<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello!<br>
Here is output:<br>
/etc/namedb> dig @172.16.0.1 sokol.msk.united-networks.ru. NS
+norec<br>
<br>
; <<>> DiG 9.4.3-P2 <<>> @172.16.0.1
sokol.msk.united-networks.ru. NS +norec<br>
; (1 server found)<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
14255<br>
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2<br>
<br>
;; QUESTION SECTION:<br>
;sokol.msk.united-networks.ru. IN NS<br>
<br>
;; AUTHORITY SECTION:<br>
sokol.msk.united-networks.ru. 3600 IN NS
srvgate.sokol.msk.united-networks.ru.<br>
<br>
;; ADDITIONAL SECTION:<br>
srvgate.sokol.msk.united-networks.ru. 3359 IN A 172.31.16.16<br>
srvgate.sokol.msk.united-networks.ru. 3359 IN A 172.16.16.1<br>
<br>
;; Query time: 0 msec<br>
;; SERVER: 172.16.0.1#53(172.16.0.1)<br>
;; WHEN: Thu Apr 19 14:08:55 2012<br>
;; MSG SIZE rcvd: 100<br>
<br>
I noticed that after some time FreeBSD still tried to ask for
sokol.msk.united-networks.ru from Ubuntu (srvgate.sokol.msk).<br>
It happened after 2-3 minutes after "named" was restarted on
FreeBSD. But now FreeBSD doesn't ask for hosts in this zone.<br>
All what I was doing during this time period - I restarted
freevrrp-daemon on FreeBSD machine. Could it be related to issue?<br>
<br>
Something very strange.. Another FreeBSD (9.0) works fine in the
same (or much like) conditions...<br>
<br>
Kind regards,<br>
Ellad<br>
<blockquote
cite="mid:CAE_wXn1yWcCSuFXj8Bdy2e+aE+gV4F2XFnW4YcCAYYu50iX4qQ@mail.gmail.com"
type="cite">Hi,<br>
<br>
First of all, nslookup isn't a good tool for debug DNS problems.
Use dig instead.<br>
<br>
Could you show the output of "dig @freebsdbox <a
moz-do-not-send="true"
href="http://sokol.msk.united-networks.ru">sokol.msk.united-networks.ru</a>.
NS +norec" run from freebsd box itself?<br>
<br>
<br>
<div class="gmail_quote">2012/4/19 Ellad G. Yatsko <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:eyatsko@ngs.ru">eyatsko@ngs.ru</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello!<br>
<br>
I have FreeBSD 7.2 x64 installed. And Bind 9.4:<br>
<br>
/etc/namedb> named -v<br>
BIND 9.4.3-P2<br>
<br>
I have zone "/<a moz-do-not-send="true"
href="http://united-networks.ru/" target="_blank">united-networks.ru/</a>"
and I try to do the following:<br>
...<br>
$ORIGIN <a moz-do-not-send="true"
href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>.<br>
@ IN NS srvgate<br>
srvgate IN A 172.31.16.16<br>
$ORIGIN <a moz-do-not-send="true"
href="http://united-networks.ru" target="_blank">united-networks.ru</a>.<br>
...<br>
<br>
As I understand I delegated the SOA (IN NS) to server
with name<br>
<a moz-do-not-send="true"
href="http://srvgate.sokol.msk.united-networks.ru"
target="_blank">srvgate.sokol.msk.united-networks.ru</a>
("srvgate" has no tailing "dot"<br>
so domain "<a moz-do-not-send="true"
href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>"
from $ORIGIN operator will be<br>
appended), then I placed "glue"-record with
srvgate.sokol.msk's address.<br>
It is because as I understood nameserver of delegated
zone is in it.<br>
<br>
From here I thought on the server 172.31.16.16 (it's
Ubuntu) I must<br>
receive DNS-requests related to zone <a
moz-do-not-send="true"
href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>.
For<br>
example if I try do nslookup <a moz-do-not-send="true"
href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>
on FreeBSD<br>
7.2 x64. But:<br>
<br>
/etc/bind# hostname -f<br>
<a moz-do-not-send="true"
href="http://srvgate.sokol.msk.united-networks.ru"
target="_blank">srvgate.sokol.msk.united-networks.ru</a><br>
/etc/bind# tshark -ta -ni tun0 -R dns<br>
Running as user "root" and group "root". This could be
dangerous.<br>
Capturing on tun0<br>
<br>
...there is nothing! And FreeBSD issues NXDOMAIN. I say
more - FreeBSD<br>
tries to resolve name "<a moz-do-not-send="true"
href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>"
through its forwarder in<br>
external world!<br>
<br>
Where am I wrong? I simulated this situation with the
same configurations<br>
on Ubuntu (Bind 9.7.0-P1) and fresh-installed FreeBSD 9.0
x64 (Bind 9.8.1-P1).<br>
All works fine!<br>
<br>
-------------------------------------- related portion of
named.conf --------------------------------------<br>
options {<br>
directory "/etc/namedb";<br>
pid-file "/var/run/named/pid";<br>
dump-file "/var/dump/named_dump.db";<br>
statistics-file "/var/stats/named.stats";<br>
<br>
listen-on {<br>
....<br>
127.0.0.1;<br>
172.16.0.1;<br>
172.16.1.1;<br>
172.16.2.1;<br>
172.31.0.1;<br>
};<br>
<br>
forwarders {<br>
89.222.167.2;<br>
8.8.8.8;<br>
};<br>
recursion yes;<br>
allow-recursion {0/0;};<br>
};<br>
<br>
...<br>
<br>
view internal {<br>
match-clients {<br>
<a moz-do-not-send="true"
href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>;<br>
<a moz-do-not-send="true"
href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>;<br>
};<br>
...<br>
zone "<a moz-do-not-send="true"
href="http://united-networks.ru" target="_blank">united-networks.ru</a>"
{<br>
type master;<br>
file "master/forward/united-networks.ru.internal";<br>
allow-transfer {<br>
172.16.0.2;<br>
172.16.16.2;<br>
172.31.16.16;<br>
172.31.17.0;<br>
172.31.18.0;<br>
};<br>
};<br>
...<br>
};<br>
...<br>
-----------------------------------------------------------------------------------------------------------<br>
<br>
Kind regards,<br>
Ellad<br>
</blockquote>
<br>
_______________________________________________<br>
Please visit <a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
AP<br>
</blockquote>
<br>
</body>
</html>