DNS Catastrophic Failure
Kevin Darcy
kcd at daimlerchrysler.com
Tue Mar 14 21:38:56 UTC 2006
Eric,
It's not clear to me what the symptoms of your problem are. Is
it that DNS *resolution* for your own local clients is not working, that
DNS *hosting* of your domains to the Internet-at-large is not working,
or some combination of the two?
- Kevin
Eric Ray wrote:
>Help! We recently moved our primary BIND 9.x DNS server from one ISP to
>another. This server is the master zone server for all of my domains
>(500-1,000). I also have two secondary name servers as well. When we
>moved the primary server, DNS almost came to a grinding halt. I know
>that some queries were going through, but not an acceptable rate. We
>are a Voice over IP company and obviously depend on DNS heavily. I am
>attaching the configuration files of the master (ns3) and one of the
>secondary (ns2). I also am attaching zone files for the primary domain
>preferreddesigns.com. It serves as the SOA and NS records for the other
>domains. Please help! Thanks.
>
>
>Snippet of named.conf on ns2 (secondary):
>
>
>
>options {
>
> directory "/var/named";
>
> /*
>
> * If there is a firewall between you and nameservers you want
>
> * to talk to, you might need to uncomment the query-source
>
> * directive below. Previous versions of BIND always asked
>
> * questions using port 53, but BIND 8.1 uses an unprivileged
>
> * port by default.
>
> */
>
> // query-source address * port 53;
>
>recursion yes;
>
>};
>
>
>
>//
>
>// a caching only nameserver config
>
>//
>
>controls {
>
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>
>};
>
>zone "." IN {
>
> type hint;
>
> file "named.ca";
>
>};
>
>
>
>zone "localhost" IN {
>
> type master;
>
> file "localhost.zone";
>
> allow-update { none; };
>
>};
>
>
>
>zone "0.0.127.in-addr.arpa" IN {
>
> type master;
>
> file "named.local";
>
> allow-update { none; };
>
>};
>
>zone "1staugusta.com" IN {
>
> type slave;
>
> file "/var/named/1staugusta.com.dns";
>
> masters {216.104.149.101;};
>
> };
>
>
>
>
>
>zone "240.180.206.in-addr.arpa" {
>
> type slave;
>
> file "secondary/240.180.206.in-addr.arpa.dns";
>
> masters {216.104.149.101;};
>
> };
>
>
>
>zone "241.180.206.in-addr.arpa" {
>
> type slave;
>
> file "secondary/241.180.206.in-addr.arpa.dns";
>
> masters {216.104.149.101;};
>
> };
>
>
>
>zone "242.180.206.in-addr.arpa" {
>
> type slave;
>
> file "secondary/242.180.206.in-addr.arpa.dns";
>
> masters {216.104.149.101;};
>
> };
>
>
>
>zone "245.180.206.in-addr.arpa" {
>
> type slave;
>
> file "secondary/245.180.206.in-addr.arpa.dns";
>
> masters {216.104.149.101;};
>
> };
>
>
>
>
>
>zone "250.180.206.in-addr.arpa" {
>
> type slave;
>
> file "250.180.206.in-addr.arpa.dns";
>
> masters {
>
> 216.104.149.101;
>
> };
>
> };
>
>
>
>zone "2kmarchitects.com" IN {
>
> type slave;
>
> file "/var/named/2kmarchitects.com.dns";
>
> masters {216.104.149.101;}; options {
>
> directory "/var/named";
>
>
>
>
>
>Snipet of ns3 (primary):
>
>
>
> /*
>
> * If there is a firewall between you and nameservers you want
>
> * to talk to, you might need to uncomment the query-source
>
> * directive below. Previous versions of BIND always asked
>
> * questions using port 53, but BIND 8.1 uses an unprivileged
>
> * port by default.
>
> */
>
> // query-source address * port 53;
>
>recursion no;
>
>statistics-file "/var/named/ns3stats";
>
>};
>
>
>
>
>
>//
>
>// a caching only nameserver config
>
>//
>
>controls {
>
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>
>};
>
>zone "localhost" IN {
>
> type master;
>
> file "localhost.zone";
>
> allow-update { none; };
>
>};
>
>
>
>zone "0.0.127.in-addr.arpa" IN {
>
> type master;
>
> file "named.local";
>
> allow-update { none; };
>
>};
>
>zone "1staugusta.com" IN {
>
> type master;
>
> file "/var/named/1staugusta.com.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "149.104.216.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/149.104.216.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.128.0/24; };
>
> };
>
>
>
>zone "240.180.206.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/240.180.206.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "241.180.206.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/241.180.206.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "242.180.206.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/242.180.206.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "245.180.206.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/245.180.206.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "249.180.206.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/249.180.206.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "250.180.206.in-addr.arpa" IN {
>
> type master;
>
> file "/var/named/250.180.206.in-addr.arpa.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "2kmarchitects.com" IN {
>
> type master;
>
> file "/var/named/2kmarchitects.com.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>zone "401kanalytics.com" IN {
>
> type master;
>
> file "/var/named/401kanalytics.com.dns";
>
> allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
>216.104.149.0/24; };
>
> };
>
>
>
>
>
> };
>
>
>
>
>
>Snipet of domain preferreddesigns.com:
>
>
>
>@ IN SOA ns3.preferreddesigns.com.
>administrator.preferreddesigns.com. (
>
> 93
>
> 900
>
> 600
>
> 86400
>
> 3600 )
>
>
>
>;
>
>; Zone NS records
>
>;
>
>
>
>@ NS ns2.preferreddesigns.com.
>
>@ NS ns3.preferreddesigns.com.
>
>@ NS ns4.preferreddesigns.com.
>
>
>
>;
>
>; Zone records
>
>;
>
>
>
>@ A 216.104.149.67
>
>@ MX 5 smtp.accessonetech.com.
>
>@ MX 5 smtp2.accessonetech.com.
>
>anne A 216.104.149.116
>
>anne2 A 216.104.149.117
>
>cache1 A 206.180.240.118
>
>cache2 A 206.180.240.119
>
>christine A 216.104.149.115
>
>hiab A 206.180.240.16
>
>larry A 206.180.245.1
>
>larrylinux A 206.180.245.1
>
>
>
>
>
>
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list