subject:"Re\: \[GnuDIP\] nsupdate \& djb's dnscache are not friends \:\-\("

Re: [GnuDIP] nsupdate djb's dnscache are not friends :-(

2002-04-22 Thread Thilo Bangert


Please remember to reply to the mailing list, not the original sender:

  http://gnudip2.sourceforge.net/#mailinglist

+

On Monday, 22. April 2002 21:03, you wrote:
 Hi,

Hi


 I just installed GnuDIP 2.3.5 and was toying around and
 adjusting things when it suddenly stopped working. I
 couldn't update via web or via tcp... I checked and
 noticed that in fact, I wasn't able to make a
 successful nsupdate even via command line.

 I added -d to nsupdate and saw that the error message
 said something about not getting a SOA record.

 A host -t soa host.dyndomain.mydomain.com didn't get
 a SOA record but, as far as I remembered, never did.
 The SOA belongs to dyndomain.mydomain.com not to
 host.dyndomain.mydomain.com.

 After a while I remembered I had changed the order of
 the nameserver entries in /etc/resolv.conf in the
 GnuDIP host.

 Originally there was a BIND resolver (not the BIND
 authoritative server) and I had put it below a DJB's
 dnscache.

 After digging enough I noticed the following.

 With the BIND resolver I got the following:
  # dnsqr any host.dyndomain.mydomain.com
  255 host.dyndomain.mydomain.com:
  97 bytes, 1+0+1+0 records, response, authoritative, nxdomain
  query: 255 host.dyndomain.mydomain.com
  authority: dyndomain.mydomain.com 10 SOA ns1.dyndomain.mydomain.com
  hostmaster.dyndomain.mydomain.com 2002042214 10800 3600 360 10

 And with DJB's dnscache:
  # dnsqr any host.dyndomain.mydomain.com
  255 host.dyndomain.mydomain.com:
  41 bytes, 1+0+0+0 records, response, authoritative, nxdomain
  query: 255 host.dyndomain.mydomain.com

 Note that BIND includes an authority section for
 whoever has authority to that domain, whereas dnscache
 does not.

 The point is, if you are using nsupdate, you CAN'T
 resolve via dnscache.

why do you conclude that? i can't seem to follow you...

-- 
regards
Thilo

--
GnuDIP Mailing List
http://gnudip2.sourceforge.net/#mailinglist

Re: [GnuDIP] nsupdate djb's dnscache are not friends :-(

2002-04-22 Thread Mariano Absatz


Please remember to reply to the mailing list, not the original sender:

  http://gnudip2.sourceforge.net/#mailinglist

+

El 22 Apr 2002 a las 21:17, Thilo Bangert escribió:


 On Monday, 22. April 2002 21:03, you wrote:
  Hi,

 Hi

 
  I just installed GnuDIP 2.3.5 and was toying around and
  adjusting things when it suddenly stopped working. I
  couldn't update via web or via tcp... I checked and
  noticed that in fact, I wasn't able to make a
  successful nsupdate even via command line.
 
  I added -d to nsupdate and saw that the error message
  said something about not getting a SOA record.
 
  A host -t soa host.dyndomain.mydomain.com didn't get
  a SOA record but, as far as I remembered, never did.
  The SOA belongs to dyndomain.mydomain.com not to
  host.dyndomain.mydomain.com.
 
  After a while I remembered I had changed the order of
  the nameserver entries in /etc/resolv.conf in the
  GnuDIP host.
 
  Originally there was a BIND resolver (not the BIND
  authoritative server) and I had put it below a DJB's
  dnscache.
 
  After digging enough I noticed the following.
 
  With the BIND resolver I got the following:
   # dnsqr any host.dyndomain.mydomain.com
   255 host.dyndomain.mydomain.com:
   97 bytes, 1+0+1+0 records, response, authoritative, nxdomain
   query: 255 host.dyndomain.mydomain.com
   authority: dyndomain.mydomain.com 10 SOA ns1.dyndomain.mydomain.com
   hostmaster.dyndomain.mydomain.com 2002042214 10800 3600 360 10
 
  And with DJB's dnscache:
   # dnsqr any host.dyndomain.mydomain.com
   255 host.dyndomain.mydomain.com:
   41 bytes, 1+0+0+0 records, response, authoritative, nxdomain
   query: 255 host.dyndomain.mydomain.com
 
  Note that BIND includes an authority section for
  whoever has authority to that domain, whereas dnscache
  does not.
 
  The point is, if you are using nsupdate, you CAN'T
  resolve via dnscache.

 why do you conclude that? i can't seem to follow you...

192.168.1.2 is running dnscache
192.168.1.99 is running bind 8.2.3 (cache only)

/etc/resolv.conf has
nameserver 192.168.1.2
nameserver 192.168.1.99

 # nsupdate -d -v
  update delete baby.dyn.pertisp.com.ar. in a
 
 Reply from SOA query:
 ;; -HEADER- opcode: QUERY, status: NOERROR, id:  49055
 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 ;; QUESTION SECTION:
 ;baby.dyn.pertisp.com.ar.   IN  SOA


 response to SOA query didn't contain an SOA
 #

nsupdate doesn't work and complains that a response to SOA query didn't contain an SOA.

Here's dnscache log:
2002-04-22 16:54:53.404173500 query 28856 192.168.1.7:32834:49055 soa 
baby.dyn.pertisp.com.ar.
2002-04-22 16:54:53.404179500 cached ns pertisp.com.ar. ns1.pertisp.com.ar.
2002-04-22 16:54:53.404182500 cached ns pertisp.com.ar. ns2.pertisp.com.ar.
2002-04-22 16:54:53.404184500 cached a ns1.pertisp.com.ar.
2002-04-22 16:54:53.404186500 cached a ns2.pertisp.com.ar.
2002-04-22 16:54:53.404188500 tx 0 soa baby.dyn.pertisp.com.ar. pertisp.com.ar. 
200.49.76.6
200.49.76.6 200.49.76.34
2002-04-22 16:54:53.406347500 nodata 200.49.76.6 10  6 baby.dyn.pertisp.com.ar.

If you look at what the query for ANY answers, you get:
 # dnsqr any baby.dyn.pertisp.com.ar
 255 baby.dyn.pertisp.com.ar:
 57 bytes, 1+1+0+0 records, response, noerror
 query: 255 baby.dyn.pertisp.com.ar
 answer: baby.dyn.pertisp.com.ar 5 A 1.2.3.4

Now I flip the order in /etc/resolv.conf:
nameserver 192.168.1.99
nameserver 192.168.1.2

 # nsupdate -d -v
  update delete baby.dyn.pertisp.com.ar. in a
 
 Reply from SOA query:
 ;; -HEADER- opcode: QUERY, status: NOERROR, id:  24278
 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 ;; QUESTION SECTION:
 ;baby.dyn.pertisp.com.ar.   IN  SOA

 ;; AUTHORITY SECTION:
 dyn.pertisp.com.ar. 10  IN  SOA ns1.pertisp.com.ar. 
hostmaster.pert.com.ar. 2002042215 10800 3600 360 10


 Found zone name: dyn.pertisp.com.ar
 The master is: ns1.pertisp.com.ar

 Reply from update query:
 ;; -HEADER- opcode: UPDATE, status: NOERROR, id:  10966
 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

  update add baby.dyn.pertisp.com.ar. 5 in a 1.2.3.4
 
 Reply from SOA query:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id:  55227
 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 ;; QUESTION SECTION:
 ;baby.dyn.pertisp.com.ar.   IN  SOA

 ;; AUTHORITY SECTION:
 dyn.pertisp.com.ar. 10  IN  SOA ns1.pertisp.com.ar. 
hostmaster.pert.com.ar. 2002042216 10800 3600 360 10


 Found zone name: dyn.pertisp.com.ar
 The master is: ns1.pertisp.com.ar

 Reply from update query:
 ;; -HEADER- opcode: UPDATE, status: NOERROR, id:  49272
 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

  Destroy DST lib
 Detach from entropy
 #

BIND is only logging the query:
22-Apr-2002 17:01:59.615 queries: info: XX+/192.168.1.7/baby.dyn.pertisp.com.ar/ANY/IN

However, if now I check via dnsqr:
 # dnsqr any

Re: [GnuDIP] nsupdate djb's dnscache are not friends :-(

Re: [GnuDIP] nsupdate djb's dnscache are not friends :-(

2 matches

Site Navigation

Mail list logo

Footer information