DNS tutor needed

Barry Margolin barmar at genuity.net
Fri Apr 12 19:14:58 UTC 2002 

In article <a97b6c$klp at pub3.rc.vix.com>, scratch <wmedia at xtra.co.nz> wrote:
>I am teaching myself Linux system admin, and need some help with DNS. I am
>running a Redhat 7.2 server with Bind 9.1.3, and have successfully (I think)
>set up my server to be the primary DNS for my.own.domain, and primary DNS
>for a.virtual.domain.

It would be much easier if you would use the real names instead of all
these fake names.  What are you hiding?  You've already admitted that
you're a novice at this, and we know who you are.

>Now I am trying to transfer my.friends.domain to my server but have run into
>problems. The first problem is that it seems that the root servers have the
>wrong NS records (my fault....when I contacted the registrar, I must have
>given them it by mistake).
>
>Lets start with a copy of the domain zone file for
>my.friends.domain(modified to be a little more anonomous)
>
>$TTL    259200
>@               IN      SOA     server.my.own.domain.     my.email.address.
>(
>                                20020103015     ; serial
>                                3600            ; refresh       - 1 hour
>                                3600            ; retry         - 1 hour
>                                604800          ; expire        - 7 days
>                                7200 )          ; default_ttl   - 2 hours
>
>                IN      NS      server.my.own.domain.
>                IN      NS      ns2.nameserver.net.nz.
>
>www             IN      A       my.ip.address
>@                 IN      A       my.ip.address
>@                 IN      MX      5       server.my.own.domain.
>(any problems with this file??)
>
>So, I ran a test on the domain at www.dnsreport.com and got this
>error........
>
>"ERROR: One or more of the nameservers listed at the root servers are not
>listed as NS records at your nameservers. The problem NS records are:
>NS1.NAMESERVER.NET.NZ." (which I DON'T have in my zone file)

That's because you gave the wrong nameservers to the registrar.  The
message says that the list of nameservers in the delegation that the
registrar created is different from the nameservers in the zone file.  It's
not telling you anything you didn't already know.

>Also, I get a warning.....
>
>"WARNING: You have one or more missing (stealth) nameservers. The following
>nameserver(s) are listed (at your nameservers) as nameservers for your
>domain, but are not listed at the root (therefore, nobody will use them):
>ns2.nameserver.net.nz."

This is part of the same problem: the nameservers you registered don't
match the nameservers in the zone file.  Fix the registration and both
problems should go away.

>I don't want to use ns1.nameserver.net.nz at all, but I want
>ns2.nameserver.net.nz to be my secondary DNS (I have contacted them, and
>they have set up the relevant "slave" zone file).
>
>As well as that, I get this error.....
>
>"ERROR: You have one or more lame nameservers. These are nameservers that do
>NOT answer authoritatively for your domain. This is bad; for example, these
>nameservers may never get updated. The following nameservers are lame:
>server.my.own.domain"
>
>Now, I assume all this is because the root server has the wrong NS info. And
>my DNS in not authoritative (there is no aa flag when I dig......does this
>mean non-auth?), and my DNS returns no record. Here is the warning........

This has nothing to do with the root servers.  It indicates that your
server is not answering authoritatively.  Either you don't have the proper
"zone" statement in the named.conf file, or there's a syntax error in the
zone file.  Use "rndc reload" and then check your log file for error
messages related to the zone file.

>"WARNING: At least one of your nameservers did not return your NS records
>(it reported 0 answers). This could be because of a referral, if you have a
>lame nameserver (which would need to be fixed).
>server.my.own.domain returns 0 answers (may be a referral)"
>
>I've contacted the registrar to get the NS info at root server level
>corrected, and am hoping this will solve these errors. (Will it?)

Since your primary server is non-authoritative, the secondary server won't
be able to transfer the zone from you.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list