Strange NSLOOKUP behavior

Barry Margolin barmar at genuity.net
Fri Aug 24 22:43:10 UTC 2001


In article <9m6kuu$ftc at pub3.rc.vix.com>,
morgan lynder  <klaus_knomi at yahoo.com> wrote:
>
>Hello,
>I think one of the problems I am having is that I am
>NATing my DNS machine. I guess I am confused about how
>to set up the datbase files. The machines behind the
>firewall are using a 192.168.0.5 IP in their
>resolv.conf file. Named is listeining on this non 
>routable address as per the "listen-on" directive.
>However can I add another A record for resolving the
>nameserver itself to this non routable IP ? Thanks

The "Can't find server name" message implies that atfish has the
216.203.228.98 address in its /etc/resolv.conf file, not the 192.168.0.5
address.  Is atfish outside the firewall?

To make nslookup happy, the server needs to be able to perform a reverse
lookup of any address that someone is going to use to reach it.  For
machines behind the firewall it needs to have a PTR record for
5.0.168.192.in-addr.arpa, and for machines outside the firewall it needs a
PTR record for 98.228.203.216.in-addr.arpa.

>
>--- Barry Margolin <barmar at genuity.net> wrote:
>> In article <9m615n$d2k at pub3.rc.vix.com>,
>> morgan lynder  <klaus_knomi at yahoo.com> wrote:
>> >
>> >Hello,
>> >I have Bind 9.1.3 installed on Solaris 8. My server
>> is
>> >able to answer queries that originate from the
>> outside
>> >world. However the ohter machines on the network
>> fail
>> >trying to querie the nameserver. The error is:
>> >
>> >atfish# /usr/sbin/nslookup
>> >*** Can't find server name for address
>> 216.203.228.98:
>> >Server failed
>> >*** Default servers are not available
>> >
>> >
>> >Now this error message is returned immediately.
>> >Usually when this error message appears the
>> nslookup
>> >command will time out before returning this,
>> >indicating a broken nslookup binary. Since this
>> >message is returned instantly I don't think this is
>> >the case. All the machines do indeed have a route
>> to
>> 
>> "Server failed" means that the nameserver responded
>> with a SERVFAIL error
>> code when queried.  Your nameserver is unable to
>> translate its own address
>> to a hostname, although the reverse domain is
>> delegated to it.
>> 
>> You need to fix the reverse DNS on your nameserver.
>> 
>> -- 
>> Barry Margolin, barmar at genuity.net
>> Genuity, Woburn, MA
>> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME,
>> post them to newsgroups.
>> Please DON'T copy followups to me -- I'll assume it
>> wasn't posted to the group.
>> 
>
>
>__________________________________________________
>Do You Yahoo!?
>Make international calls for as low as $.04/minute with Yahoo! Messenger
>http://phonecard.yahoo.com/
>
>


-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list