big problem - possibly dns?

Mark Andrews Mark_Andrews at isc.org
Wed Dec 13 00:27:48 UTC 2006 

> We've got a problem here that seems to be DNS related, but I'm not sure. 
>   We have a website http://blackboard.navarrocollege.edu.  Yesterday 
> some people started reporting that they couldn't access the website. 
> Others can access it just fine.
> 
> The problems started when we moved to a gigaman circuit, with a new 
> firewall.

	BIND 9 and BIND 8 support EDNS.  Make sure your firewall
	is configured to support EDNS.  This usually requires
	allowing through larger DNS/UDP packets (up to 4096 bytes
	of payload).  It also means allowing through IP fragments.

	Check your firewall documentation.

> At the same time we began looking at upgrading our DNS 
> server.  Our primary server has been running Bind 4 (yes, I know!). 
> Yesterday I tested a Bind 8 configuration (in preparation for moving up 
> to Bind 9!).  It appeared to be working, except that I had forgotten the 
> CNAME for the server I'm having problems with.

	Why were you re-entering data?  BIND 8 and BIND 9 both read
	the same master files as BIND 4 does.  They are just stricter
	than BIND 4 w.r.t. error in the master files.

>  I switched back to my 
> Bind 4 configuration thinking that we would function as before until I 
> could complete the move to the new Bind.

	Just go straight to BIND 9.
 
> I'm not sure what I should post to help diagnose this.  Below is the 
> primary zone file, and the in-addr.arpa.  Note that we don't normally 
> have TTL set to 900 - we just did that while we were trying to figure 
> out this problem.

	Use $TTL <value> or specify a TTL on the SOA line for the
	default TTL.  MINIMUM is use to specify a negative TTL.
	See RFC 2308

> @       IN      SOA     dns.navarrocollege.edu. 
> root.dns.navarrocollege.edu. (
> 
>                  2006121204      ; Serial Number YYMMDDxxx
>                  900             ; Refresh 2dary
>                  900             ; 2dary retries after ..
>                  604800          ; 2dary says primary is dead after ..
>                  900 )         ; TTL in cache (12 hours) - 30 min (1800)
>                          IN      NS      dns
>                          IN      NS      dns2
> navarrocollege.edu.     IN      MX      10 mailfoundry
> navarrocollege.edu.     IN      A       205.165.189.178
> mollybrown              IN      A       205.165.189.135
> ftp                     IN      CNAME   mollybrown
> astp                    IN      A       205.165.189.139
> webadvisor              IN      CNAME   astp
> testwa                  IN      CNAME   astp
> calendar                IN      CNAME   astp
> ipac                    IN      A       205.165.189.138
> dns                     IN      A       205.165.189.130
> columbia                IN      CNAME   dns
> localhost               IN      A       127.0.0.1
> sts                     IN      A       205.165.189.178
> www                     IN      CNAME   sts
> layout                  IN      CNAME   sts
> foundation              IN      CNAME   sts
> admin                   IN      CNAME   sts
> sbdc                    IN      CNAME   sts
> news                    IN      CNAME   sts
> search                  IN      CNAME   sts
> tour                    IN      CNAME   sts
> collegeday              IN      CNAME   sts
> dns2                    IN      A       205.165.189.183
> apollo16                IN      A       205.165.189.176
> blackboard              IN      CNAME   apollo16
> gemini                  IN      A       205.165.189.182
> mail                    IN      CNAME   gemini
> pop                     IN      CNAME   gemini
> gemini2                 IN      CNAME   gemini
> ldap                    IN      A       205.165.189.180
> mysql                   IN      CNAME   ldap
> test                    IN      A       205.165.189.179
> navnet                  IN      A       205.165.189.185
> catalog                 IN      A       205.165.189.174
> mailfoundry             IN      A       205.165.189.184
> navarrocollege.edu. IN TXT "v=spf1 mx mx:johnwyoung.org 
> mx:dana-holland.com mx:r
> oxanndawson.info mx:roddymcdowall.info ~all"
> gemini.navarrocollege.edu. IN TXT "v=spf1 a -all"
> 
> 
> 
> @       IN     SOA     dns.navarrocollege.edu. 
> root.dns.navarrocollege.edu. (
>                  2006121203      ; Serial Number YYMMDDxxx
>                  900             ; Refresh 2dary
>                  900             ; 2dary retries after ..
>                  604800          ; 2dary says primary is dead after ..
>                  900 )          ; TTL in cache - 30 min
> 189.165.205.IN-ADDR.ARPA.       IN      NS      dns.navarrocollege.edu.
> 189.165.205.IN-ADDR.ARPA.       IN      NS      dns2.navarrocollege.edu.
> 130             IN      PTR     dns.navarrocollege.edu.
> 135             IN      PTR     mollybrown.navarrocollege.edu.
> 138             IN      PTR     ipac.navarrocollege.edu.
> 139             IN      PTR     astp.navarrocollege.edu.
> 178             IN      PTR     sts.navarrocollege.edu.
> 178             IN      PTR     dana-holland.com.
> 178             IN      PTR     johnwyoung.com.
> 178             IN      PTR     johnwyoung.net.
> 178             IN      PTR     johnwyoung.org.
> 178             IN      PTR     johnwyoung.info.
> 178             IN      PTR     dougboyte.com.
> 178             IN      PTR     cookplanetarium.us.
> 178             IN      PTR     cookcenter.us.
> 178             IN      PTR     pearcecollections.us.
> 178             IN      PTR     navarrocollege.org.
> 178             IN      PTR     navarrocollege.info.
> 176             IN      PTR     apollo16.navarrocollege.edu.
> 179             IN      PTR     mercury.navarrocollege.org.
> 183             IN      PTR     dns2.navarrocollege.edu.
> 180             IN      PTR     ldap.navarrocollege.edu.
> 182             IN      PTR     gemini.navarrocollege.edu.
> 184             IN      PTR     mailfoundry.navarrocollege.edu.
> 174             IN      PTR     catalog.navarrocollege.edu.
> 185             IN      PTR     navnet.navarrocollege.edu.
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list