RE: help

Sat, 06 Aug 2016 01:09:04 -0700 

Hi,



Let me tell about my configuration.



I have two DNS views "softlayer" and "hdq". The softlayer DNS view has only one 
zone (Marriott.com) and the HDQ has entire set of internal DNS zones. 
(mi-testq03.pt , mi-testw03.pt ... etc)



Softlayer DNS view has forwarder as loopback. When client (10.224.2.33) 
querying BIND secondary server 162.130.128.167, The request will fall on 
softlayer view. As the requested zone not found it will be forwarded to 
loopback. Now, loopback queries are answered by hdq DNS view. As hdq has 
requested zone. It will provide answer.



The flow is working for mi-testw03.pt but not working for mi-testq03.pt. I 
really puzzled with such behaviour.



Some troubleshooting steps followed,



1. Cleared DNS cache on client and Secondary DNS server

2. checked SOA file permission, configuration etc.,

3. Zone transfer is successfully happening from DNS master

4. The issue is not appearing when HDQ DNS view clients are querying for 
mi-testq03.pt



Configuration files and dig results



named.conf file,

================

view "softlayer" {

match-clients { "softlayer"; "softlayer-slaves"; "lnxd0006" };

forward only;

forwarders { 127.0.0.1; };

zone "." { type hint; file "db.cache"; };

zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0"; };

zone "marriott.com" { type slave; masters { 162.130.122.250 key 
softlayer_view.tsig; }; file "softlayer/db.marriott"; };

};



view "hdq" {

match-clients { "any"; };

transfer-source 10.224.5.117;

zone "." { type hint; file "db.cache"; };

zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0"; };

zone "marriott.com" { type slave; masters { 162.130.122.250; }; file 
"hdq/db.marriott"; };

zone "mi-testq03.pt" { type slave; masters { 162.130.122.250; }; file 
"hdq/db.mi-testq03.pt"; };

zone "mi-testq03.fr" { type slave; masters { 162.130.122.250; }; file 
"hdq/db.mi-testq03.fr"; };

};





nslookup resutls,

=================

>From softlayer view,

[root@lnxd0006 ~]# nslookup mi-testq03.pt

Server: 162.130.128.167

Address: 162.130.128.167#53

** server can't find mi-testq03.pt: NXDOMAIN



[root@lnxd0006 ~]# nslookup mi-testq03.fr

Server: 162.130.128.167

Address: 162.130.128.167#53

Non-authoritative answer:

Name: mi-testq03.fr

Address: 10.224.8.221





dig resutls,

============



[dns@lnxd0006 ~]$ dig mi-testq03.pt



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55491

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;mi-testq03.pt.                 IN      A



;; Query time: 368 msec

;; SERVER: 162.130.128.167#53(162.130.128.167)

;; WHEN: Sat Aug  6 04:04:10 2016

;; MSG SIZE  rcvd: 31



[root@lnxd0006 ~]# dig mi-testq03.fr

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25974

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;mi-testq03.fr. IN A

;; ANSWER SECTION:

mi-testq03.fr. 1735 IN A 10.224.8.221

;; Query time: 16 msec

;; SERVER: 162.130.128.167#53(162.130.128.167)

;; WHEN: Thu Aug 4 08:14:52 2016

;; MSG SIZE rcvd: 47



[dns@lnxd0006 ~]$ dig mi-testq03.pt soa



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt soa

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56420

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0



;; QUESTION SECTION:

;mi-testq03.pt.                 IN      SOA



;; AUTHORITY SECTION:

pt.                     285     IN      SOA     curiosity.dns.pt. 
request.dns.pt. 2016080604 21600 7200 2592000 300



;; Query time: 16 msec

;; SERVER: 162.130.128.167#53(162.130.128.167)

;; WHEN: Sat Aug  6 03:43:09 2016

;; MSG SIZE  rcvd: 89



[dns@lnxd0006 ~]$ dig mi-testq03.fr soa



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr soa

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54777

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;mi-testq03.fr.                 IN      SOA



;; ANSWER SECTION:

mi-testq03.fr.          1800    IN      SOA     mcncdns.marriott.com. 
mcnc\.unix\.eng.marriott.com. 2016080600 900 300 604800 600



;; Query time: 17 msec

;; SERVER: 162.130.128.167#53(162.130.128.167)

;; WHEN: Sat Aug  6 03:43:02 2016

;; MSG SIZE  rcvd: 101



Query Log

========

06-Aug-2016 04:00:22.268 client 10.224.2.33#47823 (mi-testq03.pt): view 
softlayer: query: mi-testq03.pt IN A + (162.130.128.167)

06-Aug-2016 04:00:22.268 client 127.0.0.1#64808 (mi-testq03.pt): view hdq: 
query: mi-testq03.pt IN A +EDC (127.0.0.1)

06-Aug-2016 04:00:22.269 client 127.0.0.1#31751 (pt): view hdq: query: pt IN DS 
+EDC (127.0.0.1)

06-Aug-2016 04:00:22.307 client 127.0.0.1#57381 (.): view hdq: query: . IN 
DNSKEY +EDC (127.0.0.1)

06-Aug-2016 04:00:23.116 client 127.0.0.1#6012 (mi-testq03.pt): view hdq: 
query: mi-testq03.pt IN DS +EDC (127.0.0.1)

06-Aug-2016 04:00:23.349 client 127.0.0.1#49748 (pt): view hdq: query: pt IN 
DNSKEY +EDC (127.0.0.1)

06-Aug-2016 04:00:31.821 client 10.224.2.33#46714 (mi-testq03.pt): view 
softlayer: query: mi-testq03.pt IN A + (162.130.128.167)

06-Aug-2016 04:00:38.068 client 10.224.2.33#36390 (mi-testq03.fr): view 
softlayer: query: mi-testq03.fr IN A + (162.130.128.167)

06-Aug-2016 04:00:38.069 client 127.0.0.1#51936 (mi-testq03.fr): view hdq: 
query: mi-testq03.fr IN A +EDC (127.0.0.1)

06-Aug-2016 04:00:38.069 client 127.0.0.1#39651 (fr): view hdq: query: fr IN DS 
+EDC (127.0.0.1)

06-Aug-2016 04:00:38.150 client 127.0.0.1#46201 (mi-testq03.fr): view hdq: 
query: mi-testq03.fr IN DS +EDC (127.0.0.1)

06-Aug-2016 04:00:38.374 client 127.0.0.1#48365 (fr): view hdq: query: fr IN 
DNSKEY +EDC (127.0.0.1)





DIG Results from HDQ DNS view,

=========================

[dns@ncldl38036 ~]$ dig mi-testq03.pt



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26255

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2



;; QUESTION SECTION:

;mi-testq03.pt.                 IN      A



;; ANSWER SECTION:

mi-testq03.pt.          1800    IN      A       10.224.9.81



;; AUTHORITY SECTION:

mi-testq03.pt.          1800    IN      NS      hdqdns.marriott.com.

mi-testq03.pt.          1800    IN      NS      mcncdns.marriott.com.



;; ADDITIONAL SECTION:

hdqdns.marriott.com.    1800    IN      A       162.130.10.9

mcncdns.marriott.com.   1800    IN      A       162.130.128.97



;; Query time: 0 msec

;; SERVER: 162.130.128.97#53(162.130.128.97)

;; WHEN: Sat Aug  6 04:05:59 2016

;; MSG SIZE  rcvd: 134



[dns@ncldl38036 ~]$ dig mi-testq03.fr



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38503

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2



;; QUESTION SECTION:

;mi-testq03.fr.                 IN      A



;; ANSWER SECTION:

mi-testq03.fr.          1800    IN      A       10.224.8.221



;; AUTHORITY SECTION:

mi-testq03.fr.          1800    IN      NS      hdqdns.marriott.com.

mi-testq03.fr.          1800    IN      NS      mcncdns.marriott.com.



;; ADDITIONAL SECTION:

hdqdns.marriott.com.    1800    IN      A       162.130.10.9

mcncdns.marriott.com.   1800    IN      A       162.130.128.97



;; Query time: 1 msec

;; SERVER: 162.130.128.97#53(162.130.128.97)

;; WHEN: Sat Aug  6 04:06:04 2016

;; MSG SIZE  rcvd: 134



Thanks & Regards,



Hari Ganesh Ram Mohan







-----Original Message-----
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of S Carr
Sent: Saturday, August 06, 2016 2:30 AM
To: bind-users@lists.isc.org
Subject: Re: help



On 5 August 2016 at 19:26, RAM MOHAN, Hari Ganesh 
<hari.rammo...@atos.net<mailto:hari.rammo...@atos.net>> wrote:

>

> Dig SOA gives two different results, It tells SERVFAIL and then

> NXDOMAIN

>



Check your BIND logs to make sure the zone has been successfully transferred 
from the master.

_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list



bind-users mailing list

bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to