server will only answer for it's own zones

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sun Jan 13 23:34:49 UTC 2002


> 
> For clarity note that the actual named.root entry is:
> 
> zone "." IN {
>          type hint;
>          file "named.root";
> };

	Well what do you have in named.root?

> 
> Also, named starts with no errors to speak of:
> 
> Jan 13 14:14:55 NS2 named[11688]: shutting down
> Jan 13 14:14:55 NS2 named[11688]: no longer listening on 127.0.0.1#53
> Jan 13 14:14:55 NS2 named[11688]: no longer listening on 24.197.31.131#53

	Well it looks like you have routing problems.  Whether they are
	permanent or not I don't know.  Check that you can ping the root
	servers (use there IP addresses and -n so that the DNS is not
	involved).  Next use 'dig ns . @<root-server-IP-address>' to
	see if you can get DNS answers from the root servers.

traceroute to 24.197.31.131 (24.197.31.131), 64 hops max, 40 byte packets
 1  n200 (130.155.191.238)  16.692 ms  18.785 ms  16.746 ms
 2  octopus.tip.CSIRO.AU (130.155.192.7)  44.841 ms  33.639 ms  30.540 ms
 3  rpl.gw.CSIRO.AU (130.155.192.2)  30.460 ms  30.986 ms  30.486 ms
 4  nsw.gw.CSIRO.AU (130.155.1.141)  32.995 ms  32.615 ms  34.665 ms
 5  nswrno2-atm4-0-ultimo.nswrno.net.au (203.15.123.37)  31.793 ms  31.910 ms  33.115 ms
 6  ATM3-0-0-1.ia4.optus.net.au (202.139.139.121)  36.745 ms  36.070 ms  36.870 ms
	...  
25  ATM3-0-0-1.ia4.optus.net.au (202.139.139.121)  35.776 ms !H *  125.238 ms !H

> Jan 13 14:14:55 NS2 named[11684]: exiting
> Jan 13 14:14:55 NS2 named: named shutdown succeeded
> Jan 13 14:14:55 NS2 named[13307]: starting BIND 9.1.0 -u named -d3

	Please upgrade BIND 9.2.0 is out.  BIND 9.1.0 is well past its
	"use by" date.

> Jan 13 14:14:55 NS2 named: named startup succeeded
> Jan 13 14:14:55 NS2 named[13307]: using 1 CPU
> Jan 13 14:14:55 NS2 named[13311]: loading configuration from=
>  '/etc/named.conf'
> Jan 13 14:14:55 NS2 named[13311]: the default for the 'auth-nxdomain'=20
> option is now 'no'
> Jan 13 14:14:55 NS2 named[13311]: no IPv6 interfaces found
> Jan 13 14:14:55 NS2 named[13311]: listening on IPv4 interface lo,=
>  127.0.0.1#53
> Jan 13 14:14:55 NS2 named[13311]: listening on IPv4 interface eth0,=20
> 24.197.31.131#53
> Jan 13 14:14:55 NS2 named[13311]: running
> 
> At 08:59 AM 1/13/2002 -0500, you wrote:
> 
> >Hello:
> >
> >I have a server that will not answer for any zone other than one in which
> >it is authoritative.  I have tried this with recursive on or left out of
> >the config with no change in behavior.  I have ensured that there is no
> >packet filtering involved as I have removed the firewall for all testing
> >sessions.  The named.conf is at the end of the email.  This really looks
> >like it has a bum named.root cache, but I am no expert.  Here is a dig that
> >will show my point (the first is for a zone that it is authoritative for
> >and the second is not):
> >
> >[root at kites net]# dig @ns2.ci.bedford.va.us kites.org. any
> >
> >; <<>> DiG 9.1.3 <<>> @ns2.ci.bedford.va.us kites.org. any
> >;; global options:  printcmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63979
> >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 2
> >
> >;; QUESTION SECTION:
> >;kites.org.                     IN      ANY
> >
> >;; ANSWER SECTION:
> >kites.org.              900     IN      SOA     kites.kites.org.
> >james.kites.org. 200201071 900 300 2592000 900
> >kites.org.              900     IN      NS      kites.kites.org.
> >kites.org.              900     IN      NS      ns2.ci.bedford.va.us.
> >kites.org.              900     IN      MX      5 kites.kites.org.
> >
> >;; AUTHORITY SECTION:
> >kites.org.              900     IN      NS      ns2.ci.bedford.va.us.
> >kites.org.              900     IN      NS      kites.kites.org.
> >
> >;; ADDITIONAL SECTION:
> >ns2.ci.bedford.va.us.   900     IN      A       24.197.31.131
> >kites.kites.org.        900     IN      A       24.197.0.67
> >
> >;; Query time: 58 msec
> >;; SERVER: 24.197.31.131#53(ns2.ci.bedford.va.us)
> >;; WHEN: Sun Jan 13 08:45:26 2002
> >;; MSG SIZE  rcvd: 199
> >
> >[root at kites net]# dig @ns2.ci.bedford.va.us hp.com. any
> >
> >; <<>> DiG 9.1.3 <<>> @ns2.ci.bedford.va.us hp.com. any
> >;; global options:  printcmd
> >;; connection timed out; no servers could be reached
> >
> >Here is the named.conf (with many zones deleted for brevity):
> >
> >logging {
> >               category lame-servers { null; };
> >               category default { default_syslog; default_debug; };
> >               channel default_debug {
> >               file "/var/log/named";    # write to named.run in the=
>  working
> >directory
> >                                    # Note: stderr is used instead of
> >"named.run"
> >                                    # if the server is started with the -f
> >option.
> >               severity dynamic;    # log at the server's current debug=
>  level
> >           };
> >};
> >
> >options {
> >         allow-recursion {
> >         any;
> >         };
> >          notify no;
> >          directory "/etc/dns";
> >         query-source address * port 53;
> >          forwarders {
> >                  198.6.1.122;
> >                  198.6.1.142;
> >                  198.6.1.146;
> >          };
> >};
> >
> >zone "0.0.127.IN-ADDR.ARPA" {
> >          type master;
> >          file "named.local";
> >};
> >
> >zone "ci.bedford.va.us" {
> >          type slave;
> >          file "db.ci.bedford.va.us";
> >          masters { 24.197.0.67; };
> >};
> >
> >zone "kites.org" {
> >          type slave;
> >          file "db.kites.org";
> >          masters { 24.197.0.67; };
> >};
> >
> >zone "." IN {
> >          type hint;
> >          file "named.root";
> >          }
> 
>   ..........__o
>   ... ..... \<
>   ..... (_)/(_)
> 
> James Ervin
> "When I see an adult on a bicycle, I do not despair for the future of
> the human race."    =97H. G. Wells
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list