Zone File IP address/Hostname

Kevin Darcy kcd at chrysler.com
Tue Apr 5 20:47:08 UTC 2011 

Mistake #1: looking up something using a shortname. Apparently 
"rac2.local" is not in your stub resolver's local search list. Always 
use fully-qualified domain names (FQDNs) for client lookups, and educate 
your users to do so also. Using FQDNs is the most efficient, least 
ambiguous, and easiest-to-troubleshoot form of resource lookup from DNS.
Mistake #2: trying to troubleshoot DNS using nslookup. With its default 
output format, nslookup is hiding all of its disgusting suffixing 
behavior from your eyes, thus leaving you in the dark as to what the 
problem is. Consider using a real DNS troubleshooting tool like "dig", 
which doesn't do suffixing garbage (it looks up exactly what you ask it 
to look up, nothing more, nothing less), and with its default output 
format, shows you the full DNS response from the nameserver
Mistake #3: the "connection timed out" error from nslookup implies that 
one of the names it tried to look up (either "rac2-scan" appended with 
some arbitrary suffix from your searchlist, or "rac2-scan" as a *root* 
name), ended up in a part of the namespace that your DNS infrastructure 
can't resolve at all. Most likely you have no direct connectivity to the 
Internet, yet you have neglected to set up your own internal root zone. 
So, your DNS infrastructure tries to go out and talk to the Internet 
root nameservers, and beats its head bloody on your firewalls and/or 
your routers and/or whatever, futilely trying to get response. Hence the 
timeout. I'm surprised your firewall guys haven't complained to you yet 
about all of the log noise you've been generating.
Mistake #4: from the logs below, it appears that you have no A or AAAA 
records associated with the targets of certain NS records -- with a 
first label of "apple" -- in each of several zones. Either change the 
targets of those NS records to a fully-qualified name (instead of just 
"apple"), or supply the A/AAAA records of apple.<zone> in each of those 
zone files so that they are internally complete. This appears to be 
another symptom of shortname-itis. Please learn the contexts in which 
shortnames work, and the contexts in which they do not, or where extra 
work is required to make them work. The safest thing is to always use 
FQDNs, as suggested above.

                                                                         
                                                                         
                             - Kevin

On 4/1/2011 9:09 AM, Tony MacDoodle wrote:
> I think it's something with one of the zone files, here is what I get....
>
> nslookup rac-scan
> Server:         xxx.xxx.xxx.xxx
> Address:        xxx.xxx.xxx.xxx#53
>
> Name:   rac-scan.rac.local
> Address: xxx.xxx.xxx.xxx
> Name:   rac-scan.rac.local
> Address: xxx.xxx.xxx.xxx
> Name:   rac-scan.rac.local
> Address: xxx.xxx.xxx.xxx
>
> root:jabba:~# nslookup rac2-scan
> ;; connection timed out; no servers could be reached
>
>
>
> /var/adm/messages
> Apr  1 09:05:16 apple named[1695]: [ID 873579 daemon.info 
> <http://daemon.info>] shutting down
> Apr  1 09:05:16 apple named[1695]: [ID 873579 daemon.notice] stopping 
> command channel on 127.0.0.1#953
> Apr  1 09:05:16 apple named[1695]: [ID 873579 daemon.info 
> <http://daemon.info>] no longer listening on 127.0.0.1#53
> Apr  1 09:05:16 apple named[1695]: [ID 873579 daemon.info 
> <http://daemon.info>] no longer listening on xxx.xxx.xxx.24#53
> Apr  1 09:05:16 apple named[1695]: [ID 873579 daemon.notice] exiting
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.notice] starting 
> BIND 9.6.1-P3 -4
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.notice] built 
> with --prefix=/usr --with-libtool --bindir=/usr/sbin 
> --sbindir=/usr/sbin --libdir=/usr/lib/dns --sysconfdir=/etc 
> --localstatedir=/var --with-openssl=/usr/sfw --enable-threads=yes 
> --enable-devpoll=yes --enable-fixed-rrset 
> --disable-openssl-version-check -DNS_RUN_PID_DIR=0
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] found 8 CPUs, using 8 worker threads
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] using up to 4096 sockets
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] loading configuration from '/etc/named.conf'
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] using default UDP/IPv4 port range: [1024, 65535]
> Apr  1 09:05:16 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] using default UDP/IPv6 port range: [1024, 65535]
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] no IPv6 interfaces found
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] listening on IPv4 interface lo0, 127.0.0.1#53
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] listening on IPv4 interface vnet0:1, 
> xxx.xxx.xxx.24#53
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 0.IN-ADDR.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 127.IN-ADDR.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 254.169.IN-ADDR.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 2.0.192.IN-ADDR.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: D.F.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 8.E.F.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: 9.E.F.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: A.E.F.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] automatic empty zone: B.E.F.IP6.ARPA
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.notice] command 
> channel listening on 127.0.0.1#953
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone 
> xxx.10.10.in-addr.arpa/IN: NS 'apple.xxx.10.10.in-addr.arpa' has no 
> address records (A or AAAA)
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] zone xxx.10.10.in-addr.arpa/IN: loaded serial 1
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone 
> xxx.10.10.in-addr.arpa/IN: NS 'apple.xxx.10.10.in-addr.arpa' has no 
> address records (A or AAAA)
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] zone xxx.10.10.in-addr.arpa/IN: loaded serial 1
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone 
> 0.0.127.in-addr.arpa/IN: NS 'apple.0.0.127.in-addr.arpa' has no 
> address records (A or AAAA)
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] zone 0.0.127.in-addr.arpa/IN: loaded serial 1
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone 
> rac.local/IN: NS 'apple.rac.local' has no address records (A or AAAA)
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] zone rac.local/IN: loaded serial 2
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone 
> rac2.local/IN: NS 'apple.rac2.local' has no address records (A or AAAA)
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.info 
> <http://daemon.info>] zone rac2.local/IN: loaded serial 3
> Apr  1 09:05:17 apple named[1715]: [ID 873579 daemon.notice] running
>
>
> Thanks
> On Fri, Apr 1, 2011 at 2:10 AM, Torinthiel <torinthiel at data.pl 
> <mailto:torinthiel at data.pl>> wrote:
>
>     On 04/01/11 03:47, Tony MacDoodle wrote:
>     > Hello,
>     >
>     > I am trying to configure 2 different domains on one host that
>     only has
>     > one physical interface plummed.
>     >
>     > I think I have an errorthat I list the hostname of the interface
>     in both
>     > zone files as below and this might be why I can't resolve
>     properly. Do
>     > you see any mistakes in the files below?
>     > The only active interface is 192.168.5.5
>
>     and you can't resolve properly from where? From localhost? That's
>     probably because you've configured BIND to only listen on external
>     address, not the local one. In this config (listen-on {
>     192.168.5.5; };)
>     it won't accept local queries, as these come to 127.0.0.1.
>
>     But from other box command
>     dig rac-scan.rac.local @192.168.5.5 <http://192.168.5.5> should work.
>
>     Are there any relevant messages in logs? What are the error
>     messages/results when you try to resolve? How you test if
>     resolution works?
>
>     Having bind run multiple zones is absolutely normal, and there are no
>     reasons to require more than one IP address with that.
>     Torinthiel
>
>
>     >
>     > root:/var/named# cat named.conf
>     > options {
>     >         listen-on-v6 { none; };
>     >         listen-on { 192.168.5.5; };
>     >         directory "/var/named";
>     > };
>     > zone "0.0.127.in-addr.arpa" {
>     > type master;
>     > file "db.127.0.0";
>     > };
>     > zone "rac.local" {
>     > type master;
>     > file "db.rac";
>     > };
>     > zone "rac2.local" {
>     > type master;
>     > file "db.rac2";
>     > };
>     > zone "10.168.192.in-addr.arpa" {
>     > type master;
>     > file "db.192.168.10";
>     > };
>     > zone "20.168.192.in-addr.arpa" {
>     > type master;
>     > file "db.192.168.20";
>     > };
>     >
>     > root:jedi:/var/named# cat db.rac
>     > $TTL 86400
>     > @       SOA     jedi root ( 2 10800 3600 604800 600 )
>     >         NS      jedi
>     > localhost               A       127.0.0.1
>     > rac-scan                A       xxx.xxx.xxx.xxx
>     >                         A       xxx.xxx.xxx.xxx
>     >                         A       xxx.xxx.xxx.xxx
>     >                         MX      10 rac-scan
>     >
>     > root:jedi:/var/named# cat db.rac2
>     > $TTL 86400
>     > @       SOA     jedi root ( 3 10800 3600 604800 600 )
>     >         NS      jedi
>     > localhost               A       127.0.0.1
>     > rac2-scan               A       xxx.xxx.xxx.xxx
>     >                         A       xxx.xxx.xxx.xxx
>     >                         A       xxx.xxx.xxx.xxx
>     >                         MX      10 rac2-scan
>
>
>     _______________________________________________
>     bind-users mailing list
>     bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110405/689a1cd1/attachment.html>

More information about the bind-users mailing list