configuring secondary zone on windows 2000 server
Barry Finkel
b19141 at achilles.ctd.anl.gov
Fri Jul 2 15:38:42 UTC 2004
Mokwena Motseto <MotsetM at sapo.co.za> wrote:
>>i am running BIND version 4.9 on AIX and i am trying to do configure it to
>>so that the servers that are not in the same domain host secondary records,
>>this is what i get when i do an nslookup, but i have to create a hosts file
>>for cfgrp.co.za domain first which confuses everything, is there a simpler
>>way of doing thies
>>
>>C:\>nslookup -q=ns sapo.co.za
>>Server: nthodns1.sapo.co.za
>>Address: 165.8.11.31
>>
>>sapo.co.za nameserver = ntjhbcfgdc1.xps.cfgrp.co.za
>>sapo.co.za nameserver = ntjhbcfgdc2.xps.cfgrp.co.za
>>sapo.co.za nameserver = ntwcdns1.sapo.co.za
>>sapo.co.za nameserver = nthodns1.sapo.co.za
>>sapo.co.za nameserver = nthodns2.sapo.co.za
>>sapo.co.za nameserver = ntnrdns3.sapo.co.za
>>sapo.co.za nameserver = ntwrdns4.sapo.co.za
>>sapo.co.za nameserver = ntfsdns5.sapo.co.za
>>sapo.co.za nameserver = ntkzdns6.sapo.co.za
>>sapo.co.za nameserver = ntecdns7.sapo.co.za
>>sapo.co.za nameserver = ntburgerps.sapo.co.za
>>sapo.co.za nameserver = techora4.sapo.co.za
>>sapo.co.za nameserver = open.sapo.co.za
>>sapo.co.za nameserver = sdsra.sapo.co.za
>>ntwcdns1.sapo.co.za internet address = 165.10.3.31
>>nthodns1.sapo.co.za internet address = 165.8.11.31
>>nthodns2.sapo.co.za internet address = 10.5.50.103
>>ntnrdns3.sapo.co.za internet address = 165.11.88.140
>>ntwrdns4.sapo.co.za internet address = 10.96.2.24
>>ntfsdns5.sapo.co.za internet address = 165.9.129.47
>>ntkzdns6.sapo.co.za internet address = 165.9.1.26
>>ntecdns7.sapo.co.za internet address = 165.10.177.37
>>ntburgerps.sapo.co.za internet address = 165.8.6.180
If I interpret the problem correctly, the zone
sapo.co.za
is mastered on an AIX BIND 4.9 server, and Mokwena Motseto wants to
slave the zone on a MS W2k DNS Server.
I am omitting part of the various replies to the original posting.
Mokwena Motseto <MotsetM at sapo.co.za> wrote in reply:
>Hi This what i get when i dig does it say anything
>
>D:\Dig>dig sapo.co.za soa @sdsra.sapo.co.za
>
>; <<>> DiG 9.2.2 <<>> sapo.co.za soa @sdsra.sapo.co.za
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 14, ADDITIONAL: 5
>
>;; QUESTION SECTION:
>;sapo.co.za. IN SOA
>
>;; ANSWER SECTION:
>sapo.co.za. 2419200 IN SOA sdsra.sapo.co.za.
>root.sdsra.sapo.co.za. 2004062901 10800 1800 5184000 2419200
>
>;; AUTHORITY SECTION:
>sapo.co.za. 2419200 IN NS nthodns1.sapo.co.za.
>sapo.co.za. 2419200 IN NS nthodns2.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntnrdns3.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntwrdns4.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntfsdns5.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntkzdns6.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntecdns7.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntburgerps.sapo.co.za.
>sapo.co.za. 2419200 IN NS techora4.sapo.co.za.
>sapo.co.za. 2419200 IN NS open.sapo.co.za.
>sapo.co.za. 2419200 IN NS sdsra.sapo.co.za.
>sapo.co.za. 2419200 IN NS ntjhbcfgdc1.xps.cfgrp.co.za.
>sapo.co.za. 2419200 IN NS ntjhbcfgdc2.xps.cfgrp.co.za.
>sapo.co.za. 2419200 IN NS ntwcdns1.sapo.co.za.
>
>;; ADDITIONAL SECTION:
>nthodns1.sapo.co.za. 2419200 IN A 165.8.11.31
>nthodns2.sapo.co.za. 2419200 IN A 10.5.50.103
>ntnrdns3.sapo.co.za. 2419200 IN A 165.11.88.140
>ntwrdns4.sapo.co.za. 2419200 IN A 10.96.2.24
>ntfsdns5.sapo.co.za. 2419200 IN A 165.9.129.47
>
>;; Query time: 218 msec
>;; SERVER: 165.8.9.51#53(sdsra.sapo.co.za)
>;; WHEN: Thu Jul 01 18:49:12 2004
>;; MSG SIZE rcvd: 487
To diagnose this problem, I would get a network trace on both the AIX
machine and the MS W2k machine. I have not used AIX for a while, so
I do not know if snoop is available. On the W2k machine, enable full
DNS logging; I believe that a full NetMon trace is not needed.
I tried some DNS AXFRs from my Solaris 9 workstation:
britaine% dig sapo.co.za axfr @sdsra.sapo.co.za
; <<>> DiG 8.3 <<>> sapo.co.za axfr @sdsra.sapo.co.za
; Bad server: sdsra.sapo.co.za -- using default server and timer opts
; (3 servers found)
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 146.139.254.5
;; WHEN: Fri Jul 2 10:13:17 2004
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 130.202.20.3
;; WHEN: Fri Jul 2 10:13:17 2004
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 146.137.64.5
;; WHEN: Fri Jul 2 10:13:17 2004
britaine% dig sapo.co.za axfr @open.sapo.co.za.
; <<>> DiG 8.3 <<>> sapo.co.za axfr @open.sapo.co.za.
; Bad server: open.sapo.co.za. -- using default server and timer opts
; (3 servers found)
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 146.139.254.5
;; WHEN: Fri Jul 2 10:14:07 2004
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 130.202.20.3
;; WHEN: Fri Jul 2 10:14:07 2004
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 146.137.64.5
;; WHEN: Fri Jul 2 10:14:07 2004
britaine% dig sapo.co.za axfr @nthodns1.sapo.co.za.
; <<>> DiG 8.3 <<>> sapo.co.za axfr @nthodns1.sapo.co.za.
; Bad server: nthodns1.sapo.co.za. -- using default server and timer opts
; (3 servers found)
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 146.139.254.5
;; WHEN: Fri Jul 2 10:14:35 2004
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 130.202.20.3
;; WHEN: Fri Jul 2 10:14:35 2004
;; Received 0 answers (0 records).
;; FROM: britaine.ctd.anl.gov to SERVER: 146.137.64.5
;; WHEN: Fri Jul 2 10:14:35 2004
britaine%
I used three of the numerous DNS servers listed in the NS list for that
zone. Each time dig replied:
"Bad server"
I looked at the syslog on both of my DNS servers, and I saw these
messages:
Jul 2 10:13:18 oberon.ctd.anl.gov named[243]:
[ID 866145 daemon.info] client 146.137.238.133#40184:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:13:15 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] lame server resolving 'sdsra.sapo.co.za'
(in 'sapo.co.za'?): 196.22.164.8#53
Jul 2 10:13:18 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] client 146.137.238.133#40183:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:13:18 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] client 146.137.238.133#40185:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:14:07 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] lame server resolving 'open.sapo.co.za'
(in 'sapo.co.za'?): 196.14.239.2#53
Jul 2 10:14:08 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] lame server resolving 'open.sapo.co.za'
(in 'sapo.co.za'?): 168.210.2.2#53
Jul 2 10:14:08 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] client 146.137.238.133#40186:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:14:08 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] client 146.137.238.133#40188:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:14:08 oberon.ctd.anl.gov named[243]:
[ID 866145 daemon.info] client 146.137.238.133#40187:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:14:36 oberon.ctd.anl.gov named[243]:
[ID 866145 daemon.info] client 146.137.238.133#40190:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
Jul 2 10:14:36 titania.ctd.anl.gov named[244]:
[ID 866145 daemon.info] client 146.137.238.133#40189:
bad zone transfer request: 'sapo.co.za/IN':
non-authoritative zone (NOTAUTH)
I am not sure exactly how to interpret these results.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list