Re: nslookup/dig question
You copied over the zone files. However, the bind 9 server is responding with NXDOMAIN. It appears to me that the server does not believe it is authoritative for the zone. Verify that the server indeed believes it is (look at the logs on startup). Take a look at your named configuration to make sure you are properly including the zone file into the configuration. On 1/25/2012 2:31 AM, JeanPaul Thomsin wrote: All, Have two servers. One has BIND8, the other BIND9. Copied over the zone files from the BIND8 server to the BIND9 server, so they are identical. Updated the /etc/resolv.conf file and the named.conf file. When I do an nslookup (from a third server) pointing to the BIND8 server, it works fine: # nslookup server 10.179.193.6 Default server: 10.179.193.6 Address: 10.179.193.6#53 set debug=all 10.16.42.61 Server: 10.179.193.6 Address:10.179.193.6#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: - 61.42.16.10.in-addr.arpa name = ama552D.example.com. ttl = 86400 AUTHORITY RECORDS: - 42.16.10.in-addr.arpa nameserver = abby.example.com. ttl = 86400 ADDITIONAL RECORDS: - abby.example.com internet address = 10.179.193.6 ttl = 86400 61.42.16.10.in-addr.arpa name = ama552D.example.com. # When I do the same pointing to the BIND9 server, it doesn't work: # nslookup server 10.179.221.13 Default server: 10.179.221.13 Address: 10.179.221.13#53 set debug=all 10.16.42.61 Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN ama552d.example.com Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 2991 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 3558 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Also did a dig pointing to the BIND8 server: # dig @10.179.193.6 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44601 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; ANSWER SECTION: ama552d.example.com.86400 IN A 10.16.42.61 ;; AUTHORITY SECTION: example.com. 86400 IN NS maggi.example.com. example.com. 86400 IN NS abby.example.com. ;; ADDITIONAL SECTION: abby.example.com. 86400 IN A 10.179.193.6 maggi.example.com. 86400 IN A 10.179.196.38 ;; Query time: 2 msec ;; SERVER: 10.179.193.6#53(10.179.193.6) ;; WHEN: Tue Jan 24 16:51:14 2012 ;; MSG SIZE rcvd: 130 # On BIND 9 server, get the following: [root@maggitemp sec_qip]# dig @10.179.221.13 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 12521 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; AUTHORITY SECTION: example.com. 2596IN SOA monty.example.com. admin.example.com. 134 900 600 86400 3600 ;; Query time: 15 msec ;; SERVER:
RE: nslookup/dig question
Antonio and John: You were right on. /var/log/messages indicated there was a problem with named.conf. I had done a check with named-checkconf and it found no errors, so i thought it was OK, but the logs said otherwise. Working now. Thanks! From: John Wingenbach [b...@wingenbach.org] Sent: Wednesday, January 25, 2012 9:20 AM To: JeanPaul Thomsin Cc: bind-users@lists.isc.org Subject: Re: nslookup/dig question You copied over the zone files. However, the bind 9 server is responding with NXDOMAIN. It appears to me that the server does not believe it is authoritative for the zone. Verify that the server indeed believes it is (look at the logs on startup). Take a look at your named configuration to make sure you are properly including the zone file into the configuration. On 1/25/2012 2:31 AM, JeanPaul Thomsin wrote: All, Have two servers. One has BIND8, the other BIND9. Copied over the zone files from the BIND8 server to the BIND9 server, so they are identical. Updated the /etc/resolv.conf file and the named.conf file. When I do an nslookup (from a third server) pointing to the BIND8 server, it works fine: # nslookup server 10.179.193.6 Default server: 10.179.193.6 Address: 10.179.193.6#53 set debug=all 10.16.42.61 Server: 10.179.193.6 Address:10.179.193.6#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: - 61.42.16.10.in-addr.arpa name = ama552D.example.com. ttl = 86400 AUTHORITY RECORDS: - 42.16.10.in-addr.arpa nameserver = abby.example.com. ttl = 86400 ADDITIONAL RECORDS: - abby.example.com internet address = 10.179.193.6 ttl = 86400 61.42.16.10.in-addr.arpa name = ama552D.example.com. # When I do the same pointing to the BIND9 server, it doesn't work: # nslookup server 10.179.221.13 Default server: 10.179.221.13 Address: 10.179.221.13#53 set debug=all 10.16.42.61 Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN ama552d.example.com Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 2991 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 3558 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Also did a dig pointing to the BIND8 server: # dig @10.179.193.6 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44601 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; ANSWER SECTION: ama552d.example.com.86400 IN A 10.16.42.61 ;; AUTHORITY SECTION: example.com. 86400 IN NS maggi.example.com. example.com. 86400 IN NS abby.example.com. ;; ADDITIONAL SECTION: abby.example.com. 86400 IN A 10.179.193.6 maggi.example.com. 86400 IN A 10.179.196.38 ;; Query time: 2 msec ;; SERVER: 10.179.193.6#53(10.179.193.6) ;; WHEN: Tue Jan 24 16:51:14 2012 ;; MSG SIZE rcvd: 130 # On BIND 9 server, get the following: [root@maggitemp sec_qip]# dig
RE: nslookup/dig question
On Wed, 2012-01-25 at 16:57 +, JeanPaul Thomsin wrote: Antonio and John: You were right on. /var/log/messages indicated there was a problem with named.conf. I had done a check with named-checkconf and it found no errors, so i thought it was OK, but the logs said otherwise. Working now. If I'm ever setting up a Nameserver for the first time on new kit, I tend to run 'named' from the shell with the '-g' flag - just to 'see' what is happening. Yes - one should check the logs - but that can be multiple log files and it wouldn't be the first time I've made a mistake in the logging section as well -- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
nslookup/dig question
All, Have two servers. One has BIND8, the other BIND9. Copied over the zone files from the BIND8 server to the BIND9 server, so they are identical. Updated the /etc/resolv.conf file and the named.conf file. When I do an nslookup (from a third server) pointing to the BIND8 server, it works fine: # nslookup server 10.179.193.6 Default server: 10.179.193.6 Address: 10.179.193.6#53 set debug=all 10.16.42.61 Server: 10.179.193.6 Address:10.179.193.6#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: - 61.42.16.10.in-addr.arpa name = ama552D.example.com. ttl = 86400 AUTHORITY RECORDS: - 42.16.10.in-addr.arpa nameserver = abby.example.com. ttl = 86400 ADDITIONAL RECORDS: - abby.example.com internet address = 10.179.193.6 ttl = 86400 61.42.16.10.in-addr.arpa name = ama552D.example.com. # When I do the same pointing to the BIND9 server, it doesn't work: # nslookup server 10.179.221.13 Default server: 10.179.221.13 Address: 10.179.221.13#53 set debug=all 10.16.42.61 Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN ama552d.example.com Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 2991 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 3558 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Also did a dig pointing to the BIND8 server: # dig @10.179.193.6 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44601 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; ANSWER SECTION: ama552d.example.com.86400 IN A 10.16.42.61 ;; AUTHORITY SECTION: example.com. 86400 IN NS maggi.example.com. example.com. 86400 IN NS abby.example.com. ;; ADDITIONAL SECTION: abby.example.com. 86400 IN A 10.179.193.6 maggi.example.com. 86400 IN A 10.179.196.38 ;; Query time: 2 msec ;; SERVER: 10.179.193.6#53(10.179.193.6) ;; WHEN: Tue Jan 24 16:51:14 2012 ;; MSG SIZE rcvd: 130 # On BIND 9 server, get the following: [root@maggitemp sec_qip]# dig @10.179.221.13 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 12521 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; AUTHORITY SECTION: example.com. 2596IN SOA monty.example.com. admin.example.com. 134 900 600 86400 3600 ;; Query time: 15 msec ;; SERVER: 10.179.221.13#53(10.179.221.13) ;; WHEN: Tue Jan 24 17:13:18 2012 ;; MSG SIZE rcvd: 88 # Any idea why the query to the BIND9 server would not work? What should i look for? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users