help
RAM MOHAN, Hari Ganesh
hari.rammohan at atos.net
Sat Aug 6 08:07:07 UTC 2016
Hi,
Let me tell about my configuration.
I have two DNS views "softlayer" and "hdq". The softlayer DNS view has only one zone (Marriott.com) and the HDQ has entire set of internal DNS zones. (mi-testq03.pt , mi-testw03.pt ... etc)
Softlayer DNS view has forwarder as loopback. When client (10.224.2.33) querying BIND secondary server 162.130.128.167, The request will fall on softlayer view. As the requested zone not found it will be forwarded to loopback. Now, loopback queries are answered by hdq DNS view. As hdq has requested zone. It will provide answer.
The flow is working for mi-testw03.pt but not working for mi-testq03.pt. I really puzzled with such behaviour.
Some troubleshooting steps followed,
1. Cleared DNS cache on client and Secondary DNS server
2. checked SOA file permission, configuration etc.,
3. Zone transfer is successfully happening from DNS master
4. The issue is not appearing when HDQ DNS view clients are querying for mi-testq03.pt
Configuration files and dig results
named.conf file,
================
view "softlayer" {
match-clients { "softlayer"; "softlayer-slaves"; "lnxd0006" };
forward only;
forwarders { 127.0.0.1; };
zone "." { type hint; file "db.cache"; };
zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0"; };
zone "marriott.com" { type slave; masters { 162.130.122.250 key softlayer_view.tsig; }; file "softlayer/db.marriott"; };
};
view "hdq" {
match-clients { "any"; };
transfer-source 10.224.5.117;
zone "." { type hint; file "db.cache"; };
zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0"; };
zone "marriott.com" { type slave; masters { 162.130.122.250; }; file "hdq/db.marriott"; };
zone "mi-testq03.pt" { type slave; masters { 162.130.122.250; }; file "hdq/db.mi-testq03.pt"; };
zone "mi-testq03.fr" { type slave; masters { 162.130.122.250; }; file "hdq/db.mi-testq03.fr"; };
};
nslookup resutls,
=================
>From softlayer view,
[root at lnxd0006 ~]# nslookup mi-testq03.pt
Server: 162.130.128.167
Address: 162.130.128.167#53
** server can't find mi-testq03.pt: NXDOMAIN
[root at lnxd0006 ~]# nslookup mi-testq03.fr
Server: 162.130.128.167
Address: 162.130.128.167#53
Non-authoritative answer:
Name: mi-testq03.fr
Address: 10.224.8.221
dig resutls,
============
[dns at lnxd0006 ~]$ dig mi-testq03.pt
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55491
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mi-testq03.pt. IN A
;; Query time: 368 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Sat Aug 6 04:04:10 2016
;; MSG SIZE rcvd: 31
[root at lnxd0006 ~]# dig mi-testq03.fr
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25974
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mi-testq03.fr. IN A
;; ANSWER SECTION:
mi-testq03.fr. 1735 IN A 10.224.8.221
;; Query time: 16 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Thu Aug 4 08:14:52 2016
;; MSG SIZE rcvd: 47
[dns at lnxd0006 ~]$ dig mi-testq03.pt soa
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56420
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mi-testq03.pt. IN SOA
;; AUTHORITY SECTION:
pt. 285 IN SOA curiosity.dns.pt. request.dns.pt. 2016080604 21600 7200 2592000 300
;; Query time: 16 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Sat Aug 6 03:43:09 2016
;; MSG SIZE rcvd: 89
[dns at lnxd0006 ~]$ dig mi-testq03.fr soa
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54777
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mi-testq03.fr. IN SOA
;; ANSWER SECTION:
mi-testq03.fr. 1800 IN SOA mcncdns.marriott.com. mcnc\.unix\.eng.marriott.com. 2016080600 900 300 604800 600
;; Query time: 17 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Sat Aug 6 03:43:02 2016
;; MSG SIZE rcvd: 101
Query Log
========
06-Aug-2016 04:00:22.268 client 10.224.2.33#47823 (mi-testq03.pt): view softlayer: query: mi-testq03.pt IN A + (162.130.128.167)
06-Aug-2016 04:00:22.268 client 127.0.0.1#64808 (mi-testq03.pt): view hdq: query: mi-testq03.pt IN A +EDC (127.0.0.1)
06-Aug-2016 04:00:22.269 client 127.0.0.1#31751 (pt): view hdq: query: pt IN DS +EDC (127.0.0.1)
06-Aug-2016 04:00:22.307 client 127.0.0.1#57381 (.): view hdq: query: . IN DNSKEY +EDC (127.0.0.1)
06-Aug-2016 04:00:23.116 client 127.0.0.1#6012 (mi-testq03.pt): view hdq: query: mi-testq03.pt IN DS +EDC (127.0.0.1)
06-Aug-2016 04:00:23.349 client 127.0.0.1#49748 (pt): view hdq: query: pt IN DNSKEY +EDC (127.0.0.1)
06-Aug-2016 04:00:31.821 client 10.224.2.33#46714 (mi-testq03.pt): view softlayer: query: mi-testq03.pt IN A + (162.130.128.167)
06-Aug-2016 04:00:38.068 client 10.224.2.33#36390 (mi-testq03.fr): view softlayer: query: mi-testq03.fr IN A + (162.130.128.167)
06-Aug-2016 04:00:38.069 client 127.0.0.1#51936 (mi-testq03.fr): view hdq: query: mi-testq03.fr IN A +EDC (127.0.0.1)
06-Aug-2016 04:00:38.069 client 127.0.0.1#39651 (fr): view hdq: query: fr IN DS +EDC (127.0.0.1)
06-Aug-2016 04:00:38.150 client 127.0.0.1#46201 (mi-testq03.fr): view hdq: query: mi-testq03.fr IN DS +EDC (127.0.0.1)
06-Aug-2016 04:00:38.374 client 127.0.0.1#48365 (fr): view hdq: query: fr IN DNSKEY +EDC (127.0.0.1)
DIG Results from HDQ DNS view,
=========================
[dns at ncldl38036 ~]$ dig mi-testq03.pt
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26255
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;mi-testq03.pt. IN A
;; ANSWER SECTION:
mi-testq03.pt. 1800 IN A 10.224.9.81
;; AUTHORITY SECTION:
mi-testq03.pt. 1800 IN NS hdqdns.marriott.com.
mi-testq03.pt. 1800 IN NS mcncdns.marriott.com.
;; ADDITIONAL SECTION:
hdqdns.marriott.com. 1800 IN A 162.130.10.9
mcncdns.marriott.com. 1800 IN A 162.130.128.97
;; Query time: 0 msec
;; SERVER: 162.130.128.97#53(162.130.128.97)
;; WHEN: Sat Aug 6 04:05:59 2016
;; MSG SIZE rcvd: 134
[dns at ncldl38036 ~]$ dig mi-testq03.fr
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38503
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;mi-testq03.fr. IN A
;; ANSWER SECTION:
mi-testq03.fr. 1800 IN A 10.224.8.221
;; AUTHORITY SECTION:
mi-testq03.fr. 1800 IN NS hdqdns.marriott.com.
mi-testq03.fr. 1800 IN NS mcncdns.marriott.com.
;; ADDITIONAL SECTION:
hdqdns.marriott.com. 1800 IN A 162.130.10.9
mcncdns.marriott.com. 1800 IN A 162.130.128.97
;; Query time: 1 msec
;; SERVER: 162.130.128.97#53(162.130.128.97)
;; WHEN: Sat Aug 6 04:06:04 2016
;; MSG SIZE rcvd: 134
Thanks & Regards,
Hari Ganesh Ram Mohan
-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of S Carr
Sent: Saturday, August 06, 2016 2:30 AM
To: bind-users at lists.isc.org
Subject: Re: help
On 5 August 2016 at 19:26, RAM MOHAN, Hari Ganesh <hari.rammohan at atos.net<mailto:hari.rammohan at atos.net>> wrote:
>
> Dig SOA gives two different results, It tells SERVFAIL and then
> NXDOMAIN
>
Check your BIND logs to make sure the zone has been successfully transferred from the master.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160806/72582cc8/attachment-0001.html>
More information about the bind-users
mailing list