[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS



On Wed, 21 Jun 2000, Brian Candler wrote:
I have read your reply it is very informative. I wonder whether this
contributes to the problem
the machine itself is called alpha. the zone file looks like this
eahd.or.ug. IN SOA eahd.or.ug. postmaster.eahd.or.ug.
                               ( SOA values )
eahd.or.ug. IN NS eahd.or.ug.
            IN NS pop.nsrc.org.
;adresses for canonical names
eahd.or.ug. IN A 216.129.132.208
wawa        IN A 216.129.132.164
alpha       IN A 216.129.132.208
;aliases
www IN CNAME eahd.or.ug.
webmail IN CNAME wawa.eahd.or.ug.
;mail exchangers
eahd.or.ug. IN MX 5 wawa.eahd.or.ug.
            IN MX 20 pop.nsrc.org.
alpha.eahd.or.ug IN MX 10alpha.eahd.or.ug.
Notice that eahd.or.ug. and alpha share the same address
I have another name server wawa.eahd.or.ug which is running fine and on
which I have temporarily moved most of my zone files but alpha is a much
better machine in terms of load handling , speed and general efficiency.
Incidentally when I restart the server I don't get any error messages
and the server works fine for about 20 minutes and after that it stops.
 >
Date: Wed,
21 Jun 2000 16:23:14 +0100 > From: Brian Candler <B.Candler at pobox.com>
> To: ksemat at eahd.or.ug
> Cc: afnog at afnog.org
> Subject: Re: DNS
> 
> On Tue, Jun 20, 2000 at 11:08:38PM +0300, ksemat at eahd.or.ug wrote:
> > I have a problem on which I would like your help.
> > I have a domain eahd.or.ug for which it is its own primary it has stub
> > zones wawa and alpha however alpha uses the same IP as that of eahd.or.ug
> > itself.
> > Now the problem is that the DNS tends to time out when I do nslookup
> 
> The simplest way to debug external DNS problems is to follow them through
> step-by-step, starting at the root server, just the same as some other
> machine on the Internet would do when looking up your address. So let's do
> it:
> 
> $ dig  at a.root-servers.net. www.eahd.or.ug. any
> ...
> UG.                     2D IN NS        NS.RIPE.NET.
> UG.                     2D IN NS        RIP.PSG.COM.
> 
> (OK, so those are the nameservers we ask next)
> 
> $ dig  at ns.ripe.net. www.eahd.or.ug. any
> $ dig  at rip.psg.com. www.eahd.or.ug. any
> 
> Both of these give:
> ...
> eahd.or.ug.             4H IN NS        eahd.or.ug.
> eahd.or.ug.             4H IN NS        pop.nsrc.org.
> 
> ;; ADDITIONAL SECTION:
> eahd.or.ug.             4H IN A         216.129.132.208
> 
> [note: glue record returned. Is 216.129.132.208 correct?]
> 
> $ dig  at eahd.or.ug. www.eahd.or.ug. any
> [no answer]
> $ dig  at 216.129.132.208 www.eahd.or.ug. any
> [no answer]
> But this address does ping.
> 
> *** Problem: machine 'eahd.or.ug' (216.129.132.208) is listed as nameserver
> *** for the zone 'eahd.or.ug', but is not authoritative (primary or
> *** secondary)
> 
> $ dig  at pop.nsrc.org. www.eahd.or.ug. any
> 
> ;; ANSWER SECTION:
> www.eahd.or.ug.         1D IN CNAME     eahd.or.ug.
> 
> ;; AUTHORITY SECTION:
> eahd.or.ug.             1D IN NS        eahd.or.ug.
> eahd.or.ug.             1D IN NS        pop.nsrc.org.
> 
> ;; ADDITIONAL SECTION:
> eahd.or.ug.             1D IN A         216.129.132.208
> 
> That's OK.
> 
> Now, you are also interested in the reverse zone, so let's try that too:
> 
> $ dig  at a.root-servers.net. 208.132.129.216.in-addr.arpa. any
> ;; AUTHORITY SECTION:
> 132.129.216.IN-ADDR.ARPA.  6D IN NS  DEATHSTAR.KERSUR.NET.
> 132.129.216.IN-ADDR.ARPA.  6D IN NS  SAURON.KERSUR.NET.
> 
> $ dig  at deathstar.kersur.net. 208.132.129.216.in-addr.arpa. any
> $ dig  at deathstar.kersur.net. 208.132.129.216.in-addr.arpa. any
> 
> Both give:
> ;; ANSWER SECTION:
> 208.132.129.216.in-addr.arpa.  1D IN PTR  eahd.or.ug.
> 
> ;; AUTHORITY SECTION:
> 132.129.216.in-addr.arpa.  1D IN NS  dar1.afsat.com.
> 132.129.216.in-addr.arpa.  1D IN NS  sauron.kersur.net.
> 132.129.216.in-addr.arpa.  1D IN NS  deathstar.kersur.net.
> 
> That's fine. There is an additional nameserver listed in the NS records
> within the zone, compared to the two which are delegated from the enclosing
> zone, but that's not a problem as long as it's authoritative as well:
> 
> $ dig  at dar1.afsat.com. 208.132.129.216.in-addr.arpa. any
> [find, gives the same answer]
> 
> So, from the outside, your reverse DNS looks to be configured OK, although
> it violates RFC2182 because the two nameservers are on the same network.
> 
> > It times out on reverse lookups yet I have an entry in the reverse files
> > pointing to eahd.or.ug. However I am not the SOA for the reverse zone
> > just load them from the master server.
> 
> So, you have a problem with _resolving_ DNS names, but I don't understand
> exactly what you are saying.
> 
> You say you "have an entry in the reverse files pointing to eahd.or.ug".
> However, you should not configure _anything_ on your nameserver to be able
> to resolve 216.129.132.* addresses. The caching nameserver will
> automatically find the correct nameservers which have the necessary
> information (following the same process I did manually above).
> 
What I meant is that there is a ptr record in dar1.afsat.com's records
for eahd.or.ug.As for me to make it simple I just set up my machine as a
slave for the zone such that I wouldn't have to keep querying dar1 for my
reverse each time.
> As far as I can tell, machine 'eahd.or.ug' is not running a nameserver at
> all - at least, it is not responding to any DNS queries I send it (or it is
> configured to block queries from outside)
The firewall is fine it allows DNS queries I am using the same one on wawa
which is okay.
this is my resolv.conf
search eahd.or.ug
nameserver 216.129.132.208
> 
> $ nslookup - 216.129.132.208
> Default Server:  eahd.or.ug
> Address:  216.129.132.208
> 
> > psg.com.
> Server:  eahd.or.ug
> Address:  216.129.132.208
> 
> *** Request to eahd.or.ug timed-out
> 
> Hmm. I suggest you have a broken named.conf file, or the cache hints file
> (usually called 'named.root'). Try killing and restarting named, and see if
> any errors are reported in /var/log/messages
 I have no errors reported in the messages file.
> HTH,
> 
> Brian.
> 
thanks,
 Noah



-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a requet to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is mantained by owner-afnog at afnog.org