"ls" doesn't work for nslookup

Kevin Darcy kcd at daimlerchrysler.com
Wed Mar 28 22:16:20 UTC 2001 

Matthew P. Marino wrote:

> Solaris 2.7
> bind 9.1
>
> When I run nslookup I get some odd behavior. After reading Chapter 11 of "DNS
> and BIND 3rd edition", I had the impression that there was no name server running.
>
> # nslookup
>
> > ls masspostroad.net.
>
> Can't list domain masspostroad.net : No response from server.
>
> But, I ran in debug mode and tried a few things.
>
> # nslookup -d2
>
> > ls masspostroad.net.
>
> Can't list domain masspostroad.net : No response from server.
>
> > masspostroad.net.
>
> ...This gives me all the authority records I would expect. I can lookup hosts in
> this domain with no issues.

Is your nslookup talking directly to an authoritative server (i.e. master or slave)
for masspostroad.net? If not, then you won't be able to do an "ls" (which is
technically a zone transfer). Also, check whether you have any
"allow-transfer" restrictions.

> If I
>
> > set type=MX
>
> > masspostroad.net
>
>   All I get is what looks like the header of the zone file. I don't get a name
> or address returned for the MX record which is in the zone file.

If you're talking about the version of masspostroad.net which is on the Internet, it
contains no MX record. I just verified this by doing a zone transfer. What you
describe as "the header of the zone file" is almost certainly an SOA record, which is
exactly what should be returned in the Authority Section of a response from an
authoritative server, when the queried name doesn't exist in the zone (see RFC 2308
for details).

By the way, the SOA record for masspostroad.net is pretty screwed up.
DO dot-terminate the RNAME (mail) field, but DO NOT try to embed "@" in it (that
should be a "." instead)...

> Is this an
> upstream problem or is there a local resolution? Do I need to list the name
> servers of my upstream ISP? In otherwords, I have a doamin registered with NSI.
> NSI holds two DNS entries for that domain. I thought that if named coudn't find
> the info locally, it would go to the defined "forwarder" or even the root name
> servers and start working down, .net > masspostroad.net >
> and get the MX record.

If the nameserver is configured as master or slave for masspostroad.net, then it
won't ask any other nameserver about names in that zone. That's why they call it
"authoritative".


- Kevin

More information about the bind-users mailing list