Newbie-Question

Jim Reid jim at rfc1035.com
Mon Dec 25 06:23:31 UTC 2000


>>>>> "Colin" == Colin Hoffmann <news at schluesselgaessli.ch> writes:

    Colin> Hi Can somebody please tell me what this means?  I'm
    Colin> setting up my first DNS-Server (with BIND) right now, and
    Colin> everything works, it's just this message that annoys me:

    Colin> Dec 24 22:15:56 srv1 named[24366]: sysquery: findns error (NXDOMAIN) on 192.168.0.4.schluesselgaessli.ch?

    Colin> So? Is it bad?

Yes. Your name server believes that 192.168.0.4.schluesselgaessli.ch
is a name server for some zone, but when it tried to look up that name
it got NXDOMAIN - "no such host/domain" errors. [This is a Frequently
Asked Question: shame you never consulted the FAQ or checked the list
archives.] So what this means is that somewhere there's a broken NS
record for this zone, presumably in your copy of the zone file for
schluesselgaessli.ch. I reckon you have put the dotted decimal address
192.168.0.4 on the right-hand side of an NS record (the RDATA) rather
than a dot-terminated hostname like foo.example.com. So when the zone
file was loaded, the name server appended the current domain origin -
schluesselgaessli.ch - to this dotted decimal string to get a fully
qualified, dot-terminated name. Make sure that the RDATA of the zone's
NS records are hostnames and that these exist as A records in the DNS.

BTW, there's another problem with the public NS records for this
zone. [I presume you're trying some split DNS capability because the
IP address in the mangled NS record above is in private RFC1918 space
that isn't routed on the internet.] According to the .ch zone the name
servers for the schluesselgaessli.ch zone are ns[12].alvente.com. But
both these servers say that the zone's name servers are ns3.nsentry.de
and ns4.nsentry.de. This is very wrong. The parent zone's NS records
should be a subset of the NS records quoted inside the zone. The two
sets of name servers for a zone should not be completely disjoint like
this. At least all 4 name servers are answering authoritatively for 
schluesselgaessli.ch, which I suppose is something.



More information about the bind-users mailing list