Server Not Authoratative
Mark Andrews
Mark_Andrews at isc.org
Tue Sep 13 07:18:36 UTC 2005
> Hi Mark, thanks for the reply.
> On 9/13/05, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> Named doesn't care about CNAMEs pointing to CNAMEs. You
> > have misdiagnosed the problem.
>
>
>
> Hmm, well what I know is that I was getting this in my logs...
>
> Sep 13 00:30:21 ns1 named[6004]: dns_master_load: master/catastrophe.net:49:
> ni
> ne.catastrophe.net <http://ne.catastrophe.net>: CNAME and other data
> Sep 13 00:30:21 ns1 named[6004]: zone
> catastrophe.net/IN/external<http://catastrophe.net/IN/external>:
> loading mast
> er file master/catastrophe.net: CNAME and other data
>
> So, just testing, I removed the following...
>
> mickey IN CNAME accatag.dyndns.org <http://accatag.dyndns.org>
>
> and things started working without that error above. That was the only
> reference to a CNAME in my zone.
It started working because mickey had some other data. You
could have removed the other data and got it working as well.
From RFC 1034.
If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different. This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.
> 227.207.in-addr.arpa. 86400 IN NS ns2.level3.net <http://ns2.level3.net>.
> > 227.207.in-addr.arpa. 86400 IN NS ns1.level3.net <http://ns1.level3.net>.
> > ;; Received 92 bytes from 192.41.162.32#53(epazote.ARIN.NET<http://epazote.
> ARIN.NET>)
> > in 215 ms
> >
> > 243.227.207.in-addr.arpa. 86400 IN NS pulmonary.ispfh.org<http://pulmonary.
> ispfh.org>
> > .
> > 243.227.207.in-addr.arpa. 86400 IN NS peabody.cultural.com<http://peabody.c
> ultural.com>
> > .
> > ;; Received 145 bytes from 209.244.0.2#53(ns2.level3.net<http://ns2.level3.
> net>)
> > in 167 ms
> >
> > 195.243.227.207.in-addr.arpa. 86400 IN NS A.NS.NXIO.US<http://A.NS.NXIO.US>
> > .
> > ;; Received 88 bytes from 207.227.240.1#53(pulmonary.ispfh.org<http://pulmo
> nary.ispfh.org>)
> > in 1032 ms
> >
> > 195.243.227.207.in-addr.arpa. 7200 IN PTR a.mx.nxio.us<http://a.mx.nxio.us>
> > .
> > 243.227.207.in-addr.arpa. 7200 IN NS ns1.nxio.us <http://ns1.nxio.us>.
> > ;; Received 90 bytes from 2001:4830:2280::53#53(A.NS.NXIO.US<http://A.NS.NX
> IO.US>)
> > in 244 ms
> >
> > Well A.NS.NXIO.US <http://A.NS.NXIO.US> is supposed to be serving
> > 195.243.227.207.IN-ADDR.ARPA acording to PULMONARY.ISPFH.ORG<http://PULMONA
> RY.ISPFH.ORG>
> > but is not configured to serve it based on the last answer
> > above. Instead it is serving 243.227.207.IN-ADDR.ARPA.
>
> Thanks for the diagnosis. Here's my zone...
>
> $TTL 2h ; default ttl
> @ IN SOA ns1.nxio.us <http://ns1.nxio.us>. root.nxio.us<http://root.nxio.us>.
Turn off the stupid option that stuffs a URL after everything
that looks like a hostname in your MUA. All it does is make the
message hard to read especially on this list where there are
lots of domain names in examples.
> (
> 2005051802 ; se = serial number
> 3h ; ref = refresh
> 15m ; ret = update retry
> 3w ; ex = expiry
> 3h ) ; min = minimum
> IN NS ns1.nxio.us <http://ns1.nxio.us>.
> 193 IN PTR ictus.catastrophe.net <http://ictus.catastrophe.net>.
> 194 IN PTR ns1.nxio.us <http://ns1.nxio.us>.
> 195 IN PTR a.mx.nxio.us <http://a.mx.nxio.us>.
> 197 IN PTR sidesplitters.catastrophe.net<http://sidesplitters.catastrophe.net
> >
> .
> 202 IN PTR ispfh-lv3.gw.nxio.us <http://ispfh-lv3.gw.nxio.us>.
>
> And in my named.conf....
>
> view "external" in {
> match-clients { any; };
> recursion no;
> additional-from-auth no;
> additional-from-cache no;
>
> zone "243.227.207.in-addr.arpa" in {
> type master;
> file "master/243.227.207.in-addr.arpa";
> allow-query { public; };
> allow-transfer { dnsslave4; dnsslave6; };
>
> [snip other zones]
> };
>
> So that isn't correct?
No. You have been delegated 193.243.227.207.IN-ADDR.ARPA
to 207.243.227.207.IN-ADDR.ARPA individually. You need to
have a zone even for the addresses without names yet.
zone "193.243.227.207.in-addr.arpa" {
type master;
file "master/193.243.227.207.in-addr.arpa";
};
193.243.227.207.in-addr.arpa:
$TTL 7200
@ SOA ns1.nxio.us. root.nxio.us. ....
@ NS ns1.nxio.us.
@ PTR ictus.catastrophe.net.
zone "206.243.227.207.in-addr.arpa" {
type master;
file "master/206.243.227.207.in-addr.arpa";
};
206.243.227.207.in-addr.arpa:
$TTL 7200
@ SOA ns1.nxio.us. root.nxio.us. ....
@ NS ns1.nxio.us.
Also you need to agree on the name of your nameserver.
A.NS.NXIO.US vs NS1.NXIO.US
It should be the same in the parent and child zones.
> I also get lame server notices for
>
> Sep 13 01:05:49 ns1 named[14452]: lame server resolving
> 'ictus.nxio.us<http://ictus.nxio.us>'
> (in 'nx
> io.us <http://io.us>'?): 2001:4830:2280::53#53
> Sep 13 01:17:41 ns1 named[14452]: lame server resolving
> 'ns1.nxio.us<http://ns1.nxio.us>'
> (in 'nxio
> .us'?): 2001:4830:2280::53#53
> Sep 13 01:17:41 ns1 named[14452]: lame server resolving
> 'ns1.nxio.us<http://ns1.nxio.us>'
> (in 'nxio
> .us'?): 207.227.243.194#53
>
> to name a few. All I have in my "internal" view is my recursive resolver for
> lookups on the server, and the "external" view has all of my zones. All
> zones have good glue as far as I can tell. I'm hitting a wall in my
> knowledge here -- if you can suggest anything, I'll try!
>
> Thanks.
>
> - Eric
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list