Wits end

Bob Hoffman bob at bobhoffman.com
Fri Apr 18 17:35:18 UTC 2008


Well, after a two dayer on it...Got it. 
Bind was never the problem.

My previous posts earlier this month and with the people who I got involved
all kind of blew off the resolv.conf file. I kept asking about its
importance and whether it was right. They all brushed it aside.

Bind was fine, bind was great the 200 ways I did it. But the resolution of a
webserver deals with the resolv.conf and not bind. However, to a newbie, the
books do not make that very plain or clear. In my experience, I would say
the server resolving itself is the most important aspect of the whole dns.
Without it, you cannot do much.

I had added my nameserver ip to resolv and nothing else. So the server was
not resolving itself (127.0.0.1) and all that. Luckily two people last night
finally said 'hey, did you check your resolv? One even said he bet the 'time
out' was about 30 seconds (it was) and it was due to resolv. At the same
time as those mails came in I installed 'caching-nameserver rpm' and it
rewrote my resolv.conf making it work.

I know resolv and hosts and stuff like that are not part of the bind
package. Most texts gloss over or completely ignore just how important it is
probably figuring a DNS book would cover it. And the DNS books just gloss
over it a bit but do not go into much detail assuming other texts like
apache and linux would go over it.

Well...the first thing I would do in a debug is look at local host
resolution before anything else. Once that is out of the way I would check
for internet connection issues and disable firewall to make sure nothing is
stopping it (or just check firewall tables).
Then I would go over bind and look for errors and such. If bind does not
show errors (which mine never did unless I was playing with it) it most
likely IS NOT bind that is at issue, it is probably resolv (as my issue was
resolution).

So....I got the resolv file doen properly now dns is fine. Lou helped to
make sure it was right on and that is it.

One writer said that he knew the problem immediately, so I am sharing it
with everyone. If you try to resolve something using dig or wget or
whatever, and bind is not causing errors, yet the cursor just sorta hangs
for a bit and then says time out...usually about 30 seconds...it is not
bind, it is a local resolution problem (assuming you have tried other sites
too and you can connect to internet.)

SO you people reading. Bind is pretty easy actually (I know everything about
it now...lol), it is the set up of files outside of bind that you need to
worry about first. Resolv, hosts, and just making sure, even with named off,
that your local host resolves itself fine. This is something you should do
first and foremost. After you get it resolving right, then turn on named and
play with it.

And never, never hire someone to make it work unless they are willing to go
over that first. In fact, I would ask them some of the steps they would go
through in setting up your bind or debugging it. If they do not even mention
localhost resolution or checking stuff like that out, just do not hire them.

I find bind/dns, host resolution, nameservers in general, and the whole kit
and kaboodle is such a wide field that it is hard for people to even
understand your question sometimes. A person can be able to hook 500
computers together in network and do it quick and well but not know the
first thing about how nameservers/bind deal with email related resolve
issues. I found people who could probably decompile and add functions to
bind, but could not tell you the first thing about how recursion and dns on
the same server works.

The field of what is done with a computer server and how resolution
interacts with various programs and ways of configuring is so vast. And for
each 'way of doing things' you are attempting, you will find people
completley against it and call you crazy, people who do not understand what
you want to do and call you nuts, and rarely find someone that is actually
good at that particular field of it.

It was a trial for sure. But after having read the books back to front a few
times I think I pretty much know bind well...it was the non-bind that got
me.

Remember, make sure hsot resolves itself before wasting time (and money) on
bind. Someone should add that to the text books. In big red letters. 

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Mark Elkins
> Sent: Friday, April 18, 2008 3:10 AM
> To: bind-users at isc.org
> Subject: Re: Wits end
> 
> 
> On Thu, 2008-04-17 at 17:03 -0400, Bob Hoffman wrote:
> > Okay, so I tried offering up to 50 dollars an hour to help 
> me set up a 
> > simple nameserver, but no takers.
> > 
> > I really need some help. My first time doing it.
> 
> In all the replies so far - no one suggested running Bind in 
> Debug mode.. (ie - with '-g' )
> 
> Start up bind (if its not already running).
> 
> Find out its command line...
> 
> (ps ax | grep named)
> I get "/usr/sbin/named -u named -n 1"
> 
> Kill the process and restart with the original command but 
> add the "-g"
> flag .. ie   /usr/sbin/named -u named -n 1 -g (in my case)
> 
> Now all logging (and errors) come to the screen. Queries 
> should also show.
> 
> Not fixing the problem - but may indicate the problem - wrong 
> filename - etc.
> -- 
>   .  .     ___. .__      Posix Systems - Sth Africa
>  /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, Cisco CCIE
> / |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496



More information about the bind-users mailing list