Server Not Authoratative

Mark Andrews Mark_Andrews at isc.org
Tue Sep 13 07:18:36 UTC 2005 

> Hi Mark, thanks for the reply.
> On 9/13/05, Mark Andrews <Mark_Andrews at isc.org> wrote: 
> 
> Named doesn't care about CNAMEs pointing to CNAMEs. You
> > have misdiagnosed the problem.
> 
> 
> 
> Hmm, well what I know is that I was getting this in my logs...
> 
> Sep 13 00:30:21 ns1 named[6004]: dns_master_load: master/catastrophe.net:49: 
> ni
> ne.catastrophe.net <http://ne.catastrophe.net>: CNAME and other data
> Sep 13 00:30:21 ns1 named[6004]: zone
> catastrophe.net/IN/external<http://catastrophe.net/IN/external>:
> loading mast
> er file master/catastrophe.net: CNAME and other data
> 
> So, just testing, I removed the following...
> 
> mickey IN CNAME accatag.dyndns.org <http://accatag.dyndns.org>
> 
> and things started working without that error above. That was the only 
> reference to a CNAME in my zone.

	It started working because mickey had some other data.  You
	could have removed the other data and got it working as well.

	From RFC 1034.

            If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different.  This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.

 
> 227.207.in-addr.arpa. 86400 IN NS ns2.level3.net <http://ns2.level3.net>.
> > 227.207.in-addr.arpa. 86400 IN NS ns1.level3.net <http://ns1.level3.net>.
> > ;; Received 92 bytes from 192.41.162.32#53(epazote.ARIN.NET<http://epazote.
> ARIN.NET>) 
> > in 215 ms
> > 
> > 243.227.207.in-addr.arpa. 86400 IN NS pulmonary.ispfh.org<http://pulmonary.
> ispfh.org>
> > .
> > 243.227.207.in-addr.arpa. 86400 IN NS peabody.cultural.com<http://peabody.c
> ultural.com>
> > .
> > ;; Received 145 bytes from 209.244.0.2#53(ns2.level3.net<http://ns2.level3.
> net>) 
> > in 167 ms
> > 
> > 195.243.227.207.in-addr.arpa. 86400 IN NS A.NS.NXIO.US<http://A.NS.NXIO.US>
> > .
> > ;; Received 88 bytes from 207.227.240.1#53(pulmonary.ispfh.org<http://pulmo
> nary.ispfh.org>) 
> > in 1032 ms
> > 
> > 195.243.227.207.in-addr.arpa. 7200 IN PTR a.mx.nxio.us<http://a.mx.nxio.us>
> > .
> > 243.227.207.in-addr.arpa. 7200 IN NS ns1.nxio.us <http://ns1.nxio.us>.
> > ;; Received 90 bytes from 2001:4830:2280::53#53(A.NS.NXIO.US<http://A.NS.NX
> IO.US>) 
> > in 244 ms
> > 
> > Well A.NS.NXIO.US <http://A.NS.NXIO.US> is supposed to be serving
> > 195.243.227.207.IN-ADDR.ARPA acording to PULMONARY.ISPFH.ORG<http://PULMONA
> RY.ISPFH.ORG>
> > but is not configured to serve it based on the last answer
> > above. Instead it is serving 243.227.207.IN-ADDR.ARPA.
> 

> Thanks for the diagnosis. Here's my zone...
> 
> $TTL 2h ; default ttl
> @ IN SOA ns1.nxio.us <http://ns1.nxio.us>. root.nxio.us<http://root.nxio.us>.

	Turn off the stupid option that stuffs a URL after everything
	that looks like a hostname in your MUA.  All it does is make the
	message hard to read especially on this list where there are
	lots of domain names in examples.
  
> (
> 2005051802 ; se = serial number
> 3h ; ref = refresh
> 15m ; ret = update retry
> 3w ; ex = expiry
> 3h ) ; min = minimum
> IN NS ns1.nxio.us <http://ns1.nxio.us>.
> 193 IN PTR ictus.catastrophe.net <http://ictus.catastrophe.net>.
> 194 IN PTR ns1.nxio.us <http://ns1.nxio.us>.
> 195 IN PTR a.mx.nxio.us <http://a.mx.nxio.us>.
> 197 IN PTR sidesplitters.catastrophe.net<http://sidesplitters.catastrophe.net
> >
> .
> 202 IN PTR ispfh-lv3.gw.nxio.us <http://ispfh-lv3.gw.nxio.us>.
> 
> And in my named.conf....
> 
> view "external" in {
> match-clients { any; };
> recursion no;
> additional-from-auth no;
> additional-from-cache no;
> 
> zone "243.227.207.in-addr.arpa" in {
> type master;
> file "master/243.227.207.in-addr.arpa";
> allow-query { public; };
> allow-transfer { dnsslave4; dnsslave6; };
>
> [snip other zones]
> };
> 
> So that isn't correct?

	No.  You have been delegated 193.243.227.207.IN-ADDR.ARPA
	to 207.243.227.207.IN-ADDR.ARPA individually.  You need to
	have a zone even for the addresses without names yet.

zone "193.243.227.207.in-addr.arpa" {
	type master;
	file "master/193.243.227.207.in-addr.arpa";
};

193.243.227.207.in-addr.arpa:
$TTL 7200
@ SOA ns1.nxio.us. root.nxio.us. ....
@ NS ns1.nxio.us.
@ PTR ictus.catastrophe.net.

zone "206.243.227.207.in-addr.arpa" {
	type master;
	file "master/206.243.227.207.in-addr.arpa";
};

206.243.227.207.in-addr.arpa:
$TTL 7200
@ SOA ns1.nxio.us. root.nxio.us. ....
@ NS ns1.nxio.us.

	Also you need to agree on the name of your nameserver.

		A.NS.NXIO.US vs NS1.NXIO.US

	It should be the same in the parent and child zones.

> I also get lame server notices for
> 
> Sep 13 01:05:49 ns1 named[14452]: lame server resolving
> 'ictus.nxio.us<http://ictus.nxio.us>'
> (in 'nx
> io.us <http://io.us>'?): 2001:4830:2280::53#53
> Sep 13 01:17:41 ns1 named[14452]: lame server resolving
> 'ns1.nxio.us<http://ns1.nxio.us>'
> (in 'nxio
> .us'?): 2001:4830:2280::53#53
> Sep 13 01:17:41 ns1 named[14452]: lame server resolving
> 'ns1.nxio.us<http://ns1.nxio.us>'
> (in 'nxio
> .us'?): 207.227.243.194#53
> 
> to name a few. All I have in my "internal" view is my recursive resolver for 
> lookups on the server, and the "external" view has all of my zones. All 
> zones have good glue as far as I can tell. I'm hitting a wall in my 
> knowledge here -- if you can suggest anything, I'll try!
> 
> Thanks.
> 
> - Eric
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list