Can't directory query NS type from nds server.
Hi All, Why the father DNS server put the childrenās NS resources in the Authority RR section, but not in the Answer RR section? For example, I have defined a ourfirst.org.zone in my father DNS server, it contians support.ourfrist.org. IN NS ns.ourfirst.org record. [root@tester1 named]# cat ourfirst.org $TTL 1D @IN SOA@ rname.invalid. ( 0; serial 1D; refresh 1H; retry 1W; expire 3H ); minimum IN NS@ IN A192.168.122.92 support.ourfirst.org. IN NSns.ourfirst.org. ns.ourfirst.org.INA192.168.122.27 When I use host -a support.ourfirst.org 192.168.122.92, the result contains following: ;; AUTHORITY SECTION: support.ourfirst.org.86400INNSns.ourfirst.org. ;; ADDITIONAL SECTION: ns.ourfirst.org.86400INA192.168.122.27 Received 71 bytes from 192.168.122.92#53 in 0 ms I can find the AUTHORITY SECTION: support.ourfirst.org 86400 IN NS ns.ourfirst.org But, if I directory use -t ns type to query the NS record, then It will fail. [root@tester1 named]# host -t ns support.ourfirst.org 192.168.122.92 Using domain server: Name: 192.168.122.92 Address: 192.168.122.92#53 Aliases: support.ourfirst.org has no NS record Anyone can give me some advice? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't directory query NS type from nds server.
On 13 August 2013 08:20, Sury Bu bushu...@gmail.com wrote: When I use host -a support.ourfirst.org 192.168.122.92, the result contains following: ;; AUTHORITY SECTION: support.ourfirst.org.86400INNSns.ourfirst.org. ;; ADDITIONAL SECTION: ns.ourfirst.org.86400INA192.168.122.27 Received 71 bytes from 192.168.122.92#53 in 0 ms So you didn't actually get a response that you wanted, you didn't get the A record for your requested support.ourfirst.org But, if I directory use -t ns type to query the NS record, then It will fail. [root@tester1 named]# host -t ns support.ourfirst.org 192.168.122.92 Using domain server: Name: 192.168.122.92 Address: 192.168.122.92#53 Aliases: support.ourfirst.org has no NS record You are missing the DNS zone in your DNS configuration for support.ourfirst.org. The NS record in ourfirst.org indicates that the server ns.ourfirst.org is the server responsible for the zone, but the zone either isn't created or has been created and BIND hasn't been reloaded to re-read the new configuration. The reason the server wont return the NS record when queried directly is because that is a glue record only, the zone didn't exist so there was no response to return. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
internal network PTR records, necessary?
This isn't a problem with bind, that I'm aware of but I was hoping someone could shed a little DNS expertise on a situation that happened Monday morning. I'll be very brief: We started experiencing problems with connectivity from our application servers to a couple database servers. I narrowed the problem down to remote logins over tcp/ip and then by noticing SSH was also connecting slowly, found that the SSH connection was hanging doing a reverse lookup on the internal ip address. After doing some mysql research I was able to find the option to tell mysql to skip this lookup and it solved our problem My dillema has been trying to figure out why the issue started in the first place. There have been no DNS changes for months, and we have never kept PTR records for our internal IPs at our nameservers. This has always just worked, so why would these lookups start hanging monday morning without any configuration changes? Later in the day the SSH connections were quick again within the internal network. Could it just have been that our DNS server wasn't functioning properly for a period of time? We are monitoring this server with nagios so I would be surprised. Should I be concerned about not having internal PTR records? I have never even considered the necessity of setting this up. I noticed if I do a reverse lookup on an internal IP it seems to reference an iana server. Do we have a misconfiguration to be going out there for an answer? Could it be that this iana server was not responding monday morning? ; DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 -x 192.168.1.50 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 1252 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.1.168.192.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 ;; Query time: 147 msec ;; SERVER: 192.168.1.180#53(192.168.1.180) ;; WHEN: Tue Aug 13 22:00:25 2013 ;; MSG SIZE rcvd: 120 -- Beware of all enterprises that require new clothes. -- Henry David Thoreau ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: internal network PTR records, necessary?
Hi James, At 19:06 13-08-2013, James Chase wrote: I noticed if I do a reverse lookup on an internal IP it seems to reference an iana server. Do we have a misconfiguration to be going out there for an answer? Could it be that this iana server was not responding monday morning? See RFC 6303 and RFC 6305. Regards, -sm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
