DNS Problems - Need to get it working.
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Sun Jun 20 08:03:56 UTC 2004
Spencer Yost <syost at triad.rr.com> wrote:
> Sorry if this has been discussed, but my problem is a bit vague and
> shapeless and searching the archives proved difficult.
> I am in the midst of creating a new authoritative nameserver for severa=
l
> domains. I got the latest BIND (9.3.0rc1)and had no trouble building =
and
> installing. Configuring seemed to be a snap (I was running 9.1 on the =
old
> machine so nothing much was different). I ran DNSWALK to confirm stuf=
f
> and everything is AOK. Doing a nslookup with "set debug" reveals DNS =
info
> on the Internet is correct for my server and domains.
> Sound good? Not quite.
> Every computer that tries to use this new name server as a resolver can=
NOT
> resolve any domains. If I am logged in locally to the server I can
> resolve anything. No one on the Internet can find any of my
> hostname/domains either. (ie can't find www.yhimc.com). Turning up/O=
N
> debugging produces nothing in the log files except success messages fro=
m
> startup and me logged onto the DNS server doing lookups.
> As an example, I host yhimc.com. The new DNS server is
> heavyiron.atis.net. I can do a nslookup/dig on any machine on my netwo=
rk
> that uses heavyiron.atis.net as a DNS server and can NOT resolve
> www.yhimc.com or any other domain. Likewise John Doe on his machine an=
d
> ISP across the world can not resolve www.yhimc.com. Logging on to the
> server and doing a query DOES resolve it just fine though.
> Clues/Hints/Weird Observations:
> - DNSWALK likes everything
> - Statfiles show no requests(should be getting hundreds but only have a
> handful)
> - Message everyone gets is SERVFAIL
> - If anyone runs nslookup and types server <heavyiron IP address> and =
then
> does his lookup, he gets a SERVFAIL also.
> - My server acts like it doesn't see any request that doesn't originate
> from localhost(nothing in log files, stat files, etc).
> - Using zone and conf files that are in production in BIND 9.1. I jus=
t
> changed IP addresses and few little odds and ends like that.
> - The old/current name server is still running and serving up info to a=
ny
> computer that wants it.
> - NS records at the registrar were changed 36 hours ago and because mos=
t
> users do NOT seem to be getting the old information found at the old se=
rver
> and are getting errors instead, I assume the DNS/NS information has
> propagated.
> Thanks in advance for any help you can provide,
> Spencer Yost
The zone yhimc.com. is slightly broken,
it's delegated to :
yhimc.com. 172800 IN NS heavyiron.atis.net.
yhimc.com. 172800 IN NS ns2-auth.sprintlink.net.
but "ns2-auth.sprintlink.net." is lame
the "Negative-cache TTL" is larger then your default TTL
Those faults should not however give the symptoms you have given. Asking=20
heavyiron.atis.net. just about any query results in an answer ( you might
prevent outsiders by "no-recursion")
Are your clients correct configured ? Are firewall-filters obstructing ?
--=20
Peter H=E5kanson =20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out=
,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list