Problems Resolving Active Directory Entries
Jiann-Ming Su
sujiannming at gmail.com
Thu Dec 9 20:41:42 UTC 2004
I'm using BIND 9.2.2. I have the following in my db.mydomain.bogus file:
dc1.ad IN A 192.168.209.166
dc2.ad IN A 192.168.209.167
_TCP.ad IN NS dc1.ad.mydomain.bogus.
_TCP.ad IN NS dc2.ad.mydomain.bogus.
_UDP.ad IN NS dc1.ad.mydomain.bogus.
_UDP.ad IN NS dc2.ad.mydomain.bogus.
_MSDCS.ad IN NS dc1.ad.mydomain.bogus.
_MSDCS.ad IN NS dc2.ad.mydomain.bogus.
_SITES.ad IN NS dc1.ad.mydomain.bogus.
_SITES.ad IN NS dc2.ad.mydomain.bogus.
_DomainDnsZone.ad IN NS dc1.ad.mydomain.bogus.
_DomainDnsZone.ad IN NS dc2.ad.mydomain.bogus.
_ForrestDnsZone.ad IN NS dc1.ad.mydomain.bogus.
_ForrestDnsZone.ad IN NS dc2.ad.mydomain.bogus.
Then I run dig on my master nameserver:
[ns-master]$ dig _TCP.ad.mydomain.bogus. -t SOA
; <<>> DiG 9.2.2 <<>> _TCP.ad.mydomain.bogus. -t SOA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36824
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_TCP.ad.mydomain.bogus. IN SOA
;; Query time: 2 msec
;; SERVER: 192.168.9.10#53(192.168.9.10)
;; WHEN: Thu Dec 9 15:13:11 2004
;; MSG SIZE rcvd: 39
Notice that nothing returns. But, if I specify the localhost to query:
[ns-master]$ dig @127.0.0.1 _TCP.ad.mydomain.bogus. -t SOA
; <<>> DiG 9.2.2 <<>> @127.0.0.1 _TCP.ad.mydomain.bogus. -t SOA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18235
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;_TCP.ad.mydomain.bogus. IN SOA
;; AUTHORITY SECTION:
_TCP.ad.mydomain.bogus. 86400 IN NS dc1.ad.mydomain.bogus.
_TCP.ad.mydomain.bogus. 86400 IN NS dc2.ad.mydomain.bogus.
;; ADDITIONAL SECTION:
dc1.ad.mydomain.bogus. 86400 IN A 192.168.209.166
dc2.ad.mydomain.bogus. 86400 IN A 192.168.209.167
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Dec 9 15:15:46 2004
;; MSG SIZE rcvd: 119
For reference, dc1 and dc2 resolves:
[ns-master]$ dig dc1.ad.mydomain.bogus
; <<>> DiG 9.2.2 <<>> dc1.ad.mydomain.bogus
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36776
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 8
;; QUESTION SECTION:
;dc1.ad.mydomain.bogus. IN A
;; ANSWER SECTION:
dc1.ad.mydomain.bogus. 86400 IN A 192.168.209.166
;; AUTHORITY SECTION:
mydomain.bogus. 86400 IN NS ns1.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns2.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns3.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns4.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns5.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns6.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns7.mydomain.bogus.
mydomain.bogus. 86400 IN NS ns8.mydomain.bogus.
;; ADDITIONAL SECTION:
ns1.mydomain.bogus. 86400 IN A 192.168.200.30
ns2.mydomain.bogus. 86400 IN A 192.168.16.100
ns3.mydomain.bogus. 86400 IN A 192.168.5.100
ns4.mydomain.bogus. 86400 IN A 192.168.48.100
ns5.mydomain.bogus. 86400 IN A 192.168.32.100
ns6.mydomain.bogus. 86400 IN A 192.168.1.1
ns7.mydomain.bogus. 86400 IN A 192.168.96.100
ns8.mydomain.bogus. 86400 IN A 192.168.2.1
;; Query time: 1 msec
;; SERVER: 192.168.9.10#53(192.168.9.10)
;; WHEN: Thu Dec 9 15:23:15 2004
;; MSG SIZE rcvd: 353
When I do a tcpdump of the DNS traffic, the only obvious difference I see
is "Reply code: No such name (3)" for the one that didn't work. Is this
a bug? Or, do I have something misconfigured? Thanks for any insight.
--
Jiann-Ming Su
"I have to decide between two equally frightening options.
If I wanted to do that, I'd vote." --Duckman
More information about the bind-users
mailing list