[nzlug] Bind question:

Chris Hodgetts chris at archnetnz.com
Fri Jun 6 16:36:15 NZST 2008 

Just add:

When I am from home (recursion is on at the moment) and I query
google.com I get:

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17974
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		0	IN	A	2X9.8X.2XX.7X
google.com.		0	IN	A	2X9.8X.2XX.7X
google.com.		0	IN	A	2X9.8X.2XX.7X

;; AUTHORITY SECTION:
google.com.		344349	IN	NS	ns3.google.com.
google.com.		344349	IN	NS	ns4.google.com.
google.com.		344349	IN	NS	ns1.google.com.
google.com.		344349	IN	NS	ns2.google.com.



Cleary the incorrect IP addresses let alone ranges for google.
(Used X's incase I have a hugely insecure bind instance at the moment)

and always the TTL's are 0 for the A records.


On Fri, 2008-06-06 at 15:05 +1200, Simon Lyall wrote:
> It might be that "minimal-responses: yes" set on the one that is not
> giving you the extra records.
> 
> 
> 
> On Fri, 6 Jun 2008, Chris Hodgetts wrote:
> > Having some really odd things with Bind.
> > I am running a hiddden master server:
> >
> > shaggy
> >
> > This server contains the following in a zone file:
> >
> >
> > $TTL 86400
> > @               IN      SOA     ns1.example.com.      soa.example.com. (
> >                         2008060710      ; serial number
> >                         28800           ; Refresh
> >                         7200            ; Retry
> >                         864000          ; Expire
> >                         86400           ; Min TTL
> >                         )
> >
> >                 NS      ns1.example.com.
> >                 NS      ns2.example.com.
> >
> >                 A       XXX.XXX.XXX.XXX
> >
> > caitlin         A       XXX.XXX.XXX.XXX
> >
> >
> > This is in the named.conf
> >
> > zone "example.com" {
> >         type master;
> >         file "bw-master-fwd/example.com";
> >         notify yes;
> >         allow-transfer { "slaves";
> >                         XXX.XXX.XXX.XXX;
> >                         XXX.XXX.XXX.XXX;
> >                         };
> >
> >         also-notify {
> >                         XXX.XXX.XXX.XXX;
> >                         XXX.XXX.XXX.XXX;
> >         };
> > };
> >
> >
> > The notify works, however each of the slave servers (which are public
> > accessible) (ns1.example.com and ns2.example.com) have the following in
> > the slaves file:
> >
> > $ORIGIN .
> > $TTL 86400      ; 1 day
> > example.com            IN SOA  master.example.com. soa.example.com. (
> >                                 2008060710 ; serial
> >                                 28800      ; refresh (8 hours)
> >                                 7200       ; retry (2 hours)
> >                                 864000     ; expire (1 week 3 days)
> >                                 86400      ; minimum (1 day)
> >                                 )
> >                         NS      ns1.example.com.
> >                         NS      ns2.example.com.
> >                         A       202.74.198.108
> > $ORIGIN example.com.
> > caitlin                 A       XXX.XXX.XXX.XXX
> >
> >
> > when you query each of the two name servers
> >
> > > dig SOA @ns1.example.com example.com
> > > dig SOA @ns2.example.com example.com
> >
> > They return the same serial number....
> >
> > when you dig @ns1.example.com example.com you get the correct
> > information from the zone file:
> >
> >
> > caitlin:/etc/bind/primary# dig @ns1.example.com example.com
> >
> > ; <<>> DiG 9.4.2 <<>> @master.example.com example.com
> > ; (1 server found)
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49577
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;example.com.			IN	A
> >
> > ;; ANSWER SECTION:
> > example.com.		86400	IN	A	XXX.XXX.XXX.XXX
> >
> > ;; Query time: 512 msec
> > ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
> > ;; WHEN: Fri Jun  6 14:23:12 2008
> > ;; MSG SIZE  rcvd: 54
> >
> >
> > but you dont get any authority sections, or additional results.
> >
> > when you dig @ns2.example.com
> >
> > caitlin:/etc/bind/primary# dig @ns2.example.com example.com
> >
> > ; <<>> DiG 9.4.2 <<>> @master.example.com example.com
> > ; (1 server found)
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64430
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;example.com.		        IN      A
> >
> > ;; ANSWER SECTION:
> > example.com.   		0       IN      A       XXX.XXX.XXX.XXX
> >
> > ;; AUTHORITY SECTION:
> > example.com.		86400   IN      NS      ns2.example.com.
> > example.com.  		86400   IN      NS      ns1.example.com.
> >
> > ;; Query time: 237 msec
> > ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
> > ;; WHEN: Fri Jun  6 14:24:55 2008
> > ;; MSG SIZE  rcvd: 102
> >
> > caitlin:/etc/bind/primary#
> >
> > And the A records are different, but the SOA / Serial Numbers are
> > identical.
> >
> > When you query internally on the same network to ns1.example.com you get
> > the correct results, its just when you try and query it externally...
> >
> > There are no views set up (it's bind 9.2.2) and I am stumped, I even
> > tried to remove and reinstall the bind instance but that did not help
> > either..
> >
> > There does not appear to be any caching and when you turn off the server
> > on ns2.example.com the query times out, so I am pretty certain that I am
> > talking to the correct server.
> >
> > Any help comments, suggestions, remarks, that might help would be
> > appreciated.
> >
> > Thanks.
> >
> >
> > _______________________________________________
> > NZLUG mailing list NZLUG at linux.net.nz
> > http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
> >
>

More information about the NZLUG mailing list