sub domain options

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 14 22:42:28 UTC 2002 

chris at rockfort.com wrote:

> I am having terrible time trying to get 2 sub domains to perform properly.
> at around 4 am til 10am the records disapears. In other words if you try to
> get the resource http://sub.mydomain.com there is no DNS record, yet the
> main record http://mydomain.com is always avail able and works properly in
> both cases. In each zone file the sub domain is refernced as an "A" record
> like this
> sub  IN A 1.2.3.4
>
> I would to create a new zone file for these sub domains, but I am not sure
> if that would be "illegal". In other words
>
> $TTL  86400
> $ORIGIN sub.domain.com
>
> and then configure the named.conf to refelct this new zone.. Please keep in
> mind that this sever is the authorothy for http://mydomain.com and that
> this zone is also on the same server that I intended to do this with...

Delegating subzones for "problem" names is a terrible, shotgun approach to
solving a name-resolution problem of this kind.

You need to get to the bottom of why the name is not resolving some of the
time. What kind of error is being returned by the relevant nameservers:
NXDOMAIN, SERVFAIL, NODATA (this is a pseudo-error-code which represents an
empty answer)? Are the clients timing out resolving the name? Are you going
through a firewall to resolve the name? If so, look over the firewall rules.
Are you having intermittent network issues (look particularly hard at possible
sources of packet loss, since most DNS queries use UDP packets, which are
often the first to be tossed in congestion situations)? Have you turned on
query logging on the server to even see if the queries are getting to it? Do
you have a sniffer available to watch the network segments between the client
and the server (or between nameservers if you have a multi-tiered
DNS infrastructure)? Do you have strategically-located slaves, and are those
slaves replicating properly from the master?

Unless you get to the root cause of this problem, you're likely to have the
same issue even if the names are delegated into subzones, and on top of that
your DNS configuration will be more complicated and verbose than it needs to
be. Don't dig yourself into a bigger hole.


- Kevin

More information about the bind-users mailing list