Re: BIND 9.4.3-P2 doesn't delegate zone!

Tue, 05 Apr 2011 12:30:32 -0700

A. Stop using nslookup. It's a really horrible DNS troubleshooting tool. Learn to use dig. B. Do a zone transfer (via dig) of the united-networks.ru zone from the primary master, to verify that the correct delegation record, and associated glue, are contained within named's in-core database of the zone C. The "domain.united-networks.ru" A record (between the delegation NS record and the "srvmain" glue record) in the parent zone is completely useless, since it's not required glue and would be "covered up" by any A record -- or even the absence of an A record -- at the apex of the child zone. I would delete that A record from the parent zone -- its only function is to use up space and engender confusion. D. Your SOA query of the child zone from its master returned no NS records in the Authority Section, which is rather odd. How are the NS records configured in the child zone? Do they match the delegation record from the parent zone?
- Kevin 

On 4/2/2011 1:05 PM, Яцко Эллад Геннадьевич wrote:

Dear Phil!


What did you mean saying: "Are you sure you've reloaded the zone? " 
Did you mean do I "rndc reload united-networks.ru in internal" - Yes! 
I don't remember, did I change serial every time I changed zone-file. 
But now I did all the things required. I changed serial, I reloaded 
zone, I even restarted named its own! :-) There is the following 
effect (from viewpoint of 172.16.77.11):
C:\Program Files\Far2>nslookup srvmain.domain.united-networks.ru. 
172.16.77.1

╤хЁтхЁ:  srvgate-msk.runoguy.ru
Address:  172.16.77.1

╚ь :     srvmain.domain.united-networks.ru
Address:  172.16.77.2


C:\Program Files\Far2>

NAMED knows its address itself:

19611.924018 172.16.77.11 -> 172.16.77.1  DNS Standard query PTR 
1.77.16.172.in-addr.arpa
19611.924375  172.16.77.1 -> 172.16.77.11 DNS Standard query response 
PTR srvgate-msk.runoguy.ru
19611.926342 172.16.77.11 -> 172.16.77.1  DNS Standard query A 
srvmain.domain.united-networks.ru
19611.926516  172.16.77.1 -> 172.16.77.11 DNS Standard query response 
A 172.16.77.2
19611.927755 172.16.77.11 -> 172.16.77.1  DNS Standard query AAAA 
srvmain.domain.united-networks.ru

19611.927895  172.16.77.1 -> 172.16.77.11 DNS Standard query response

But the next is courious:
C:\Program Files\Far2>nslookup domain.united-networks.ru. 172.16.77.1
╤хЁтхЁ:  srvgate-msk.runoguy.ru
Address:  172.16.77.1

╚ь :     domain.united-networks.ru

C:\Program Files\Far2>

And:

19664.732793 172.16.77.11 -> 172.16.77.1  DNS Standard query PTR 
1.77.16.172.in-addr.arpa
19664.733079  172.16.77.1 -> 172.16.77.11 DNS Standard query response 
PTR srvgate-msk.runoguy.ru
19664.739041 172.16.77.11 -> 172.16.77.1  DNS Standard query A 
domain.united-networks.ru

19664.739441  172.16.77.1 -> 172.16.77.11 DNS Standard query response

19664.741088 172.16.77.11 -> 172.16.77.1  DNS Standard query AAAA 
domain.united-networks.ru

19664.741265  172.16.77.1 -> 172.16.77.11 DNS Standard query response


Andwhen I tried to look up existing hostname from 
domain.united-networks.ru:
C:\Program Files\Far2>nslookup main.domain.united-networks.ru. 
172.16.77.1

╤хЁтхЁ:  srvgate-msk.runoguy.ru
Address:  172.16.77.1


*** srvgate-msk.runoguy.ru cannot find 
main.domain.united-networks.ru.: Non-existent domain



C:\Program Files\Far2> 


I see in thsark's output the following:

19167.908192 172.16.77.11 -> 172.16.77.1  DNS Standard query PTR 
1.77.16.172.in-addr.arpa
19167.908505  172.16.77.1 -> 172.16.77.11 DNS Standard query response 
PTR srvgate-msk.runoguy.ru
19167.910291 172.16.77.11 -> 172.16.77.1  DNS Standard query A 
main.domain.united-networks.ru
19167.910439  172.16.77.1 -> 172.16.77.11 DNS Standard query response, 
No such name
19167.911593 172.16.77.11 -> 172.16.77.1  DNS Standard query AAAA 
main.domain.united-networks.ru
19167.911837  172.16.77.1 -> 172.16.77.11 DNS Standard query response, 
No such name



I couldn't see that 172.16.77.1 (srvgate-msk) asks for "main" 
172.16.77.2 (srvmain - recursion allowed)


Here is output of command that you requested:
/etc/namedb> dig +norec @localhost domain.united-networks.ru. soa

; <<>> DiG 9.4.3-P2 <<>> +norec @localhost domain.united-networks.ru. soa
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7449
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.united-networks.ru.     IN      SOA

;; AUTHORITY SECTION:

united-networks.ru.     3600    IN      SOA    ns1.united-networks.ru. 
root.united-networks.ru. 2011040213 900 600 86400 3600


;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr  2 20:32:49 2011
;; MSG SIZE  rcvd: 88

/etc/namedb>

At the same time:
/etc/namedb> dig +norec @172.16.77.2 domain.united-networks.ru. soa


; <<>> DiG 9.4.3-P2 <<>> +norec @172.16.77.2 
domain.united-networks.ru. soa

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46262
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;domain.united-networks.ru.     IN      SOA

;; ANSWER SECTION:

domain.united-networks.ru. 3600 IN      SOA    
srvmain.domain.united-networks.ru. hostmaster.domain.runoguy.ru. 28 
900 600 86400 3600


;; ADDITIONAL SECTION:
srvmain.domain.united-networks.ru. 3600 IN A   172.16.77.2

;; Query time: 1 msec
;; SERVER: 172.16.77.2#53(172.16.77.2)
;; WHEN: Sat Apr  2 20:34:12 2011
;; MSG SIZE  rcvd: 129

/etc/namedb>

I simplified configuration of Bind:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 
dougb Exp $

//

// Refer to the named.conf(5) and named(8) man pages, and the 
documentation

// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

        listen-on       {
                77.37.244.22;
                85.21.249.124;
                127.0.0.1;
                172.16.77.1;
                172.17.77.1;
                172.31.0.1;
                192.168.0.1;
        };

        forwarders {
                77.37.251.33;
                85.21.192.3;
        };
//        query-source address * port 953;

        recursion yes;
        allow-recursion {0/0;};

};

logging {
        channel "default" {
                file "/var/log/named.log" versions 2 size 50m;
                print-time yes;
                print-category yes;
                severity debug 90;
        };
};


zone "0.0.127.in-addr.arpa" {
        type master;
        file "master/0.0.127.in-addr.arpa";
};

zone "united-networks.ru" {
        type master;
        file "master/united-networks.ru";
};

zone "77.16.172.in-addr.arpa" {
        type slave;
        masters {
                172.16.77.2;
        };
        file "slave/77.16.172.in-addr.arpa";
};

zone "." {
        type hint;
        file "root.hint";
};
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I removed "views" and left only relevant zones.

And:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$TTL    3600


@               IN      SOA     ns1.united-networks.ru. 
root.united-networks.ru.  (

                                2011040213      ; Serial
                                900             ; Refresh
                                600             ; Retry
                                86400           ; Expire
                                3600 )          ; Minimum

                        IN NS          ns1.united-networks.ru.
                        IN MX 10        mx
                        IN A            172.16.77.1

$ORIGIN domain.united-networks.ru.
                        IN NS          srvmain.domain.united-networks.ru.
                        IN A            172.16.77.2
srvmain                 IN A            172.16.77.2

$ORIGIN united-networks.ru.
ns1                     IN A            172.16.77.1
mx                      IN A            172.16.77.1

c2960                   IN A            172.16.77.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I successfully ask for "c2960" for example:
C:\Program Files\Far2>nslookup c2960.united-networks.ru. 172.16.77.1
╤хЁтхЁ:  srvgate-msk.runoguy.ru
Address:  172.16.77.1

╚ь :     c2960.united-networks.ru
Address:  172.16.77.21

C:\Program Files\Far2>


What's wrong with me (or with it) :-) It is second whole day is almost 
over while I struggle..


Kind regards,
Ellad G. Yatsko






On 04/02/2011 11:44 AM, Яцко Эллад Геннадьевич wrote:


$ORIGIN domain.united-networks.ru.
        IN NS srvmain
        IN A 172.16.77.2
srvmain IN A 172.16.77.2



Huh, delegation looks ok. Are you sure you've reloaded the zone?



I tried to nslookup from 172.16.77.11:


Try a "dig" on the DNS server itself:

dig +norec @localhost domain.united-networks.ru soa

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users







_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to