<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Mistake #1: looking up something using a shortname. Apparently
"rac2.local" is not in your stub resolver's local search list.
Always use fully-qualified domain names (FQDNs) for client lookups,
and educate your users to do so also. Using FQDNs is the most
efficient, least ambiguous, and easiest-to-troubleshoot form of
resource lookup from DNS.<br>
Mistake #2: trying to troubleshoot DNS using nslookup. With its
default output format, nslookup is hiding all of its disgusting
suffixing behavior from your eyes, thus leaving you in the dark as
to what the problem is. Consider using a real DNS troubleshooting
tool like "dig", which doesn't do suffixing garbage (it looks up
exactly what you ask it to look up, nothing more, nothing less), and
with its default output format, shows you the full DNS response from
the nameserver<br>
Mistake #3: the "connection timed out" error from nslookup implies
that one of the names it tried to look up (either "rac2-scan"
appended with some arbitrary suffix from your searchlist, or
"rac2-scan" as a *root* name), ended up in a part of the namespace
that your DNS infrastructure can't resolve at all. Most likely you
have no direct connectivity to the Internet, yet you have neglected
to set up your own internal root zone. So, your DNS infrastructure
tries to go out and talk to the Internet root nameservers, and beats
its head bloody on your firewalls and/or your routers and/or
whatever, futilely trying to get response. Hence the timeout. I'm
surprised your firewall guys haven't complained to you yet about all
of the log noise you've been generating.<br>
Mistake #4: from the logs below, it appears that you have no A or
AAAA records associated with the targets of certain NS records --
with a first label of "apple" -- in each of several zones. Either
change the targets of those NS records to a fully-qualified name
(instead of just "apple"), or supply the A/AAAA records of
apple.<zone> in each of those zone files so that they are
internally complete. This appears to be another symptom of
shortname-itis. Please learn the contexts in which shortnames work,
and the contexts in which they do not, or where extra work is
required to make them work. The safest thing is to always use FQDNs,
as suggested above.<br>
<br>
- Kevin<br>
<br>
On 4/1/2011 9:09 AM, Tony MacDoodle wrote:
<blockquote
cite="mid:AANLkTin+HwmHNOdo32z-eyA-DH07jqT=P_RZUWNf7B4D@mail.gmail.com"
type="cite">I think it's something with one of the zone files,
here is what I get....<br>
<br>
nslookup rac-scan<br>
Server: xxx.xxx.xxx.xxx<br>
Address: xxx.xxx.xxx.xxx#53<br>
<br>
Name: rac-scan.rac.local<br>
Address: xxx.xxx.xxx.xxx<br>
Name: rac-scan.rac.local<br>
Address: xxx.xxx.xxx.xxx<br>
Name: rac-scan.rac.local<br>
Address: xxx.xxx.xxx.xxx<br>
<br>
root:jabba:~# nslookup rac2-scan<br>
;; connection timed out; no servers could be reached<br>
<br>
<div class="gmail_quote">
<br>
<br>
/var/adm/messages<br>
Apr 1 09:05:16 apple named[1695]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
shutting down<br>
Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.notice]
stopping command channel on 127.0.0.1#953<br>
Apr 1 09:05:16 apple named[1695]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
no longer listening on 127.0.0.1#53<br>
Apr 1 09:05:16 apple named[1695]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
no longer listening on xxx.xxx.xxx.24#53<br>
Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.notice]
exiting<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.notice]
starting BIND 9.6.1-P3 -4<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.notice]
built with --prefix=/usr --with-libtool --bindir=/usr/sbin
--sbindir=/usr/sbin --libdir=/usr/lib/dns --sysconfdir=/etc
--localstatedir=/var --with-openssl=/usr/sfw
--enable-threads=yes --enable-devpoll=yes --enable-fixed-rrset
--disable-openssl-version-check -DNS_RUN_PID_DIR=0<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
found 8 CPUs, using 8 worker threads<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
using up to 4096 sockets<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
loading configuration from '/etc/named.conf'<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
using default UDP/IPv4 port range: [1024, 65535]<br>
Apr 1 09:05:16 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
using default UDP/IPv6 port range: [1024, 65535]<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
no IPv6 interfaces found<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
listening on IPv4 interface lo0, 127.0.0.1#53<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
listening on IPv4 interface vnet0:1, xxx.xxx.xxx.24#53<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 0.IN-ADDR.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 127.IN-ADDR.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 254.169.IN-ADDR.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 2.0.192.IN-ADDR.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: D.F.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 8.E.F.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: 9.E.F.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: A.E.F.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
automatic empty zone: B.E.F.IP6.ARPA<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.notice]
command channel listening on 127.0.0.1#953<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone
xxx.10.10.in-addr.arpa/IN: NS 'apple.xxx.10.10.in-addr.arpa' has
no address records (A or AAAA)<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
zone xxx.10.10.in-addr.arpa/IN: loaded serial 1<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone
xxx.10.10.in-addr.arpa/IN: NS 'apple.xxx.10.10.in-addr.arpa' has
no address records (A or AAAA)<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
zone xxx.10.10.in-addr.arpa/IN: loaded serial 1<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone
0.0.127.in-addr.arpa/IN: NS 'apple.0.0.127.in-addr.arpa' has no
address records (A or AAAA)<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
zone 0.0.127.in-addr.arpa/IN: loaded serial 1<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone
rac.local/IN: NS 'apple.rac.local' has no address records (A or
AAAA)<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
zone rac.local/IN: loaded serial 2<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.error] zone
rac2.local/IN: NS 'apple.rac2.local' has no address records (A
or AAAA)<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 <a
moz-do-not-send="true" href="http://daemon.info">daemon.info</a>]
zone rac2.local/IN: loaded serial 3<br>
Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.notice]
running<br>
<br>
<br>
Thanks<br>
On Fri, Apr 1, 2011 at 2:10 AM, Torinthiel <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:torinthiel@data.pl">torinthiel@data.pl</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div class="im">On 04/01/11 03:47, Tony MacDoodle wrote:<br>
> Hello,<br>
><br>
> I am trying to configure 2 different domains on one
host that only has<br>
> one physical interface plummed.<br>
><br>
> I think I have an errorthat I list the hostname of the
interface in both<br>
> zone files as below and this might be why I can't
resolve properly. Do<br>
> you see any mistakes in the files below?<br>
> The only active interface is 192.168.5.5<br>
<br>
</div>
and you can't resolve properly from where? From localhost?
That's<br>
probably because you've configured BIND to only listen on
external<br>
address, not the local one. In this config (listen-on {
192.168.5.5; };)<br>
it won't accept local queries, as these come to 127.0.0.1.<br>
<br>
But from other box command<br>
dig rac-scan.rac.local @<a moz-do-not-send="true"
href="http://192.168.5.5" target="_blank">192.168.5.5</a>
should work.<br>
<br>
Are there any relevant messages in logs? What are the error<br>
messages/results when you try to resolve? How you test if
resolution works?<br>
<br>
Having bind run multiple zones is absolutely normal, and there
are no<br>
reasons to require more than one IP address with that.<br>
<font color="#888888">Torinthiel<br>
</font>
<div>
<div class="h5"><br>
<br>
><br>
> root:/var/named# cat named.conf<br>
> options {<br>
> listen-on-v6 { none; };<br>
> listen-on { 192.168.5.5; };<br>
> directory "/var/named";<br>
> };<br>
> zone "0.0.127.in-addr.arpa" {<br>
> type master;<br>
> file "db.127.0.0";<br>
> };<br>
> zone "rac.local" {<br>
> type master;<br>
> file "db.rac";<br>
> };<br>
> zone "rac2.local" {<br>
> type master;<br>
> file "db.rac2";<br>
> };<br>
> zone "10.168.192.in-addr.arpa" {<br>
> type master;<br>
> file "db.192.168.10";<br>
> };<br>
> zone "20.168.192.in-addr.arpa" {<br>
> type master;<br>
> file "db.192.168.20";<br>
> };<br>
><br>
> root:jedi:/var/named# cat db.rac<br>
> $TTL 86400<br>
> @ SOA jedi root ( 2 10800 3600 604800 600 )<br>
> NS jedi<br>
> localhost A 127.0.0.1<br>
> rac-scan A xxx.xxx.xxx.xxx<br>
> A xxx.xxx.xxx.xxx<br>
> A xxx.xxx.xxx.xxx<br>
> MX 10 rac-scan<br>
><br>
> root:jedi:/var/named# cat db.rac2<br>
> $TTL 86400<br>
> @ SOA jedi root ( 3 10800 3600 604800 600 )<br>
> NS jedi<br>
> localhost A 127.0.0.1<br>
> rac2-scan A xxx.xxx.xxx.xxx<br>
> A xxx.xxx.xxx.xxx<br>
> A xxx.xxx.xxx.xxx<br>
> MX 10 rac2-scan<br>
<br>
</div>
</div>
<br>
_______________________________________________<br>
bind-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
</body>
</html>