Weird DNS Problems

Stephen Carville stephen at totalflood.com
Wed Dec 15 14:04:12 UTC 2004 

yOn Wed, 15 Dec 2004, D McDonald wrote:

- Sorry if this is a repeat, I signed up with renski at freeshell.org, and then tried to send it out as renski at sdf
- 
- Hi All,
- 
- About a week ago we switched the DNS server of our domain saturncorp.com to ns.saturncorp.com. It's a redhat
- machine running bind 9.2.3. However it now seems that on some DNS servers are unable to resolve some addresses.
- For example on one isp www.saturncorp.com works fine (non-auth), but ftp.saturncorp.com doesnt work. It appears
- that some of these servers are running on cache alone, im not sure. This is only the second BIND server ive set
- up, and the first was a internal server. Below is my config file..

A couple of obvious problem

whois lists:

   NS.SATURNCORP.COM            12.23.213.25
   CMTU.MT.NS.ELS-GMS.ATT.NET   12.127.16.69
   CBRU.BR.NS.ELS-GMS.ATT.NET   199.191.128.105

as your nameservers but your datafile only lists

12.23.213.25.saturncorp.com for which dig return NXDOMAIN

ns.saturncorp.com doesn't resolve at all.

Serial numbers don't match across nameservers

12.23.213.25    => 15
12.127.16.69    => 30
199.191.128.105 => 30

- // generated by named-bootconf.pl
- // edited by Darren on Sept 9th, 2004
- //      added logging
- //      changed security slightly
- // edited by Lee on 9/14/04
- //      added fordwarding
- // editedby Darren on 1st of Dec, '04
- //      added SOA tweaks
- //      added localhost domain (Apprently this is 'required')
- //      added PID file path
- 
- // To begin with, define groups of IPs for reference later
- //   perhaps as zone transfer peers or something
- // Trusted (for updates later on)
- acl trusted_ips {
-   none;
- };
- 
- acl users {
-   any;
- };
- 
- 
- // Now define specific options for the DNS system
- options {
- 
-         /* forwarding */
-         /* this is where you put the ISP's DNS systems ... best to use root servers */
-         forwarders { 12.127.16.68; 12.127.17.72; };
- 
-         /*security*/
-         /* this means anybody can query us */
-         allow-query { users; };
- 
-         /* Don't reply to version queries, none of anybody's business */
-         version "Not Currently Available";
- 
-         /*SOA*/
-         /*Limits Caching, apprently required for a SOA server*/
-         recursion no;
- 
-         /*PID file (Process ID file*/
-         pid-file "/var/named/named.pid";
- };
- 
- logging {
-   channel default_syslog {
-     /* this means create 20 log files that are 1MB in size before rolling over and updating */
-     /* most current would then be /var/named/log/log, oldest would be /var/named/log/log.020 */
-     file "/var/named/log/log" versions 20 size 1M;
-     severity info;
-     print-time yes;
-     print-severity yes;
-     print-category yes;
-     };
-   channel query_log {
-     file "/var/named/log/qlog" versions 5 size 1M;
-     severity info;
-     print-time yes;
-     print-severity yes;
-     print-category yes;
-     };
- 
-   category lame-servers {null;}; //might want to turn this on later
-   category config   {default_syslog;};
-   category update   {default_syslog;};
-   category xfer-in  {default_syslog;};
-   category xfer-out {default_syslog;};
-   category security {default_syslog;};
-   category queries  {query_log;};
- };
- 
- // Zone Records
- 
- zone "saturncorp.com" IN {
-         type master;
-         file "/var/named/saturncorp.com.zone";
- };
- 
- // required localhost
- zone "localhost" IN {
-         type master;
-         file "/var/named/localhost.zone";
-         allow-update{none;};
- };
- 
- Here is saturncorp.com.zone..
- 
- $TTL 43200
- @ IN    SOA     12.23.213.25 sysop at saturncorp.com.      (
-                                 14 ; serial
-                                 600 ; refresh, 2 minutes (TEMP VALUE FOR TESTING)
-                                 60 ; retry (TEMP)
-                                 3600000 ; expire
-                                 43200 ; ttl, 12 hours MAX for caching (TEMP)
-                                 )
- @               IN      A       12.23.213.10
-                 IN      NS      12.23.213.25
-                 IN      MX      1       saturn3.saturncorp.com.
- saturn3         IN      A       12.23.213.3
- saturn4         IN      A       12.23.213.3  ; this is not a typo
- ; saturn1                       12.23.213.5  ; internal use only
- ; WVC WWW                       12.23.213.7
- www             IN      A       12.23.213.10
- smartsystem     IN      A       12.23.213.15
- ns              IN      A       12.23.213.25
- ns2             IN      A       12.23.213.26
- webplus2        IN      A       12.23.213.42
- webplus3        IN      A       12.23.213.43
- ; lpar3 also                    12.23.213.61
- lpar3           IN      A       12.23.213.63
- lpar4           IN      A       12.23.213.64
- lpar1ftp        IN      A       12.23.213.71
- lpar3ftp        IN      A       12.23.213.73
- lpar4ftp        IN      A       12.23.213.74
- ftp3            IN      A       12.23.213.98
- ftp2            IN      A       12.23.213.99
- lpar1           IN      A       12.23.213.100
- ftp             IN      A       12.23.213.101
- vr              IN      A       12.23.213.9
- 
- If you set the server as your dns server it works fine, and ive checked the domain under whois,
- and the first listed server is ns.saturncorp.com. I just dont get it. If anyone can see
- something im doing wrong, id be most grateful.
- 
- Thanks,
- 
- Renski
-

More information about the bind-users mailing list