|
Question : DNS is not forwarding requests, per BIND directives
|
|
I recently solved an issue for a customer whose forwarding was not working. Turns out that had an empty hints file, and knew of no root servers.
But I have another customer who is exhibiting the same problem, and they have a populated hints file.
What is the deal?
There is a forwarder directive for mnc610.mcc310.gprs , so why is the local DNS killing itself looking internally?
> internet.epictouch.mnc610.mcc310.gprs Server: youndns1.mnc560.mcc310.gprs Address: 12.25.118.5
;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A) ------------ SendRequest(), len 55 HEADER: opcode = QUERY, id = 27698, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS: internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
------------ ------------ Got answer (130 bytes): HEADER: opcode = QUERY, id = 27698, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS: internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN AUTHORITY RECORDS: -> (root) type = SOA, class = IN, dlen = 64 ttl = 10782 (10782) origin = A.ROOT-SERVERS.NET mail addr = NSTLD.VERISIGN-GRS.COM serial = 2006031401 refresh = 1800 (30M) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 86400 (1D)
------------ ;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, IN, A) ------------ SendRequest(), len 74 HEADER: opcode = QUERY, id = 27699, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS: internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type = A, clas s = IN
------------ ------------ Got answer (125 bytes): HEADER: opcode = QUERY, id = 27699, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS: internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type = A, clas s = IN AUTHORITY RECORDS: -> mnc560.mcc310.gprs type = SOA, class = IN, dlen = 39 ttl = 0 (0S) origin = youndns1.mnc560.mcc310.gprs mail addr = admin.mnc560.mcc310.gprs serial = 143 refresh = 3600 (1H) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 43200 (12H)
------------ ;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A) ------------ SendRequest(), len 67 HEADER: opcode = QUERY, id = 27700, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS: internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A, class = IN
------------ ------------ Got answer (142 bytes): HEADER: opcode = QUERY, id = 27700, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS: internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A, class = IN AUTHORITY RECORDS: -> (root) type = SOA, class = IN, dlen = 64 ttl = 10782 (10782) origin = a.root-servers.net mail addr = nstld.verisign-grs.com serial = 2006031401 refresh = 1800 (30M) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 86400 (1D)
------------ *** youndns1.mnc560.mcc310.gprs can't find internet.epictouch.mnc610.mcc310.gprs : Non-existent host/domain >
|
Answer : DNS is not forwarding requests, per BIND directives
|
|
logfiles from your DNS is the best reference of what happens when something goes wrong. dig's output is not enough. For catching your problem let's slightly modify your config file (of course backup it first).
# add this: channel "log_poblem" { file "/var/adm/problem.log"; print-category yes; print-severity yes; print-time yes; }; category general { problem_file; }; category network { problem_file; }; category client { problem_file; }; category database { problem_file; }; # modify this category queries { query_file; problem_file; }; category ncache { problem_file; }; category response_checks { dnsmsg_file; problem_file; };
Then restart server and try your requests (either against good or against bad zones). Go through logfile and find the difference or post logfile here.
After 2-3 tries return rename your old config back and restart named again.
|
|
|
|