nslookup/dig question

John Wingenbach bind at wingenbach.org
Wed Jan 25 15:20:10 UTC 2012


You "copied over the zone files".  However, the bind 9 server is 
responding with NXDOMAIN.  It appears to me that the server does not 
believe it is authoritative for the zone.  Verify that the server indeed 
believes it is (look at the logs on startup).  Take a look at your named 
configuration to make sure you are properly including the zone file into 
the configuration.


On 1/25/2012 2:31 AM, JeanPaul Thomsin wrote:
>
> All,
>
> Have two servers. One has BIND8, the other BIND9.
>
> Copied over the zone files from the BIND8 server to the BIND9 server, 
> so they are identical.
>
> Updated the /etc/resolv.conf file and the named.conf file.
>
> When I do an nslookup (from a third server) pointing to the BIND8 
> server, it works fine:
>
> # nslookup
> > server 10.179.193.6
> Default server: 10.179.193.6
> Address: 10.179.193.6#53
> > set debug=all
> > 10.16.42.61
> Server:         10.179.193.6
> Address:        10.179.193.6#53
>
> ------------
>     QUESTIONS:
>         61.42.16.10.in-addr.arpa, type = PTR, class = IN
>     ANSWERS:
>     ->  61.42.16.10.in-addr.arpa
>         name = ama552D.example.com.
>         ttl = 86400
>     AUTHORITY RECORDS:
>     ->  42.16.10.in-addr.arpa
>         nameserver = abby.example.com.
>         ttl = 86400
>     ADDITIONAL RECORDS:
>     ->  abby.example.com
>         internet address = 10.179.193.6
>         ttl = 86400
> ------------
> 61.42.16.10.in-addr.arpa       name = ama552D.example.com.
>
> #
>
> When I do the same pointing to the BIND9 server, it doesn't work:
>
> # nslookup
> > server 10.179.221.13
> Default server: 10.179.221.13
> Address: 10.179.221.13#53
>
> > set debug=all
> > 10.16.42.61
> Server:         10.179.221.13
> Address:        10.179.221.13#53
>
> ------------
>     QUESTIONS:
>         61.42.16.10.in-addr.arpa, type = PTR, class = IN
>     ANSWERS:
>     AUTHORITY RECORDS:
>     ->  16.10.in-addr.arpa
>         origin = prisoner.abc.org
>         mail addr = hostmaster.root-servers.org
>         serial = 2002040800
>         refresh = 1800
>         retry = 900
>         expire = 604800
>         minimum = 604800
>         ttl = 10608
>     ADDITIONAL RECORDS:
> ------------
> ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN
> Server:         10.179.221.13
> Address:        10.179.221.13#53
>
> ------------
>     QUESTIONS:
>         61.42.16.10.in-addr.arpa, type = PTR, class = IN
>     ANSWERS:
>     AUTHORITY RECORDS:
>     ->  16.10.in-addr.arpa
>         origin = prisoner.abc.org
>         mail addr = hostmaster.root-servers.org
>         serial = 2002040800
>         refresh = 1800
>         retry = 900
>         expire = 604800
>         minimum = 604800
>         ttl = 10608
>     ADDITIONAL RECORDS:
> ------------
> ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN
>
> > ama552d.example.com
> Server:         10.179.221.13
> Address:        10.179.221.13#53
>
> ------------
>     QUESTIONS:
>         ama552d.example.com, type = A, class = IN
>     ANSWERS:
>     AUTHORITY RECORDS:
>     ->  example.com
>         origin = monty.example.com
>         mail addr = admin.example.com
>         serial = 134
>         refresh = 900
>         retry = 600
>         expire = 86400
>         minimum = 3600
>         ttl = 2991
>     ADDITIONAL RECORDS:
> ------------
> ** server can't find ama552d.example.com: NXDOMAIN
> Server:         10.179.221.13
> Address:        10.179.221.13#53
>
> ------------
>     QUESTIONS:
>         ama552d.example.com.example.com, type = A, class = IN
>     ANSWERS:
>     AUTHORITY RECORDS:
>     ->  example.com
>         origin = monty.example.com
>         mail addr = admin.example.com
>         serial = 134
>         refresh = 900
>         retry = 600
>         expire = 86400
>         minimum = 3600
>         ttl = 3558
>     ADDITIONAL RECORDS:
> ------------
> ** server can't find ama552d.example.com: NXDOMAIN
>
> Also did a dig pointing to the BIND8 server:
>
> # dig @10.179.193.6 ama552d.example.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44601
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;ama552d.example.com.           IN      A
>
> ;; ANSWER SECTION:
> ama552d.example.com.    86400   IN      A       10.16.42.61
>
> ;; AUTHORITY SECTION:
> example.com.              86400   IN      NS      maggi.example.com.
> example.com.              86400   IN      NS      abby.example.com.
>
> ;; ADDITIONAL SECTION:
> abby.example.com.      86400   IN      A       10.179.193.6
> maggi.example.com.     86400   IN      A       10.179.196.38
>
> ;; Query time: 2 msec
> ;; SERVER: 10.179.193.6#53(10.179.193.6)
> ;; WHEN: Tue Jan 24 16:51:14 2012
> ;; MSG SIZE  rcvd: 130
>
> #
>
> On BIND 9 server, get the following:
>
> > [root at maggitemp sec_qip]# dig @10.179.221.13 ama552d.example.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12521
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ama552d.example.com.           IN      A
>
> ;; AUTHORITY SECTION:
> example.com.              2596    IN      SOA     monty.example.com. 
> admin.example.com. 134 900 600 86400 3600
>
> ;; Query time: 15 msec
> ;; SERVER: 10.179.221.13#53(10.179.221.13)
> ;; WHEN: Tue Jan 24 17:13:18 2012
> ;; MSG SIZE  rcvd: 88
>
> #
>
> Any idea why the query to the BIND9 server  would not work?
>
> What should i look for?
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120125/8eaa35ed/attachment.html>


More information about the bind-users mailing list