BIND 9.4.3-P2 doesn't delegate zone!
Яцко Эллад Геннадьевич
eyatsko at ngs.ru
Sat Apr 2 17:05:15 UTC 2011
Dear Phil!
What did you mean saying: "Are you sure you've reloaded
the zone? " Did you mean do I "rndc reload
united-networks.ru in internal" - Yes! I don't remember,
did I change serial every time I changed zone-file. But
now I did all the things required. I changed serial, I
reloaded zone, I even restarted named its own! :-) There
is the following effect (from viewpoint of 172.16.77.11):
C:\Program Files\Far2>nslookup
srvmain.domain.united-networks.ru. 172.16.77.1
╤хЁтхЁ: srvgate-msk.runoguy.ru
Address: 172.16.77.1
╚ь : srvmain.domain.united-networks.ru
Address: 172.16.77.2
C:\Program Files\Far2>
NAMED knows its address itself:
19611.924018 172.16.77.11 -> 172.16.77.1 DNS Standard
query PTR 1.77.16.172.in-addr.arpa
19611.924375 172.16.77.1 -> 172.16.77.11 DNS Standard
query response PTR srvgate-msk.runoguy.ru
19611.926342 172.16.77.11 -> 172.16.77.1 DNS Standard
query A srvmain.domain.united-networks.ru
19611.926516 172.16.77.1 -> 172.16.77.11 DNS Standard
query response A 172.16.77.2
19611.927755 172.16.77.11 -> 172.16.77.1 DNS Standard
query AAAA srvmain.domain.united-networks.ru
19611.927895 172.16.77.1 -> 172.16.77.11 DNS Standard
query response
But the next is courious:
C:\Program Files\Far2>nslookup domain.united-networks.ru.
172.16.77.1
╤хЁтхЁ: srvgate-msk.runoguy.ru
Address: 172.16.77.1
╚ь : domain.united-networks.ru
C:\Program Files\Far2>
And:
19664.732793 172.16.77.11 -> 172.16.77.1 DNS Standard
query PTR 1.77.16.172.in-addr.arpa
19664.733079 172.16.77.1 -> 172.16.77.11 DNS Standard
query response PTR srvgate-msk.runoguy.ru
19664.739041 172.16.77.11 -> 172.16.77.1 DNS Standard
query A domain.united-networks.ru
19664.739441 172.16.77.1 -> 172.16.77.11 DNS Standard
query response
19664.741088 172.16.77.11 -> 172.16.77.1 DNS Standard
query AAAA domain.united-networks.ru
19664.741265 172.16.77.1 -> 172.16.77.11 DNS Standard
query response
Andwhen I tried to look up existing hostname from
domain.united-networks.ru:
C:\Program Files\Far2>nslookup
main.domain.united-networks.ru. 172.16.77.1
╤хЁтхЁ: srvgate-msk.runoguy.ru
Address: 172.16.77.1
*** srvgate-msk.runoguy.ru cannot find
main.domain.united-networks.ru.: Non-existent domain
C:\Program Files\Far2>
↑
I see in thsark's output the following:
19167.908192 172.16.77.11 -> 172.16.77.1 DNS Standard
query PTR 1.77.16.172.in-addr.arpa
19167.908505 172.16.77.1 -> 172.16.77.11 DNS Standard
query response PTR srvgate-msk.runoguy.ru
19167.910291 172.16.77.11 -> 172.16.77.1 DNS Standard
query A main.domain.united-networks.ru
19167.910439 172.16.77.1 -> 172.16.77.11 DNS Standard
query response, No such name
19167.911593 172.16.77.11 -> 172.16.77.1 DNS Standard
query AAAA main.domain.united-networks.ru
19167.911837 172.16.77.1 -> 172.16.77.11 DNS Standard
query response, No such name
I couldn't see that 172.16.77.1 (srvgate-msk) asks for
"main" 172.16.77.2 (srvmain - recursion allowed)
Here is output of command that you requested:
/etc/namedb> dig +norec @localhost
domain.united-networks.ru. soa
; <<>> DiG 9.4.3-P2 <<>> +norec @localhost
domain.united-networks.ru. soa
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7449
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
ADDITIONAL: 0
;; QUESTION SECTION:
;domain.united-networks.ru. IN SOA
;; AUTHORITY SECTION:
united-networks.ru. 3600 IN SOA
ns1.united-networks.ru. root.united-networks.ru.
2011040213 900 600 86400 3600
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 2 20:32:49 2011
;; MSG SIZE rcvd: 88
/etc/namedb>
At the same time:
/etc/namedb> dig +norec @172.16.77.2
domain.united-networks.ru. soa
; <<>> DiG 9.4.3-P2 <<>> +norec @172.16.77.2
domain.united-networks.ru. soa
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46262
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 1
;; QUESTION SECTION:
;domain.united-networks.ru. IN SOA
;; ANSWER SECTION:
domain.united-networks.ru. 3600 IN SOA
srvmain.domain.united-networks.ru.
hostmaster.domain.runoguy.ru. 28 900 600 86400 3600
;; ADDITIONAL SECTION:
srvmain.domain.united-networks.ru. 3600 IN A
172.16.77.2
;; Query time: 1 msec
;; SERVER: 172.16.77.2#53(172.16.77.2)
;; WHEN: Sat Apr 2 20:34:12 2011
;; MSG SIZE rcvd: 129
/etc/namedb>
I simplified configuration of Bind:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1
2005/09/10 08:27:27 dougb Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and
the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server,
make sure you
// understand the hairy details of how DNS works. Even
with
// simple mistakes, you can break connectivity for
affected parties,
// or cause huge amounts of useless Internet traffic.
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on {
77.37.244.22;
85.21.249.124;
127.0.0.1;
172.16.77.1;
172.17.77.1;
172.31.0.1;
192.168.0.1;
};
forwarders {
77.37.251.33;
85.21.192.3;
};
// query-source address * port 953;
recursion yes;
allow-recursion {0/0;};
};
logging {
channel "default" {
file "/var/log/named.log" versions 2 size
50m;
print-time yes;
print-category yes;
severity debug 90;
};
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.in-addr.arpa";
};
zone "united-networks.ru" {
type master;
file "master/united-networks.ru";
};
zone "77.16.172.in-addr.arpa" {
type slave;
masters {
172.16.77.2;
};
file "slave/77.16.172.in-addr.arpa";
};
zone "." {
type hint;
file "root.hint";
};
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I removed "views" and left only relevant zones.
And:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$TTL 3600
@ IN SOA ns1.united-networks.ru.
root.united-networks.ru. (
2011040213 ; Serial
900 ; Refresh
600 ; Retry
86400 ; Expire
3600 ) ; Minimum
IN NS
ns1.united-networks.ru.
IN MX 10 mx
IN A 172.16.77.1
$ORIGIN domain.united-networks.ru.
IN NS
srvmain.domain.united-networks.ru.
IN A 172.16.77.2
srvmain IN A 172.16.77.2
$ORIGIN united-networks.ru.
ns1 IN A 172.16.77.1
mx IN A 172.16.77.1
c2960 IN A 172.16.77.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I successfully ask for "c2960" for example:
C:\Program Files\Far2>nslookup c2960.united-networks.ru.
172.16.77.1
╤хЁтхЁ: srvgate-msk.runoguy.ru
Address: 172.16.77.1
╚ь : c2960.united-networks.ru
Address: 172.16.77.21
C:\Program Files\Far2>
What's wrong with me (or with it) :-) It is second whole
day is almost over while I struggle..
Kind regards,
Ellad G. Yatsko
> On 04/02/2011 11:44 AM, Яцко Эллад Геннадьевич wrote:
>
>> $ORIGIN domain.united-networks.ru.
>> IN NS srvmain
>> IN A 172.16.77.2
>> srvmain IN A 172.16.77.2
>>
>
> Huh, delegation looks ok. Are you sure you've reloaded the zone?
>
>>
>> I tried to nslookup from 172.16.77.11:
>
> Try a "dig" on the DNS server itself:
>
> dig +norec @localhost domain.united-networks.ru soa
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list