Problem pinging host from internet
James Griffin
agriffin at cpcug.org
Sat Feb 9 15:57:44 UTC 2002
waynoedm at telusplanet.net wrote:
>
> Well, I'm back after starting over again. Reinstalled my OS as I removed my
> system from behind my firewall as a troubleshooting step due to the fact that I
> could not ping my box (ns1) from outside my local network. Inside, I could ping
> ns1.dzhosting.net. Now, after starting over again, I can't ping from inside or
> outside. I can obviously ping ns1 internally.
>
> ns1# ping ns1.dzhosting.net
> ping: unknown host: ns1.dzhosting.net
>
This is not an indication of a 'ping' problem, but a host name lookup.
> The result I get from running 'named-checkconf' is the following...
> ns1# named-checkconf the default for the 'auth-nxdomain' option is now 'no'
>
> When I run named-checkzone the results are all "OK".
Good use of the tools provided with BIND. This (and the note below that
there are not errors in the log on start up) suggest that there are
delegation problems. We use 'doc' a bit later to see what it shows.
>
> The IP for my system is 142.179.189.122. The domain dzhosting.net is being
> pointed to 142.179.189.122 by my ISP and typeing in www.dzhosting.net outside
> the network points to my IP correctly.
>
So, if you can 'dig' for www.dzhosting.net. and get the correct answer,
lets trace that lookup.
First, does it work from here? Yes.
$ dig +short www.dzhosting.net.
142.179.189.122
Now the trace:
$ dig +trace www.dzhosting.net.
; <<>> DiG 9.2.0 <<>> +trace www.dzhosting.net.
;; global options: printcmd
. 121540 IN NS E.ROOT-SERVERS.NET.
. 121540 IN NS F.ROOT-SERVERS.NET.
. 121540 IN NS G.ROOT-SERVERS.NET.
. 121540 IN NS H.ROOT-SERVERS.NET.
. 121540 IN NS I.ROOT-SERVERS.NET.
. 121540 IN NS J.ROOT-SERVERS.NET.
. 121540 IN NS K.ROOT-SERVERS.NET.
. 121540 IN NS L.ROOT-SERVERS.NET.
. 121540 IN NS M.ROOT-SERVERS.NET.
. 121540 IN NS A.ROOT-SERVERS.NET.
. 121540 IN NS B.ROOT-SERVERS.NET.
. 121540 IN NS C.ROOT-SERVERS.NET.
. 121540 IN NS D.ROOT-SERVERS.NET.
;; Received 308 bytes from 127.0.0.1#53(127.0.0.1) in 7 ms
net. 172800 IN NS A.GTLD-SERVERS.net.
net. 172800 IN NS G.GTLD-SERVERS.net.
net. 172800 IN NS H.GTLD-SERVERS.net.
net. 172800 IN NS C.GTLD-SERVERS.net.
net. 172800 IN NS I.GTLD-SERVERS.net.
net. 172800 IN NS B.GTLD-SERVERS.net.
net. 172800 IN NS D.GTLD-SERVERS.net.
net. 172800 IN NS L.GTLD-SERVERS.net.
net. 172800 IN NS F.GTLD-SERVERS.net.
net. 172800 IN NS J.GTLD-SERVERS.net.
net. 172800 IN NS K.GTLD-SERVERS.net.
net. 172800 IN NS E.GTLD-SERVERS.net.
net. 172800 IN NS M.GTLD-SERVERS.net.
;; Received 464 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 295
ms
dzhosting.net. 172800 IN NS CLGRPS01.AGT.net.
dzhosting.net. 172800 IN NS CLGRPS02.AGT.net.
;; Received 117 bytes from 192.5.6.30#53(A.GTLD-SERVERS.net) in 21 ms
www.dzhosting.net. 86400 IN A 142.179.189.122
dzhosting.net. 86400 IN NS clgrps01.telus.net.
dzhosting.net. 86400 IN NS clgrps02.telus.net.
;; Received 135 bytes from 198.80.55.1#53(CLGRPS01.AGT.net) in 204 ms
Note that the root-servers report clgrps0[12].agt.net. and the name
servers for the dzhosting.net. while the generic servers (gtld-servers)
give a different answer, i.e., clgrps0[12].telus.net.
The delegation is not correct (nor is it complete.)
Let's trace ns1.dzhosting.net.
$ dig +trace ns1.dzhosting.net.
; <<>> DiG 9.2.0 <<>> +trace ns1.dzhosting.net.
;; global options: printcmd
. 121141 IN NS C.ROOT-SERVERS.NET.
. 121141 IN NS D.ROOT-SERVERS.NET.
. 121141 IN NS E.ROOT-SERVERS.NET.
. 121141 IN NS F.ROOT-SERVERS.NET.
. 121141 IN NS G.ROOT-SERVERS.NET.
. 121141 IN NS H.ROOT-SERVERS.NET.
. 121141 IN NS I.ROOT-SERVERS.NET.
. 121141 IN NS J.ROOT-SERVERS.NET.
. 121141 IN NS K.ROOT-SERVERS.NET.
. 121141 IN NS L.ROOT-SERVERS.NET.
. 121141 IN NS M.ROOT-SERVERS.NET.
. 121141 IN NS A.ROOT-SERVERS.NET.
. 121141 IN NS B.ROOT-SERVERS.NET.
;; Received 324 bytes from 127.0.0.1#53(127.0.0.1) in 6 ms
net. 172800 IN NS A.GTLD-SERVERS.net.
net. 172800 IN NS G.GTLD-SERVERS.net.
net. 172800 IN NS H.GTLD-SERVERS.net.
net. 172800 IN NS C.GTLD-SERVERS.net.
net. 172800 IN NS I.GTLD-SERVERS.net.
net. 172800 IN NS B.GTLD-SERVERS.net.
net. 172800 IN NS D.GTLD-SERVERS.net.
net. 172800 IN NS L.GTLD-SERVERS.net.
net. 172800 IN NS F.GTLD-SERVERS.net.
net. 172800 IN NS J.GTLD-SERVERS.net.
net. 172800 IN NS K.GTLD-SERVERS.net.
net. 172800 IN NS E.GTLD-SERVERS.net.
net. 172800 IN NS M.GTLD-SERVERS.net.
;; Received 464 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 42 ms
dzhosting.net. 172800 IN NS CLGRPS01.AGT.net.
dzhosting.net. 172800 IN NS CLGRPS02.AGT.net.
;; Received 117 bytes from 192.5.6.30#53(A.GTLD-SERVERS.net) in 20 ms
dzhosting.net. 86400 IN SOA edtnps16.telus.net.
hostmaster.telus.net. 2002020104 10800 3600 604800 86400
;; Received 97 bytes from 198.80.55.1#53(CLGRPS01.AGT.net) in 257 ms
Note that it stops at the AGT.NET and returns the SOA RR which suggests
a possible third source of information, i.e., edtnps16.telus.net!
Note the serial number (2002020104) in the SOA returned from
CLGRPS01.AGT.net. Compare it with the serial number (2) in the SOA from
the dahosting.net.zone file below:
> filename: dzhosting.net.zone
>
> $TTL 86400
> @ IN SOA ns1.dzhosting.net. root.dzhosting.net. (
> 2 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 86400 ; ttl
> )
>
The question now becomes, "are the telus.net/agt.net name servers
configured to be slave servers for dzhosting.net.?" If so, then the
smaller serial number (2) at the master will prevent the slaves from
doing a zone transfer and getting the updated file. If they are not
configured as slaves, then it does not matter what the serial number is,
but then the world will never hear about ns1.dzhosting.net or any other
changes that you make to the master zone.
You need to correct your deletations and may need to get your slave
servers properly configured. Correct the serial number too.
With this information, I see no reason to run 'doc'.
[snip of files]
Hope this is helpful (and correct).
Jim
More information about the bind-users
mailing list