Re: bugs for cname can not be working properly with bind 9.11.4
Hello All thank you for the feedback ,I am wonder is that possible that I send a teams link for a live debugging on my sever .even I can paid for this . if that not possible ,I really have no idea on how to do troubleshooting next , i am plan to delete all the server and rebuild it from very begining . thanks Thanks Shawn 在 5/26/2022 4:44 PM, Jan-Piet Mens via bind-users 写道: (putting this back on list) thank you for the feedback,now I have already start the slave server [root@bind-master-centos7 ~]# dig kaixinduole.com +nssearch SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041566 3600 900 604800 86400 from server 52.130.145.30 in 0 ms. SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041584 3600 900 604800 86400 from server 139.217.99.188 in 1 ms. You'll note that the two servers have a differing SOA serial: 2022041566 vs 2022041584. Something has changed, because the zone now SERVFAILs: $ dig @9.9.9.9 kaixinduole.com ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56297 When queried directly, I get a response: $ dig @52.130.145.30 ns1.kaixinduole.com +norec ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 I can't get rid of the feeling that we're not seeing the same server you are... -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
(putting this back on list) thank you for the feedback,now I have already start the slave server [root@bind-master-centos7 ~]# dig kaixinduole.com +nssearch SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041566 3600 900 604800 86400 from server 52.130.145.30 in 0 ms. SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041584 3600 900 604800 86400 from server 139.217.99.188 in 1 ms. You'll note that the two servers have a differing SOA serial: 2022041566 vs 2022041584. Something has changed, because the zone now SERVFAILs: $ dig @9.9.9.9 kaixinduole.com ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56297 When queried directly, I get a response: $ dig @52.130.145.30 ns1.kaixinduole.com +norec ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 I can't get rid of the feeling that we're not seeing the same server you are... -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
2. [image: image.png] In this screenshot you've shown the result of `cat named.conf', but where's the zone definition for kaixinduole.com? What we are seeing here is a recursive server. -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
Hello Bob, thank you for the support. please find the answer below 1.yes , I have already update the serial number from master server ,it is not a stealth master, it can provide the dns resolution publicly 2. [image: image.png] 3. they can communicate without any block by using internal ip address ,for the public ip address communication, there is ACL between them ,but I have already allow port 53(udp and tcp) for everyone . 4.now I have enabled querylog [image: image.png] 5. Since i was thinking just wanna be easy so that I shutdown the slave server , now I have already enable the slave server . but the serial number is different with the master server ,even if I restart/reload the service from slave server . thank in advance for the help . On Thu, May 26, 2022 at 12:30 AM Bob McDonald wrote: > I also get the same value for the serial number from a dig soa . > > A couple of questions. > > 1) I assume you are updating the serial number on the master (primary) > zone file. Correct? Is this a stealth (hidden) master? > 2) On that same server, what are your values for NOTIFY and if specified, > EXPLICIT-NOTIFY. > 3) Is there a firewall between the master (primary) and any.all slave > (secondary) servers? If yes, does the firewall allow port 53 botj UDP > and TCP traffic between those servers? > 4) Are you logging everything? (yeah, I know query logging can use alot of > resources) > > Just from a cursory glance at the zone with dig, it looks as though the > domain wasn't reloaded. > > Also, it looks like NS2 doesn't responf. > > Bob > -- Best Regards Bian Mingkai (边明凯) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
I just modified the serial number this is not currently a problem, but please note that you've changed the first four digits which are likely to 2023. Also if the zone is reloaded there's no need to restart named. Actually nothing changed , Indeed. Are you doing these changes on the server we know as NS1.kaixinduole.com with the IP address shown below? As Bob mentions, the second NS2 is not responding: $ dig kaixinduole.com +nssearch SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041566 3600 900 604800 86400 from server 52.130.145.30 in 343 ms. From here we're still seeing the unchanged SOA serial number. -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
I also get the same value for the serial number from a dig soa . A couple of questions. 1) I assume you are updating the serial number on the master (primary) zone file. Correct? Is this a stealth (hidden) master? 2) On that same server, what are your values for NOTIFY and if specified, EXPLICIT-NOTIFY. 3) Is there a firewall between the master (primary) and any.all slave (secondary) servers? If yes, does the firewall allow port 53 botj UDP and TCP traffic between those servers? 4) Are you logging everything? (yeah, I know query logging can use alot of resources) Just from a cursory glance at the zone with dig, it looks as though the domain wasn't reloaded. Also, it looks like NS2 doesn't responf. Bob -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
the domain name is kaixinduole.com Querying the SOA record for kaixinduole.com shows the SOA serial number is less than what you showed in the screenshot: ;; ANSWER SECTION: kaixinduole.com.21600 IN SOA ns1.kaixinduole.com. shawn.kaixinduole.com. ( 2022041566 ; serial 3600 ; refresh (1 hour) 900; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) I just create a cname record for testing, which is www cname to www.baidu.com. please see the below : When you update the zone file and add the CNAME, you must increase the SOA serial number to anything higher than what it currently is. The zone seems to use MMDDnn format, but you can also just increment the current number. After storing the zone file, I recommend you use named-checkconf -z to make sure you see no error messages, and then you should be able to load the zone with an rndc reload kaixinduole.com Good luck, -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bugs for cname can not be working properly with bind 9.11.4
(I've tried to reformat some of this; it was illegible to me and I'm probably misreading some of it) www IN CNAME www.baidu.com. [root@centos7 ~]# dig www.kaixinduole.com# it should be cname to You've not specified an address for dig to use so it's using your system's resolver, likely querying a caching server which is responding with a cached entry. -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bugs for cname can not be working properly with bind 9.11.4
Hello , I have run the dns server by myself which installed centos7 and bind version is BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 (Extended Support Version) ,the domain name is kaixinduole.com I just create a cname record for tesing ,which is www cname to www.baidu.com. please see the below : [root@bind-master-centos7 named]# cat kaixinduole.com.zone$TTL 1D@ IN SOA ns1.kaixinduole.com. shawn.kaixinduole.com. ( 202204276 1H 15M 1W 1D )IN NS ns1.kaixinduole.com.IN NS ns2.kaixinduole.com.IN MX 10 mx1 IN MX 20 mx2 IN A 22.3.3.95ns1IN A 52.130.145.30ns2IN A 139.217.99.188mx1 IN A 2.1.1.7mx2 IN A 2.1.1.7mx3 IN A 2.1.1.7subversion IN A 139.219.5.165http IN A 100.2.2.8www IN CNAME www.baidu.com.mail IN NS ns1.mailharbor IN A 40.73.22.32mail IN NS ns2.mailns1.mail IN A 139.217.98.3ns2.mailIN A 139.217.98.3fileIN NS ns1.filefile IN NS ns2.filens1.fileIN A 139.217.98.3ns2.file IN A 139.217.98.3fileIN A 52.131.78.18@ IN TXT "v=spf1 a ip4:184.164.141.188 ~all"@ IN TXT "YOU CAN CONTACT ME BY PHONE 15810410643" actually this cname record just does work properly ,the other rest of record are woring normally . my testing below: [root@centos7 ~]# dig harbor.kaixinduole.com; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> harbor.kaixinduole.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33479;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;harbor.kaixinduole.com.IN A;; ANSWER SECTION:harbor.kaixinduole.com. 21600 IN A 40.73.22.32;; Query time: 439 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Tue May 24 13:07:51 CST 2022;; MSG SIZE rcvd: 67[root@centos7 ~]# dig subversion.kaixinduole.com; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> subversion.kaixinduole.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29175;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;subversion.kaixinduole.com.IN A;; ANSWER SECTION:subversion.kaixinduole.com. 21600 INA 139.219.5.165;; Query time: 323 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Tue May 24 13:08:07 CST 2022;; MSG SIZE rcvd: 71[root@centos7 ~]# dig www.kaixinduole.com# it should be cname to www.baidu.com .but it actully respond with 1.1.1.1; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> www.kaixinduole.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46971;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;www.kaixinduole.com. IN A;; ANSWER SECTION:www.kaixinduole.com. 21600 IN A 1.1.1.1;; Query time: 351 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Tue May 24 13:08:23 CST 2022;; MSG SIZE rcvd: 64[root@centos7 ~]# it should be cname to www.baidu.com .but it actully respond with 1.1.1.1 ,1.1.1.1 was the previous configuration . is there any clue forthis issues ?thanks -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
