere.gen.nz
Fri Jun 6 15:05:56 NZST 2008 

It might be that "minimal-responses: yes" set on the one that is not
giving you the extra records.



On Fri, 6 Jun 2008, Chris Hodgetts wrote:
> Having some really odd things with Bind.
> I am running a hiddden master server:
>
> shaggy
>
> This server contains the following in a zone file:
>
>
> $TTL 86400
> @               IN      SOA     ns1.example.com.      soa.example.com. (
>                         2008060710      ; serial number
>                         28800           ; Refresh
>                         7200            ; Retry
>                         864000          ; Expire
>                         86400           ; Min TTL
>                         )
>
>                 NS      ns1.example.com.
>                 NS      ns2.example.com.
>
>                 A       XXX.XXX.XXX.XXX
>
> caitlin         A       XXX.XXX.XXX.XXX
>
>
> This is in the named.conf
>
> zone "example.com" {
>         type master;
>         file "bw-master-fwd/example.com";
>         notify yes;
>         allow-transfer { "slaves";
>                         XXX.XXX.XXX.XXX;
>                         XXX.XXX.XXX.XXX;
>                         };
>
>         also-notify {
>                         XXX.XXX.XXX.XXX;
>                         XXX.XXX.XXX.XXX;
>         };
> };
>
>
> The notify works, however each of the slave servers (which are public
> accessible) (ns1.example.com and ns2.example.com) have the following in
> the slaves file:
>
> $ORIGIN .
> $TTL 86400      ; 1 day
> example.com            IN SOA  master.example.com. soa.example.com. (
>                                 2008060710 ; serial
>                                 28800      ; refresh (8 hours)
>                                 7200       ; retry (2 hours)
>                                 864000     ; expire (1 week 3 days)
>                                 86400      ; minimum (1 day)
>                                 )
>                         NS      ns1.example.com.
>                         NS      ns2.example.com.
>                         A       202.74.198.108
> $ORIGIN example.com.
> caitlin                 A       XXX.XXX.XXX.XXX
>
>
> when you query each of the two name servers
>
> > dig SOA @ns1.example.com example.com
> > dig SOA @ns2.example.com example.com
>
> They return the same serial number....
>
> when you dig @ns1.example.com example.com you get the correct
> information from the zone file:
>
>
> caitlin:/etc/bind/primary# dig @ns1.example.com example.com
>
> ; <<>> DiG 9.4.2 <<>> @master.example.com example.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49577
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;example.com.			IN	A
>
> ;; ANSWER SECTION:
> example.com.		86400	IN	A	XXX.XXX.XXX.XXX
>
> ;; Query time: 512 msec
> ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
> ;; WHEN: Fri Jun  6 14:23:12 2008
> ;; MSG SIZE  rcvd: 54
>
>
> but you dont get any authority sections, or additional results.
>
> when you dig @ns2.example.com
>
> caitlin:/etc/bind/primary# dig @ns2.example.com example.com
>
> ; <<>> DiG 9.4.2 <<>> @master.example.com example.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64430
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;example.com.		        IN      A
>
> ;; ANSWER SECTION:
> example.com.   		0       IN      A       XXX.XXX.XXX.XXX
>
> ;; AUTHORITY SECTION:
> example.com.		86400   IN      NS      ns2.example.com.
> example.com.  		86400   IN      NS      ns1.example.com.
>
> ;; Query time: 237 msec
> ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
> ;; WHEN: Fri Jun  6 14:24:55 2008
> ;; MSG SIZE  rcvd: 102
>
> caitlin:/etc/bind/primary#
>
> And the A records are different, but the SOA / Serial Numbers are
> identical.
>
> When you query internally on the same network to ns1.example.com you get
> the correct results, its just when you try and query it externally...
>
> There are no views set up (it's bind 9.2.2) and I am stumped, I even
> tried to remove and reinstall the bind instance but that did not help
> either..
>
> There does not appear to be any caching and when you turn off the server
> on ns2.example.com the query times out, so I am pretty certain that I am
> talking to the correct server.
>
> Any help comments, suggestions, remarks, that might help would be
> appreciated.
>
> Thanks.
>
>
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
>

-- 
Simon Lyall  |  Very Busy  |  Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.

More information about the NZLUG mailing list