Re: nslookup/dig question

Wed, 25 Jan 2012 07:26:52 -0800

You "copied over the zone files". However, the bind 9 server is responding with NXDOMAIN. It appears to me that the server does not believe it is authoritative for the zone. Verify that the server indeed believes it is (look at the logs on startup). Take a look at your named configuration to make sure you are properly including the zone file into the configuration. 

On 1/25/2012 2:31 AM, JeanPaul Thomsin wrote:


All,

Have two servers. One has BIND8, the other BIND9.


Copied over the zone files from the BIND8 server to the BIND9 server, 
so they are identical.


Updated the /etc/resolv.conf file and the named.conf file.


When I do an nslookup (from a third server) pointing to the BIND8 
server, it works fine:


# nslookup
> server 10.179.193.6
Default server: 10.179.193.6
Address: 10.179.193.6#53
> set debug=all
> 10.16.42.61
Server:         10.179.193.6
Address:        10.179.193.6#53

------------
    QUESTIONS:
        61.42.16.10.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  61.42.16.10.in-addr.arpa
        name = ama552D.example.com.
        ttl = 86400
    AUTHORITY RECORDS:
    ->  42.16.10.in-addr.arpa
        nameserver = abby.example.com.
        ttl = 86400
    ADDITIONAL RECORDS:
    ->  abby.example.com
        internet address = 10.179.193.6
        ttl = 86400
------------
61.42.16.10.in-addr.arpa       name = ama552D.example.com.

#

When I do the same pointing to the BIND9 server, it doesn't work:

# nslookup
> server 10.179.221.13
Default server: 10.179.221.13
Address: 10.179.221.13#53

> set debug=all
> 10.16.42.61
Server:         10.179.221.13
Address:        10.179.221.13#53

------------
    QUESTIONS:
        61.42.16.10.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  16.10.in-addr.arpa
        origin = prisoner.abc.org
        mail addr = hostmaster.root-servers.org
        serial = 2002040800
        refresh = 1800
        retry = 900
        expire = 604800
        minimum = 604800
        ttl = 10608
    ADDITIONAL RECORDS:
------------
** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN
Server:         10.179.221.13
Address:        10.179.221.13#53

------------
    QUESTIONS:
        61.42.16.10.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  16.10.in-addr.arpa
        origin = prisoner.abc.org
        mail addr = hostmaster.root-servers.org
        serial = 2002040800
        refresh = 1800
        retry = 900
        expire = 604800
        minimum = 604800
        ttl = 10608
    ADDITIONAL RECORDS:
------------
** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN

> ama552d.example.com
Server:         10.179.221.13
Address:        10.179.221.13#53

------------
    QUESTIONS:
        ama552d.example.com, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  example.com
        origin = monty.example.com
        mail addr = admin.example.com
        serial = 134
        refresh = 900
        retry = 600
        expire = 86400
        minimum = 3600
        ttl = 2991
    ADDITIONAL RECORDS:
------------
** server can't find ama552d.example.com: NXDOMAIN
Server:         10.179.221.13
Address:        10.179.221.13#53

------------
    QUESTIONS:
        ama552d.example.com.example.com, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  example.com
        origin = monty.example.com
        mail addr = admin.example.com
        serial = 134
        refresh = 900
        retry = 600
        expire = 86400
        minimum = 3600
        ttl = 3558
    ADDITIONAL RECORDS:
------------
** server can't find ama552d.example.com: NXDOMAIN

Also did a dig pointing to the BIND8 server:

# dig @10.179.193.6 ama552d.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44601
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ama552d.example.com.           IN      A

;; ANSWER SECTION:
ama552d.example.com.    86400   IN      A       10.16.42.61

;; AUTHORITY SECTION:
example.com.              86400   IN      NS      maggi.example.com.
example.com.              86400   IN      NS      abby.example.com.

;; ADDITIONAL SECTION:
abby.example.com.      86400   IN      A       10.179.193.6
maggi.example.com.     86400   IN      A       10.179.196.38

;; Query time: 2 msec
;; SERVER: 10.179.193.6#53(10.179.193.6)
;; WHEN: Tue Jan 24 16:51:14 2012
;; MSG SIZE  rcvd: 130

#

On BIND 9 server, get the following:

> [root@maggitemp sec_qip]# dig @10.179.221.13 ama552d.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ama552d.example.com.           IN      A

;; AUTHORITY SECTION:

example.com.              2596    IN      SOA     monty.example.com. 
admin.example.com. 134 900 600 86400 3600


;; Query time: 15 msec
;; SERVER: 10.179.221.13#53(10.179.221.13)
;; WHEN: Tue Jan 24 17:13:18 2012
;; MSG SIZE  rcvd: 88

#

Any idea why the query to the BIND9 server  would not work?

What should i look for?



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to