Name resolution problem with BIND 8.3.3

Danny Mayer mayer at gis.net
Mon Dec 2 03:29:50 UTC 2002


At 08:39 PM 11/30/02, elemental wrote:
>I've got a particularly frustrating problem on my hands involving name
>resolution on a private network. First, the details:
>
>Server:
>Debian Linux 3.0 (Woody)
>BIND 8.3.3 (with recent patches applied)
>
>Client:
>Windows 2000 Professional SP3
>
>Network:
>Server address: 10.23.1.11 through 10.23.1.14
>Client address: 10.23.1.101
>Internet connection: 10.23.1.1
>The router is doing NAT for all internal machines. The only port forwarded
>through the router from outside is 22 for SSH to the server.
>
>For the purposes of this post, "example.net" is used in place of the actual
>domain name. I'm being thorough here because I believe that too much
>information here is better than not enough :)
>
>Apache is running on the server with a few development web sites (only
>accessible from the local network), all with names in the *.int.example.net
>and *.dev.example.net subdomains.  There are public services running on a
>different network segment under the *.example.net domain. The nameservers for
>this second-level domain are on a different, publicly accessible, machine.
>These primary name servers are not aware of the int and dev subdomains.
>
>DNS resolution works perfectly on the server, nslookup resolves all names and
>web browsers browsing to the site on the local machine work fine. This server
>is the first choice DNS server for all client machines on the network.
>
>Both nslookup and dig on the Win2000 machine work perfectly, never failing to
>resolve the name to an IP address. However, I periodically am unable to
>resolve the name via a browser or any other network application on this
>machine (including ping and wget). Restarting the machine fixes the problem
>temporarily, but it *always* fails again after a day or so. This behavior is
>reproducible and has been observed on multiple client machines.
>
>I'm unsure whether the problem is on the client or the server. The fact that
>I've seen this on multiple clients suggests that it's the server. However,
>the fact that nslookup and dig on the clients work but nothing else does
>puzzles me. Do these utilities on Windows 2000 call some different function
>for name resolution than other applications?
>
>My zone file for dev.example.net is included below.
>"fileserv.int.example.net" is the machine BIND is running on. For testing
>purposes, I have created a db.example.test and am experiencing the same
>problems when trying to resolve *.example.test names.
>
>I feel like my description of the problem is kind of awkward. Feel free to
>ask for clarification of any points, I'll be reading the group daily. Thanks
>in advance for any help anyone can provide.

This really is a Windows problem.  Try turning off the DNS Cache client
in Services (make it manual).  The cache is probably causing you
problems. If you are using dig and nslookup from the Windows BIND
kit, it does not use the same resolver at the other Windows clients. It
uses the BIND resolver. Be careful that you are using either Microsoft's
nslookup or BIND's nslookup.

Danny


>Kenn
>s/gov/com to e-mail
>
>---------- Begin Zone File ----------
>
>$ORIGIN dev.example.net.
>$TTL    24h
>@       IN      SOA     fileserv.int.example.net. hostmaster.example.net. (
>                                 2002021501      ; Serial
>                                 3h              ; Refresh
>                                 1h              ; Retry
>                                 7d              ; Expire
>                                 1h )            ; Negative caching TTL
>
>@               IN      NS      ibiza.flux.synaesthetic.net.
>@               IN      A       10.23.1.13
>
>; A Records
>
>*               IN      A       10.23.1.13      ; Wildcard
>
>---------- End Zone File ----------



More information about the bind-users mailing list