Resolving domain name with www record
Will Yardley
william+dns at hq.newdream.net
Fri Oct 5 20:29:42 UTC 2001
Rick Evans wrote:
> Sorry about typing so long and no <CR>. First time posting.
> I am running BIND v8.2.5 for NT. I put the @ symbol in the
> db file and it still fails. I will give some more information to help.
> I have created a file named db.granvilleinn.com In the file, I have
> two records that appear as follows:
>
> @ IN A 207.79.8.2
> www IN A 207.79.8.2
>
> The entries in named.conf for the above file are as follows:
>
> zone "granvilleinn.com" IN {
> type master;
> file "db.granvilleinn.com";
> };
>
> I have stopped and restarted the BIND service however when doing an
> nslookup granvilleinn.com, I get non-existent domain.
ok a few things....
(sorry for accidentally replying off list at first)
the two authoritative servers for the domain 'granvilleinn.com' are
different from the ones i'm getting in response to a recursive query
(which don't exist by the way) i'm a bit stumped as to where this
answer is coming from at all but maybe someone else can explain this
better....
aura% dig granvilleinn.com
; <<>> DiG 9.2.0rc5 <<>> granvilleinn.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62371
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;granvilleinn.com. IN A
;; ANSWER SECTION:
granvilleinn.com. 10549 IN A 207.79.8.2
;; AUTHORITY SECTION:
granvilleinn.com. 10549 IN NS ns2-auth.msmisp.com.
granvilleinn.com. 10549 IN NS ns1-auth.msmisp.com.
(neither of these two nameservers exist)
what are the authoritative nameservers for the domain?
aura% dig granvilleinn.com @b.gtld-servers.net
; <<>> DiG 9.2.0rc5 <<>> granvilleinn.com @b.gtld-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59475
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;granvilleinn.com. IN A
;; AUTHORITY SECTION:
granvilleinn.com. 172800 IN NS NEWS.MSMISP.com.
granvilleinn.com. 172800 IN NS ROUTERMSM.MSMISP.com.
;; ADDITIONAL SECTION:
NEWS.MSMISP.com. 172800 IN A 207.79.8.66
ROUTERMSM.MSMISP.com. 172800 IN A 207.79.8.67
querying these two nameservers for an A record, i get either a timed out
error or an soa record:
aura% dig granvilleinn.com @ROUTERMSM.MSMISP.com.
; <<>> DiG 9.2.0rc5 <<>> granvilleinn.com @ROUTERMSM.MSMISP.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8420
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;granvilleinn.com. IN A
;; AUTHORITY SECTION:
granvilleinn.com. 3600 IN SOA routermsm.msmisp.com. .
3 3600 600 86400 3600
the ns records seem to be really messed up too:
aura% dig granvilleinn.com @ROUTERMSM.MSMISP.com. ns
; <<>> DiG 9.2.0rc5 <<>> granvilleinn.com @ROUTERMSM.MSMISP.com. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39540
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;granvilleinn.com. IN NS
;; ANSWER SECTION:
granvilleinn.com. 3600 IN NS routermsm.msmisp.com.
;; ADDITIONAL SECTION:
routermsm.msmisp.com. 3600 IN A 207.79.8.67
routermsm.msmisp.com. 3600 IN A 208.200.108.129
notice this has only one NS record (with 2 A records).
so....... you should delegate the domain to the correct authoritative
servers (if you've already done this, the new information may need to
propagate) and you should setup the zone on these servers. also the
servers to which this domain are currently delegated are very flakey.
perhaps one of these IP addresses can only be reached from inside the
firewall? the other server appears not to be reachable from outside at
all.
i'm actually surprised this works at all.....
if you have a choice, i'd definitely consider running a non-m$ operating
system on the nameservers (and i'm sure many here would echo that
suggestion) but obviously that may not be a choice in your case.
here's what my fully licenced copy of doc 2.2.3 had to say:
aura% doc -d granvilleinn.com
Doc-2.2.3: doc -d granvilleinn.com
Doc-2.2.3: Starting test of granvilleinn.com. parent is com.
Doc-2.2.3: Test date - Fri Oct 5 13:01:16 PDT 2001
[snip]
Servers for com.
=== 0 were also authoritatve for granvilleinn.com.
=== 13 were non-authoritative for granvilleinn.com.
Servers for com. (not also authoritative for granvilleinn.com.)
=== agree on NS records for granvilleinn.com.
DEBUG: domserv = news.msmisp.com. routermsm.msmisp.com.
NS list summary for granvilleinn.com. from parent (com.) servers
== news.msmisp.com. routermsm.msmisp.com.
digging @news.msmisp.com. for soa of granvilleinn.com.
DIGERR (NOT_AUTHORIZED): dig @news.msmisp.com. for SOA of
granvilleinn.com. failed
digging @routermsm.msmisp.com. for soa of granvilleinn.com.
DIGERR (NOT_AUTHORIZED): dig @routermsm.msmisp.com. for SOA of
granvilleinn.com. failed
SYSerr: No servers for granvilleinn.com. returned SOAs ...
Summary:
YIKES: doc aborted while testing granvilleinn.com. parent com.
WARNINGS issued for granvilleinn.com. (count: 1)
Incomplete test for granvilleinn.com. (3)
Done testing granvilleinn.com. Fri Oct 5 13:01:44 PDT 2001
i've never seen the NOT_AUTHORIZED error before - dig itself seems to
just be saying connection timed out, but perhaps someone else can
enlighten us.
basically there are so many problems here i don't even know where to
begin :> but i'd begin with fixing the delegation. you should have two
publicly accessible authoritative servers which the domain is delegated
to at the root server level, and these servers should provide the
authoritative information for the zone.
w
--
GPG Public Key:
http://infinitejazz.net/will/pgp/
More information about the bind-users
mailing list