Re: Client cannot resolve communities.intel.com

[Kevin Darcy]

On 7/5/2011 12:28 AM, Fajar A. Nugraha wrote:
On Tue, Jul 5, 2011 at 10:29 AM, vr<bind-u...@iotk.net>  wrote:
Hello,
I am trying to visit "http://communities.intel.com"; using Iceweasel on a
Debian desktop PC. No proxies.

My clients etc/resolv.conf point to my own Debian BIND 9.7.3 installed on a
separate server and installed from distribution packages (bind9
  1:9.7.3.dfsg-1~squeeze2).

 From myDesktop, NSLOOKUP fails but DIG shows a CNAME record. I see the same
results from the BIND server so I've included just the output from myDesktop
below. Also included below is my named.conf.

Do I have something obvious in BIND screwed up?
Quite possibly so. And you use dig incorrectly too.

me@myDesktop:~$ dig communities.intel.com ns.iotk.net
this should be

$ dig communities.intel.com @ns.iotk.net

;; ANSWER SECTION:
communities.intel.com.  207     IN      CNAME   intel-2.hs.llnwd.net.
so it finds the cname ...

;; AUTHORITY SECTION:
llnwd.net.              604800  IN      SOA     localhost. root.localhost.
2008071301 604800 86400 2419200 604800
... but your DNS has a broken record for llnwd.net. It should be

;; ANSWER SECTION:
llnwd.net.              3600    IN      SOA     dns11.llnwd.net. 
hostmaster.llnwd.net. 210 900
300 604800 300

Yeah, there's some nasty stuff in that nameserver's version of the 
llnwd.net zone:

% dig llnwd.net ns +norec @99.30.25.1

; <<>> DiG 9.4.3-P3 <<>> llnwd.net ns +norec @99.30.25.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1589
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;llnwd.net.                     IN      NS

;; ANSWER SECTION:
llnwd.net.              604800  IN      NS      localhost.

;; ADDITIONAL SECTION:
localhost.              604800  IN      A       127.0.0.1
localhost.              604800  IN      AAAA    ::1

;; Query time: 36 msec
;; SERVER: 99.30.25.1#53(99.30.25.1)
;; WHEN: Tue Jul  5 16:02:45 2011
;; MSG SIZE  rcvd: 94

Since the nameserver is responding authoritatively, the llnwd.net zone 
would appear to be defined as "type master" or "type slave", despite the 
fact that it was missing from the named.conf posted earlier.

                                                                        
                                                                        
- Kevin


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users