dubious cache entry
A couple of days ago I received complaints from users that they could not open netaddress.com for their email. The caching resolver would return SrvFail for the name. After digging through its cache I discovered the following entries: ; glue netaddress.com. 36518 NS ns1.51dns.com. 36518 NS ns2.51dns.com. ; glue ns1.51dns.com. 86296 A 117.25.132.130 86296 A 117.25.132.162 86296 A 121.12.104.18 86296 A 121.12.104.19 86296 A 121.12.104.20 86296 A 121.12.104.21 ; authanswer ns2.51dns.com. 587 A 117.25.132.131 587 A 117.25.132.163 587 A 121.12.104.22 587 A 121.12.104.23 587 A 121.12.104.24 587 A 121.12.104.25 -- Digging for the answer manually from the top produced a different set of NS records, all under .usa.net which is what I expected. This looks like a cache poisoning case, but what's strange is that none of the ns(1|2).51dns.com IPs above are responding to dns queries. May be they are setup to just record queries. Any ideas on how these bogus NS records might ended up being associated with netaddress.com in my cache? The version of bind is 9.7.0-P2-RedHat-9.7.0-10.P2.el5_8.3. After purging the name from cache the server went out and got the correct records and started answering again. Thank you, Slava ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is this scenario possible?
Hey all,
Pertaining to the same discussion. Can someone validate below zone files
and named.conf files? What I wanted to achieve here is; I wanted to make
mail.example.com as my sub domain and give them A record so that I could
load balance the traffic on LBs since my LBs are offering inbuilt DNS server
example.com
NS = ns1.example.com 1.1.1.1
ns2.example.com 2.2.2.2
#
#
# example.com MAIN ZONE FILE
#
#
zone "example.com" in{
type master;
file "master/master.example.com";
// explicitly allow slave zone transfer
allow-transfer {2.2.2.2;};
};
##
#
# master.example.com
##
$TTL 2d
$ORIGIN example.com.
@ IN SOA ns1.example.com. hostmaster.example.com. (
2003080800 ; serial number
2h ; refresh = 2 hours
15M; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ; minimum = 2 hours + 20 minutes
)
IN NS ns1.example.com.
IN NS ns2.example.com.
IN MX 10 mx01.example.com.
IN MX 20 mx02.example.com.
ns1 IN A 1.1.1.1
ns2 IN A 2.2.2.2
; A record for mail server above
mx01 IN A 20.20.20.20
mx02 IN A 30.30.30.30
###
$ORIGIN mail.example.com.
@ IN NS ns3.mail.example.com.
; the next name server points to ns1 in the example.com zone above
IN NS ns1.example.com.
; sub-domain address records for name server only - glue record
ns3 IN A 20.20.20.21 ; 'glue' record
**
**
#
#
# mail.example.com MAIN ZONE FILE
#
#
zone "mail.example.com" in{
type master;
file "master/master.mail.example.com";
};
#
# mail.example.com zone file
#
#
$TTL 2d ; default TTL = 2 days
$ORIGIN mail.example.com.
@ IN SOA ns3.mail.example.com.
hostmaster.mail.example.com. (
2003080800 ; serial number
2h ; refresh = 2 hours
15M; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ; minimum = 2 hours + 20 minutes
)
; sub-domain name servers
IN NS ns3.mail.example.com.
; A records for name servers above
ns3 IN A 20.20.20.21
; A record for mail server above
mail IN A 20.20.20.20
mail IN A 30.30.30.30
On Thu, Jan 9, 2014 at 9:56 PM, Barry Margolin wrote:
> In article ,
> Blason R wrote:
>
> > Hey Guys,
> >
> > lets say I have a domain exmaple.com which is hosted out and are having
> MX
> > records as mail01.exmaple.com and mail02.example.com and
> > mail.example.comas a "A" Record for accessing mails
> >
> > example.com NA ns1.example.com
> >ns2.example.com
> >
> > IN MX mail01.example.com 10
> > mail02.example.com 20
> > mail.example.com IN A 1.1.1.1
> >
> >
> > Now I would like to create sub-domain as mail.exmaple.com and would
> like to
> > move that inside in my network on Bind while original NS are still with
> > exmaple.com.
> >
> > So for zone mail.example.com MX would be mail01.example.com &
> > mail02.example.com and A record again same as @
> >
> > What glitches do you see here by creating sub-domain mail.example.com
>
> As long as you move the above A record into the subdomain, I don't see
> any problem with this.
>
> You should also make sure you're more careful when editing your real
> zone files than you have been when writing your post, there were LOTS of
> typoes (NA instead of NS, exmaple for example). :)
>
> --
> Barry Margolin
> Arlington, MA
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Is this scenario possible?
In article ,
Blason R wrote:
> Hey all,
>
> Pertaining to the same discussion. Can someone validate below zone files
> and named.conf files? What I wanted to achieve here is; I wanted to make
> mail.example.com as my sub domain and give them A record so that I could
> load balance the traffic on LBs since my LBs are offering inbuilt DNS server
>
> example.com
> NS = ns1.example.com 1.1.1.1
> ns2.example.com 2.2.2.2
>
> #
> #
> # example.com MAIN ZONE FILE
> #
> #
> zone "example.com" in{
> type master;
> file "master/master.example.com";
> // explicitly allow slave zone transfer
> allow-transfer {2.2.2.2;};
> };
>
>
> ##
> #
> # master.example.com
> ##
> $TTL 2d
> $ORIGIN example.com.
> @ IN SOA ns1.example.com. hostmaster.example.com. (
>2003080800 ; serial number
>2h ; refresh = 2 hours
>15M; update retry = 15 minutes
>3W12h ; expiry = 3 weeks + 12 hours
>2h20M ; minimum = 2 hours + 20 minutes
>)
>
> IN NS ns1.example.com.
> IN NS ns2.example.com.
>
> IN MX 10 mx01.example.com.
> IN MX 20 mx02.example.com.
>
> ns1 IN A 1.1.1.1
> ns2 IN A 2.2.2.2
> ; A record for mail server above
> mx01 IN A 20.20.20.20
> mx02 IN A 30.30.30.30
>
> ###
>
> $ORIGIN mail.example.com.
>
> @ IN NS ns3.mail.example.com.
>
> ; the next name server points to ns1 in the example.com zone above
> IN NS ns1.example.com.
> ; sub-domain address records for name server only - glue record
> ns3 IN A 20.20.20.21 ; 'glue' record
>
> **
> **
> #
> #
> # mail.example.com MAIN ZONE FILE
> #
> #
> zone "mail.example.com" in{
> type master;
> file "master/master.mail.example.com";
>
> };
>
> #
> # mail.example.com zone file
> #
> #
>
> $TTL 2d ; default TTL = 2 days
> $ORIGIN mail.example.com.
> @ IN SOA ns3.mail.example.com.
> hostmaster.mail.example.com. (
>2003080800 ; serial number
>2h ; refresh = 2 hours
>15M; update retry = 15 minutes
>3W12h ; expiry = 3 weeks + 12 hours
>2h20M ; minimum = 2 hours + 20 minutes
>)
> ; sub-domain name servers
> IN NS ns3.mail.example.com.
You also need:
IN NS ns1.example.com.
>
> ; A records for name servers above
> ns3 IN A 20.20.20.21
>
> ; A record for mail server above
> mail IN A 20.20.20.20
> mail IN A 30.30.30.30
These will create A records for mail.mail.example.com. Is that what you
wanted? If you just want mail.example.com, it should be:
@ IN A 20.20.20.21
IN A 30.30.30.30
--
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rndc addzone gets permission denied
Hi,
CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
trying to add slave zone with command rndc addzone "zone.local" '{ type
slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };'
but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
only received control channel command 'addzone zone.local { type slave;
file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc
trace 99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
nothing helps.
please advice me a way to find why permission is denied.
thanks in advance.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On 12 Jan 2014 00:14, Georgy Goshin wrote:
>
> Hi,
>
> CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
>
> trying to add slave zone with command rndc addzone "zone.local" '{ type
> slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };'
>
> but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
> only received control channel command 'addzone zone.local { type slave; file
> "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc trace
> 99.
>
> allow-new-zones yes;
>
> tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing
> helps.
>
> please advice me a way to find why permission is denied.
>
>
> thanks in advance.
Hi,
Have you checked if this might be related to SELinux?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
I would suspect your chmod 777 was inappropriate as I believe you should have
just chmod'd var/named/slaves.
The chmod isn't inheritable like windows.
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
> On Jan 11, 2014, at 19:11, Mikael Johansson
> wrote:
>
> On 12 Jan 2014 00:14, Georgy Goshin wrote:
> >
> > Hi,
> >
> > CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
> >
> > trying to add slave zone with command rndc addzone "zone.local" '{ type
> > slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };'
> >
> > but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
> > only received control channel command 'addzone zone.local { type slave;
> > file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc
> > trace 99.
> >
> > allow-new-zones yes;
> >
> > tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
> > nothing helps.
> >
> > please advice me a way to find why permission is denied.
> >
> >
> > thanks in advance.
>
> Hi,
>
> Have you checked if this might be related to SELinux?
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Is this scenario possible?
Oh yeah you are right...I missed that out :)
Thanks for pointing it out..
On Sun, Jan 12, 2014 at 2:03 AM, Barry Margolin wrote:
> In article ,
> Blason R wrote:
>
> > Hey all,
> >
> > Pertaining to the same discussion. Can someone validate below zone files
> > and named.conf files? What I wanted to achieve here is; I wanted to make
> > mail.example.com as my sub domain and give them A record so that I could
> > load balance the traffic on LBs since my LBs are offering inbuilt DNS
> server
> >
> > example.com
> > NS = ns1.example.com 1.1.1.1
> > ns2.example.com 2.2.2.2
> >
> > #
> > #
> > # example.com MAIN ZONE FILE
> > #
> > #
> > zone "example.com" in{
> > type master;
> > file "master/master.example.com";
> > // explicitly allow slave zone transfer
> > allow-transfer {2.2.2.2;};
> > };
> >
> >
> > ##
> > #
> > # master.example.com
> > ##
> > $TTL 2d
> > $ORIGIN example.com.
> > @ IN SOA ns1.example.com. hostmaster.example.com. (
> >2003080800 ; serial number
> >2h ; refresh = 2 hours
> >15M; update retry = 15 minutes
> >3W12h ; expiry = 3 weeks + 12 hours
> >2h20M ; minimum = 2 hours + 20 minutes
> >)
> >
> > IN NS ns1.example.com.
> > IN NS ns2.example.com.
> >
> > IN MX 10 mx01.example.com.
> > IN MX 20 mx02.example.com.
> >
> > ns1 IN A 1.1.1.1
> > ns2 IN A 2.2.2.2
> > ; A record for mail server above
> > mx01 IN A 20.20.20.20
> > mx02 IN A 30.30.30.30
> >
> > ###
> >
> > $ORIGIN mail.example.com.
> >
> > @ IN NS ns3.mail.example.com.
> >
> > ; the next name server points to ns1 in the example.com zone above
> > IN NS ns1.example.com.
> > ; sub-domain address records for name server only - glue record
> > ns3 IN A 20.20.20.21 ; 'glue' record
> >
> > **
> > **
> > #
> > #
> > # mail.example.com MAIN ZONE FILE
> > #
> > #
> > zone "mail.example.com" in{
> > type master;
> > file "master/master.mail.example.com";
> >
> > };
> >
> > #
> > # mail.example.com zone file
> > #
> > #
> >
> > $TTL 2d ; default TTL = 2 days
> > $ORIGIN mail.example.com.
> > @ IN SOA ns3.mail.example.com.
> > hostmaster.mail.example.com. (
> >2003080800 ; serial number
> >2h ; refresh = 2 hours
> >15M; update retry = 15 minutes
> >3W12h ; expiry = 3 weeks + 12 hours
> >2h20M ; minimum = 2 hours + 20 minutes
> >)
> > ; sub-domain name servers
> > IN NS ns3.mail.example.com.
>
> You also need:
>
> IN NS ns1.example.com.
>
> >
> > ; A records for name servers above
> > ns3 IN A 20.20.20.21
> >
> > ; A record for mail server above
> > mail IN A 20.20.20.20
> > mail IN A 30.30.30.30
>
> These will create A records for mail.mail.example.com. Is that what you
> wanted? If you just want mail.example.com, it should be:
>
> @ IN A 20.20.20.21
>IN A 30.30.30.30
>
> --
> Barry Margolin
> Arlington, MA
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
