subject:"\"Unable to query the nameserver\""

Re: Unable to query the nameserver

2010-10-11 Thread Matus UHLAR - fantomas

On 10.10.10 21:03, Doug Barton wrote:
> http://dougbarton.us/DNS/bind-users-FAQ.html#nslookup-evil

nice but I miss there some explanations that were mentioned here, e.g.
it sometimes does not query the server user asks for (iirc)

Something could be reworded. e.g. uses system libraries that could use
/etc/hosts, while host/dig query DNS server directly...

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines. 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-10 Thread Doug Barton


http://dougbarton.us/DNS/bind-users-FAQ.html#nslookup-evil

--

Breadth of IT experience, and|   Nothin' ever doesn't change,
depth of knowledge in the DNS.   |   but nothin' changes much.
Yours for the right price.  :)   |  -- OK Go
http://SupersetSolutions.com/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Kevin Oberman

> Date: Wed, 6 Oct 2010 14:03:56 -0400
> From: "Lightner, Jeff" 
> Sender: bind-users-bounces+oberman=es@lists.isc.org
> 
> Of course some versions of nslookup arent' "standard" even for nslookup.
> The one on HP-UX actually interrogates local /etc/hosts file if
> nsswitch.conf says to use files first.   I got so used to doing that for
> years that when I tried to use nslookup on Linux back in 2005 I was
> miffed because it was "broken" and only looked up from name servers.
> (Someone even had the gall to point out that "ns"lookup was "name
> server" lookup).  :-)
> 
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
> Of Ben McGinnes
> Sent: Wednesday, October 06, 2010 1:52 PM
> To: Kevin Darcy
> Cc: bind-users@lists.isc.org
> Subject: Re: Unable to query the nameserver
> 
> On 7/10/10 4:42 AM, Kevin Darcy wrote:
> >
> > ISC has tried to kill it, but the beast is resilient and won't die.
> 
> Maybe we should call it a wombat then ...
> 
> > Invocations of nslookup are embedded in thousands of legacy scripts
> and
> > some folks are unable or unwilling to change them.
> 
> Nothing quite like coding/sysadmin laziness is there.  Still, I probably
> can't talk on that front.

Invocations of nslookup are embedded in thousands of BROKEN legacy
scripts. nslookup is broken. It gives answers that are, from any sane
point of view, wrong (though right from some other points of view). Most
of the users of those legacy script are completely unaware of this until
it bites them and they either kludge around the case they hit or fix the
scripts to use host (or, very rarely, dig).

Could we maybe replace nslookup(1) with a script which does a host(1) and
and re-formats the output to look like nslookup(1) output. I don;t know
that this would be easy, but it LOOKS like it would be easy.

Yes, I am sure that some script somewhere depends on some "wrong"
response from nslookup, but I can't see keeping nslookup(1) alive as is
for that amazingly unlikely case.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net  Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Unable to query the nameserver

2010-10-06 Thread Lightner, Jeff

Of course some versions of nslookup arent' "standard" even for nslookup.
The one on HP-UX actually interrogates local /etc/hosts file if
nsswitch.conf says to use files first.   I got so used to doing that for
years that when I tried to use nslookup on Linux back in 2005 I was
miffed because it was "broken" and only looked up from name servers.
(Someone even had the gall to point out that "ns"lookup was "name
server" lookup).  :-)

-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Ben McGinnes
Sent: Wednesday, October 06, 2010 1:52 PM
To: Kevin Darcy
Cc: bind-users@lists.isc.org
Subject: Re: Unable to query the nameserver

On 7/10/10 4:42 AM, Kevin Darcy wrote:
>
> ISC has tried to kill it, but the beast is resilient and won't die.

Maybe we should call it a wombat then ...

> Invocations of nslookup are embedded in thousands of legacy scripts
and
> some folks are unable or unwilling to change them.

Nothing quite like coding/sysadmin laziness is there.  Still, I probably
can't talk on that front.

Regards,
Ben

Proud partner. Susan G. Komen for the Cure.

Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Andrey G. Sergeev (AKA Andris)

Hello Kevin,

Wed, 06 Oct 2010 13:42:35 -0400 Kevin Darcy wrote:

> ISC has tried to kill it, but the beast is resilient and won't die.
> Invocations of nslookup are embedded in thousands of legacy scripts
> and some folks are unable or unwilling to change them.

Well said, Kevin! Just have sent some similar thoughts to the list.

-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Ben McGinnes

On 7/10/10 4:42 AM, Kevin Darcy wrote:
>
> ISC has tried to kill it, but the beast is resilient and won't die.

Maybe we should call it a wombat then ...

> Invocations of nslookup are embedded in thousands of legacy scripts and
> some folks are unable or unwilling to change them.

Nothing quite like coding/sysadmin laziness is there.  Still, I probably
can't talk on that front.


Regards,
Ben



signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Andrey G. Sergeev (AKA Andris)

Hello Kevin,

Wed, 06 Oct 2010 07:47:41 -0700 "Kevin Oberman" wrote:

> I keep hoping for a BIND distro that upgrades nslookup(1) to:
>   print STDERR, "nslookup(1) has been replaced by host(1)\n"; exit 0;

Short answer: never.

> I've been wishing that nslookup would go away since back in BIND-v4
> days. I could save a lot of troubleshooting time if I didn't get
> trouble reports based on the use of nslookup that is misleading or
not
> completely bogus.

What about any scripts and tools that rely on the expected behaviour
and output of nslookup? Just think about the amount of such legacy and
sometimes obsolete *but working* software. Who would be responsible for
migration so the newer DNS tools would be used instead of nslookup? :)

Note: I'm not talking about my own scripts and tools (I'm using dig
and/or host whenever possible).

-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Kevin Darcy


On 10/6/2010 11:44 AM, Ben McGinnes wrote:

On 7/10/10 2:09 AM, Kevin Oberman wrote:
   

I can find nothing in the documentation that states such. If I missed
it, I'd appreciate someone pointing me at it.
 

I have some vague memory of seeing messages to that effect when using it
on a Solaris system in around 1999.  I stopped using it around then and
switched to host and dig.

I can't point you to specific documentation (I stopped caring when I
started using dig), but I did find these:

http://cr.yp.to/djbdns/nslookup.html
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html

As far as I'm aware it only hung around because it was available on
Windows NT/2K/etc., while host and dig were not.

   
ISC has tried to kill it, but the beast is resilient and won't die. 
Invocations of nslookup are embedded in thousands of legacy scripts and 
some folks are unable or unwilling to change them.




- Kevin



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Ben McGinnes

On 7/10/10 2:09 AM, Kevin Oberman wrote:
> 
> I can find nothing in the documentation that states such. If I missed
> it, I'd appreciate someone pointing me at it.

I have some vague memory of seeing messages to that effect when using it
on a Solaris system in around 1999.  I stopped using it around then and
switched to host and dig.

I can't point you to specific documentation (I stopped caring when I
started using dig), but I did find these:

http://cr.yp.to/djbdns/nslookup.html
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html

As far as I'm aware it only hung around because it was available on
Windows NT/2K/etc., while host and dig were not.

Regards,
Ben

signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Kevin Oberman

> Date: Thu, 07 Oct 2010 01:53:29 +1100
> From: Ben McGinnes 
> 
> On 7/10/10 1:47 AM, Kevin Oberman wrote:
> > 
> > I keep hoping for a BIND distro that upgrades nslookup(1) to:
> >   print STDERR, "nslookup(1) has been replaced by host(1)\n"; exit 0;
> 
> Wasn't nslookup already deprecated about ten years or so ago?

I can find nothing in the documentation that states such. If I missed
it, I'd appreciate someone pointing me at it.

I quit using nslookup over 16 years ago (since it was before I moved to
my current job) and have an near automatic response of "Could you check
this using 'host'"? Often that is followed by a dig command they can cut
and paste if they are not on Windows.

dig(1) is clearly the ideal choice, but it's really a bit too much for
normal users other than as cut 'n' paste.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net  Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Ben McGinnes

On 7/10/10 1:47 AM, Kevin Oberman wrote:
> 
> I keep hoping for a BIND distro that upgrades nslookup(1) to:
>   print STDERR, "nslookup(1) has been replaced by host(1)\n"; exit 0;

Wasn't nslookup already deprecated about ten years or so ago?


Regards,
Ben



signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Kevin Oberman

> Date: Wed, 06 Oct 2010 10:35:32 -0400
> From: Kevin Darcy 
> Sender: bind-users-bounces+oberman=es@lists.isc.org
> 
> On 10/5/2010 3:49 PM, Dotan Cohen wrote:
> > On Tue, Oct 5, 2010 at 20:30, Eivind Olsen  wrote:
> >
> >>> However, another site that _does_ work (with both nameservers on this
> >>> host, not just ns1) shows the same thing:
> >>>
> >>> # nslookup ns1.sharingserver.eu 178.63.65.136
> >>> Server: 178.63.65.136
> >>> Address:178.63.65.136#53
> >>>
> >>> ** server can't find ns1.sharingserver.eu: NXDOMAIN
> >>>
> >> How do you mean this one is working? It's working just as badly as your
> >> first example.
> >>
> >>  
> > Yes, but typing the domain into Firefox brings up the webpage that
> > I've put on that server!
> >
> >
> >
> You're introducing a bunch of other variables when you use a browser to 
> troubleshoot a DNS resolution problem:
> 1) The browser might have cached the DNS response
> 2) The browser might have cached the web content itself and not be 
> performing DNS lookups
> 3) The browser might be using a PAC (proxy auto-config) file which 
> shuffles the request off to some proxy
> 
> I would suggest sticking to DNS troubleshooting tools to troubleshoot 
> DNS. And dig/host is to be greatly preferred for that purpose over 
> nslookup, which sucks in more ways than I care to list here.

I keep hoping for a BIND distro that upgrades nslookup(1) to:
  print STDERR, "nslookup(1) has been replaced by host(1)\n"; exit 0;

I've been wishing that nslookup would go away since back in BIND-v4
days. I could save a lot of troubleshooting time if I didn't get trouble
reports based on the use of nslookup that is misleading or not
completely bogus.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net  Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-06 Thread Kevin Darcy


On 10/5/2010 3:49 PM, Dotan Cohen wrote:

On Tue, Oct 5, 2010 at 20:30, Eivind Olsen  wrote:
   

However, another site that _does_ work (with both nameservers on this
host, not just ns1) shows the same thing:

# nslookup ns1.sharingserver.eu 178.63.65.136
Server: 178.63.65.136
Address:178.63.65.136#53

** server can't find ns1.sharingserver.eu: NXDOMAIN
   

How do you mean this one is working? It's working just as badly as your
first example.

 

Yes, but typing the domain into Firefox brings up the webpage that
I've put on that server!


   
You're introducing a bunch of other variables when you use a browser to 
troubleshoot a DNS resolution problem:

1) The browser might have cached the DNS response
2) The browser might have cached the web content itself and not be 
performing DNS lookups
3) The browser might be using a PAC (proxy auto-config) file which 
shuffles the request off to some proxy


I would suggest sticking to DNS troubleshooting tools to troubleshoot 
DNS. And dig/host is to be greatly preferred for that purpose over 
nslookup, which sucks in more ways than I care to list here.



- Kevin



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Ben McGinnes

On 6/10/10 6:49 AM, Dotan Cohen wrote:
> On Tue, Oct 5, 2010 at 20:30, Eivind Olsen  wrote:
>>
>> I don't think you've mentioned which OS you're running, and whether you run
>> a bundled or self-compiled version of BIND, so I'm not sure where it puts
>> its logs by default. Do you see _any_ mention of "named" in your
>> /var/log/messages or /var/log/syslog or similar files if you restart BIND?
>> How to restart it depends on your distribution, whether you use bundled BIND
>> etc. It might be "service named restart" on one distribution, and "rndc
>> stop" followed by "/usr/local/sbin/named" on another, or "/etc/rc.d/named
>> restart" on yet another.. And I'm not good at guessing :D
>>
> 
> Sorry, it's CentOS 5.5 and I'm running the distro's packaged bind.
> There are a few Bind messages in /var/log/messages but no errors
> (other than no-start error when I have a bad config).

I'm running CentOS 5.5 too and the default Bind package is
9.3.6-4.P1.el5_4.2.

Dotan, if you run "yum list bind" you can confirm that.


Regards,
Ben



signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 20:30, Eivind Olsen  wrote:
>> However, another site that _does_ work (with both nameservers on this
>> host, not just ns1) shows the same thing:
>>
>> # nslookup ns1.sharingserver.eu 178.63.65.136
>> Server:         178.63.65.136
>> Address:        178.63.65.136#53
>>
>> ** server can't find ns1.sharingserver.eu: NXDOMAIN
>
> How do you mean this one is working? It's working just as badly as your
> first example.
>

Yes, but typing the domain into Firefox brings up the webpage that
I've put on that server!


> I've tried looking up the domain "sharingserver.de" and "sharingserver.eu"
> on both the IP addresses you listed, and in all cases your nameserver
> replies with NXDOMAIN - it doesn't know about those domains.
>
>> I don't see a named or bind log, but messages is clean of such things.
>
> I don't think you've mentioned which OS you're running, and whether you run
> a bundled or self-compiled version of BIND, so I'm not sure where it puts
> its logs by default. Do you see _any_ mention of "named" in your
> /var/log/messages or /var/log/syslog or similar files if you restart BIND?
> How to restart it depends on your distribution, whether you use bundled BIND
> etc. It might be "service named restart" on one distribution, and "rndc
> stop" followed by "/usr/local/sbin/named" on another, or "/etc/rc.d/named
> restart" on yet another.. And I'm not good at guessing :D
>

Sorry, it's CentOS 5.5 and I'm running the distro's packaged bind.
There are a few Bind messages in /var/log/messages but no errors
(other than no-start error when I have a bad config).


> Anyway - if you don't see a single line about "named" in the logs even after
> restarting it, you need to look into fixing that, as I'm guessing BIND is
> then really trying to give you some nice information in the logs but it
> can't..
>

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 16:31, Greg Whynott  wrote:
> its as if they think hackers main source of targets comes from here.    
> doesn't appear to really want any help anyway.
>

Not at all, rather I was trying to learn. I really didn't want anybody
doing the heavy lifting for me. But I've gotten to the point where I
see that I _do_ need that help, and I am not embarrassed to admit it.
I have been posting the real data now.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 11:35, Eivind Olsen  wrote:
> Hm, you mention in another posting that you're hosting other domains. Are
> they using the same registrar as the one that's giving you this error
> message?

Yes.

> Are you _naming_ the nameservers the same? I know some registrars
> require you to first register your nameservers with them, so they can add
> any glue records if needed. I'm just wondering if the error message might
> be misleading.
>

With this particular registrar I have sharingcenter.eu and
sharingcenter.de. The sharingcenter.eu site works fine, it has
ns1.sharingcenter.eu and ns2.sharingcenter.eu working without me
having to explicitly set the "glue".


> But maybe they really can't contact your nameserver. As a few others have
> mentioned, it's hard to help troubleshoot this when you've given no real
> information.
>

Server mercury:
178.63.65.136
178.63.65.171
178.63.65.188

Server venus:
88.198.27.251

ns1.sharingcenter.eu - 178.63.65.136
ns2.sharingcenter.eu - 178.63.65.188

ns1.sharingcenter.de - 178.63.65.171
ns2.sharingcenter.de - 88.198.27.251


> Check your logs on your nameserver. Depending on your OS, it might end up
> in /var/log/messages, /var/adm/messages, or somewhere else entirely (or
> maybe not at all). You should at least see some log-entries when you start
> BIND. The copies of named.conf you listed didn't show any custom logging
> statements.
>

Bind is running as a service (CentOS), and I'm not really sure how to
get it logging.


> Verify nameserver operation, by doing something like this:
>
> # dig any your.troublesome.domain @1.1.1.1
> (replace the domain name + IP-address of your nameserver with the real data)
>
> Do this from multiple places:
> - from the nameserver itself
> - from another server in the same subnet if possible, to avoid routing
> issues etc...:
> - from somewhere outside of your network
>
> If it for example works from the nameserver itself + another server in
> your local network, but doesn't work from an external address, I suggest
> you look at any firewalls / access controls in your network.
>
> You also mentioned you had another domain which worked, on the same
> nameservers. Do the same kind of queries on that as well, from the same
> places.
>
> Let us know how these tests went. And/or post real data so we can check a
> bit for ourselves.
>

✈dcl:~$ dig any sharingserver.de @178.63.65.171

; <<>> DiG 9.6.1-P2 <<>> any sharingserver.de @178.63.65.171
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29311
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sharingserver.de.  IN  ANY

;; AUTHORITY SECTION:
de. 2398IN  SOA f.nic.de.
its.denic.de. 2010100577 7200 7200 360 7200

;; Query time: 228 msec
;; SERVER: 178.63.65.171#53(178.63.65.171)
;; WHEN: Tue Oct  5 21:41:22 2010
;; MSG SIZE  rcvd: 86

✈dcl:~$ dig any sharingserver.eu @178.63.65.136

; <<>> DiG 9.6.1-P2 <<>> any sharingserver.eu @178.63.65.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62696
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sharingserver.eu.  IN  ANY

;; AUTHORITY SECTION:
eu. 600 IN  SOA a.nic.eu.
tech.eurid.eu. 1002851820 3600 1800 360 600

;; Query time: 259 msec
;; SERVER: 178.63.65.136#53(178.63.65.136)
;; WHEN: Tue Oct  5 21:42:02 2010
;; MSG SIZE  rcvd: 87





> Oh, and another thing - you mentioned you were running both nameservers on
> the same server (eth0 and eth0:0). You _are_ aware of what this means, if
> your domain name is only served by a single physical server and that
> server happens to go down some day? Any server _will_ go down sometimes,
> even if you decide to not patch it...

Yes, I am aware of this.

> If it's serving a domain name you care about, I'd _really_ recommend
> having multiple _separate_ nameservers, hosted on separate subnets. There
> are various companies that sell cheap slave-DNS services.
>

The .de domain will be on two separate machines.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 08:48, Chiesa Stefano  wrote:
> Hello Dothan.
> You said: "The working site has both nameservers pointed to that same
> server (on two different IP addresses on eth0 and etho0:0)."
> So the question is "Are you sure you answer to queries on the proper
> interface?"
> Maybe you (for instance) receive a query on eth0:0 (1.1.2.2 ?) but
> answer on eth0 (1.1.1.1 ?)...

Could that be? I'd never considered that! How would I even check that?

> What is your default gateway?
>


[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
### Hetzner Online AG - installimage
# device: eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.136
NETMASK=255.255.255.255
SCOPE="peer 178.63.65.129"
[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
### Hetzner Online AG - installimage
# device: eth0
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.188
NETMASK=255.255.255.192
SCOPE="peer 178.63.65.129"
[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.171
NETMASK=255.255.255.192
SCOPE="peer 178.63.65.129"
[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:2
DEVICE=eth0:2
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.172
NETMASK=255.255.255.192
SCOPE="peer 178.63.65.129"

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Hauke Lampe

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05.10.2010 20:35, Dotan Cohen wrote:

I think the problem is that your two servers return different
answers to the same question:

dig +norec sharingcenter.de ns @178.63.65.171:
> ;; ANSWER SECTION:
> sharingcenter.de. 86400   IN  NS  ns1.sharingcenter.de.
> sharingcenter.de. 86400   IN  NS  ns2.sharingcenter.de.

@88.198.27.251:
> ;; ANSWER SECTION:
> sharingcenter.de. 86400   IN  NS  ns2.sharingcenter.de.

That result matches the two zone files you show, with same SOA serial
number but different content. The comment in the SOA record indicates
that you don't slave the zone to ns2 and instead edit two distinct zone
files.

Either sync the zone files or set up the second server as slave and you
should be fine. You can check with DeNIC's pre-delegation test here:
http://nast.denic.de/

Hauke.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyre6AACgkQKIgAG9lfHFPGDwCfQo8RjhJNYYA6WG/9iAII0z9c
Yg8AoJRoCOnRQqYpTY60QdDvi12MeFf7
=AVXa
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 02:47, Noel Butler  wrote:
> apart from my dig for you not giving real information..
>
> On Mon, 2010-10-04 at 23:08 +0200, Dotan Cohen wrote:
>
>
> // On 1.1.1.1
> [r...@1.1.1.1]# cat /etc/named.conf
> options {
> directory "/etc";
>
>
> Why are you specifying /etc here?
> I suggest you use  /var/named
>

Thanks. I'm not sure where I got that from, this is an Frankenshein's
monster of bits that I've been googling!


>    pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
>
> zone "." {
> type hint;
>     file "/etc/db.cache";
>
> remove /etc/
>

I did not realize that a relative path would work.


> };
>
> zone "example.de" {
> type master;
> file "/var/named/example.de.hosts";
>
>
> only need the file name (so long as you correct the options statement

Makes sense!


>
> notify yes;
> allow-query { any; };
>     };
>
>
> who are you notifying?

I added that at some "throwing more lines of code at the file" attempt
to get this working...

> where is..
>     allow-transfer { remotedns; };
>

I did not know that I need it.


>
> zone "example.eu" {
> type master;
> file "/var/named/example.eu.hosts";
>     };
>
> correct as above for who to transfer to
>

Well, this one works properly so I don't want to touch it!

> [r...@1.1.1.1]# cat /var/named/example.de.hosts
> $ORIGIN example.de.
> $TTL 86400
> example.de. IN  SOA example.de. foo.example.de. (
>
> replace example.de.   with  @
>

Will do.

>     2010100401; Serial - increment me
> 10800
> 3600
> 604800
> 38400 )
>IN  NSns1.example.de.
>    IN  NS    ns2.example.de.
>
> no MX record?
>

Not yet, I'll tackle that later.

>IN  A 1.1.1.1
> wwwIN  A 1.1.1.1
> ns1IN  A 1.1.1.1
> ns2IN  A 1.1.2.2
>
>
>
>
> // On 1.1.2.2
> [r...@1.1.2.2]# cat /etc/named.conf
>
> fix up as above
>

Right.

> options {
> directory "/etc";
> pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
>
>
>
> zone "." {
> type hint;
> file "/etc/db.cache";
> };
>
> zone "example.de" {
> type slave;
> masters { 1.1.1.1; };
> allow-update { 1.1.1.1; };
>
>     ^  not needed
>

Thanks.

>     file "/var/named/example.de.hosts";
> notify yes;
>
>       remove
>

Thanks.

> allow-query { any; };
>
> ya got one right :)
>

Pure luck, I assure you!

>     allow-notify { 1.1.2.2; };
>     };
>
> remove
>

Right.

> [r...@1.1.2.2]# cat /var/named/example.de.hosts
>
>
> irrelevant since it gets this from master
>

I did think that was the case, thanks.

> Of course, when I make a change to a hosts file I increment the serial
> number and restart bind. I also restart bind after making a change to
>
> 'rndc reload'   is all u need to do
>

Nice, thanks.

> named.conf. What am I doing wrong? Thanks!
>
> once you tell us your real domains and NS's, maybe, just maybe we can help
> more
>

Server mercury:
178.63.65.136
178.63.65.171
178.63.65.188

Server venus:
88.198.27.251

ns1.sharingcenter.eu - 178.63.65.136
ns2.sharingcenter.eu - 178.63.65.188

ns1.sharingcenter.de - 178.63.65.171
ns2.sharingcenter.de - 88.198.27.251



-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Lyle Giese

Andrey G. Sergeev (AKA Andris) wrote:
> Hello Dotan,
>
>
> Tue, 5 Oct 2010 20:35:24 +0200 Dotan Cohen wrote:
>
>   
>> The two domains names are sharingcenter.eu and sharingcenter.de. The
>> eu domain has ns1 and ns2 on the same server (IP addresses
>> 178.63.65.136 and 178.63.65.188) and works fine. The de domain has
>> ns1 on this same server (IP address 178.63.65.171) but ns2 on a
>> different server (IP address 88.198.21.168).
>> 
>
> The commands
>
> dig @178.63.65.171 sharingcenter.de. soa +norec +short
> dig @88.198.21.168 sharingcenter.de. soa +norec +short
>
> were done without any delays or errors from my location so the UDP
> connections from the external hosts are fine too. If you still
> experience troubles while working with the registrar control panel you
> should consult with their support.
>
>
>   
Eurodns is currently autoritative for sharingcenter.de domain. If he
wants to move the dns to his new servers and IP addresses, he needs to
create proper A records for ns1 and ns2.sharingcenter.de at eurodns
first. Eurodns won't let him move the dns until the new servers answer
properly. However they are not querying the ip addresses he is inputing
but the current A records eurodns returns when asking about ns1 or
ns2.sharingcenter.de. Those queries appear to be returning a wild card
entry of 80.92.66.130 for ns1 and ns2.sharingcenter.de. There is no name
server answering at 80.92.66.130 and thus Eurodns reports that name
server is not answering.

Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Andrey G. Sergeev (AKA Andris)

Hello Dotan,

Tue, 5 Oct 2010 20:35:24 +0200 Dotan Cohen wrote:

> The two domains names are sharingcenter.eu and sharingcenter.de. The
> eu domain has ns1 and ns2 on the same server (IP addresses
> 178.63.65.136 and 178.63.65.188) and works fine. The de domain has
> ns1 on this same server (IP address 178.63.65.171) but ns2 on a
> different server (IP address 88.198.21.168).

The commands

dig @178.63.65.171 sharingcenter.de. soa +norec +short
dig @88.198.21.168 sharingcenter.de. soa +norec +short

were done without any delays or errors from my location so the UDP
connections from the external hosts are fine too. If you still
experience troubles while working with the registrar control panel you
should consult with their support.

-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 02:35, Noel Butler  wrote:
> Quite right, too many people with paranoia come here looking for help but
> refuse to let us do correct remote testing.
> First post was 7.08am local, its 3 /12 hours later and we still have no real
> info, had it been supplied his problem may been identified and resolved 3
> hours ago.
>

No paranoia at all! Actually, just a few minutes ago I did post the
corrent info, I saw that I wasn't getting very far with this whole
learning thing! :)

The two domains names are sharingcenter.eu and sharingcenter.de. The
eu domain has ns1 and ns2 on the same server (IP addresses
178.63.65.136 and 178.63.65.188) and works fine. The de domain has ns1
on this same server (IP address 178.63.65.171) but ns2 on a different
server (IP address 88.198.21.168).

The  178.63.65.* machine has these files:

On the machine intended for
[r...@mercury ~]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "sharingcenter.de" {
type master;
file "/var/named/sharingcenter.de.hosts";
notify yes;
allow-query { any; };
};
zone "sharingcenter.eu" {
type master;
file "/var/named/sharingcenter.eu.hosts";
};
[r...@mercury ~]# cat /var/named/sharingcenter.de.hosts
$ORIGIN sharingcenter.de.
$TTL 86400
sharingcenter.de. IN  SOA sharingcenter.de. foo.sharingcenter.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.sharingcenter.de.
   IN  NSns2.sharingcenter.de.
   IN  A 178.63.65.171
wwwIN  A 178.63.65.171
ns1IN  A 178.63.65.171
ns2IN  A 88.198.21.168
[r...@mercury ~]# cat /var/named/sharingcenter.eu.hosts
$ORIGIN sharingcenter.eu.
$TTL 86400
sharingcenter.eu. IN  SOAsharingcenter.eu. foo.sharingcenter.eu. (
2010092801; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.sharingcenter.eu.
   IN  NSns2.sharingcenter.eu.
   IN  A 178.63.65.136
   IN  A 178.63.65.188
wwwIN  A 178.63.65.136
wwwIN  A 178.63.65.188
ns1IN  A 178.63.65.136
ns2IN  A 178.63.65.188
[r...@mercury ~]#


The 88.198.21.168 machine has these files:

[r...@venus ~]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "sharingcenter.de" {
type slave;
masters { 178.63.65.171; };
allow-update { 178.63.65.171; };
file "/var/named/sharingcenter.de.hosts";
notify yes;
allow-query { any; };
allow-notify { 88.198.21.168; };
};
[r...@venus ~]# cat /var/named/sharingcenter.de.hosts
$ORIGIN sharingcenter.de.
$TTL 86400
sharingcenter.de. IN  SOA sharingcenter.de. foo.sharingcenter.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.sharingcenter.de.
ns2IN  A 88.198.21.168
[r...@venus ~]#

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Andrey G. Sergeev (AKA Andris)

Hello Dotan,

Tue, 5 Oct 2010 20:20:02 +0200 Dotan Cohen wrote:

>> Can you successfuly telnet port 53 from an external host?
> 
> Yes, but it's only a connection. I don't see any output. That' me
> typing "helo":
> 
> $ telnet 178.63.65.136 53
> Trying 178.63.65.136...
> Connected to 178.63.65.136.
> Escape character is '^]'.
> helo
> USER test
> ^C^C
> Connection closed by foreign host.

The DNS protocol has no human-readable verbs. The fact that you can
connect to the port 53 from the external location indicates that the
TCP connections aren't blocked. But DNS uses TCP only in a limited
number of cases - most time the UDP protocol is being used for queries.

So you must verify that you _can_ query your server for something like
this:

dig @server-name-or-ip example.de. soa +norec

-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Eivind Olsen

--On 5. oktober 2010 20.20.02 +0200 Dotan Cohen  
wrote:

Yes, but it's only a connection. I don't see any output. That' me typing
"helo":

$ telnet 178.63.65.136 53
Trying 178.63.65.136...
Connected to 178.63.65.136.
Escape character is '^]'.
helo
USER test
^C^C
Connection closed by foreign host.


DNS isn't a clear-text protocol (unlike POP3, SMTP etc), so that's fine. It 
won't display a banner or anything.



From googling I see that I must start Bind with the -g option to

enable logging, but I must be doing it wrong as it's still not
logging:
# service named restart -g


The "-g" option is to get debug output. I doubt that works nicely with the 
"service" command. Running RedHat?

I don't have a RedHat system in front of me... but.. you could try:

# service named stop
# /usr/sbin/named -g

..and see if that works at all.

Regards
Eivind Olsen

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Eivind Olsen

--On 5. oktober 2010 20.07.57 +0200 Dotan Cohen  
wrote:

# nslookup ns1.sharingserver.de 178.63.65.171
Server: 178.63.65.171
Address:178.63.65.171#53

** server can't find ns1.sharingserver.de: NXDOMAIN


In this case, you're trying to look up ns1.sharingserver.de on the 
nameserver on 178.63.65.171.



However, another site that _does_ work (with both nameservers on this
host, not just ns1) shows the same thing:

# nslookup ns1.sharingserver.eu 178.63.65.136
Server: 178.63.65.136
Address:178.63.65.136#53

** server can't find ns1.sharingserver.eu: NXDOMAIN


How do you mean this one is working? It's working just as badly as your 
first example.


I've tried looking up the domain "sharingserver.de" and "sharingserver.eu" 
on both the IP addresses you listed, and in all cases your nameserver 
replies with NXDOMAIN - it doesn't know about those domains.



I don't see a named or bind log, but messages is clean of such things.


I don't think you've mentioned which OS you're running, and whether you run 
a bundled or self-compiled version of BIND, so I'm not sure where it puts 
its logs by default. Do you see _any_ mention of "named" in your 
/var/log/messages or /var/log/syslog or similar files if you restart BIND?
How to restart it depends on your distribution, whether you use bundled 
BIND etc. It might be "service named restart" on one distribution, and 
"rndc stop" followed by "/usr/local/sbin/named" on another, or 
"/etc/rc.d/named restart" on yet another.. And I'm not good at guessing :D


Anyway - if you don't see a single line about "named" in the logs even 
after restarting it, you need to look into fixing that, as I'm guessing 
BIND is then really trying to give you some nice information in the logs 
but it can't..


Regards
Eivind Olsen

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 01:03, Nuno Paquete  wrote:
> Can you successfuly telnet port 53 from an external host?

Yes, but it's only a connection. I don't see any output. That' me typing "helo":

$ telnet 178.63.65.136 53
Trying 178.63.65.136...
Connected to 178.63.65.136.
Escape character is '^]'.
helo
USER test
^C^C
Connection closed by foreign host.


> Have you seen your logs? There must be something logged.
>

>From googling I see that I must start Bind with the -g option to
enable logging, but I must be doing it wrong as it's still not
logging:
# service named restart -g



-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Mon, Oct 4, 2010 at 23:37, Greg Whynott  wrote:
> someone with way more bind clues than I would be able to give you a better 
> answer.    the error returned begs two questions..
>
> 1. is this server behind or running a local firewall?
> 2. is bind actually listening on the proper interface?
>
> you could confirm #2 by typing 'nslookup ns1.example.de 1.1.1.1'  where 
> 1.1.1.1 is the ip of the local machine(you could even do this on another 
> machine,  its telling the resolver to use 1.1.1.1 as the name server for 
> initial queries,  if it works internally,  try an exterior machine to run the 
> command on).  it should return your A RR.  also you could try typing " 
> netstat -an | grep \:53\ | grep LIST " and see if its listening on the proper 
> interface.
>

It is listening on the right port, but it's not looking up properly I think:

# nslookup ns1.sharingserver.de 178.63.65.171
Server: 178.63.65.171
Address:178.63.65.171#53

** server can't find ns1.sharingserver.de: NXDOMAIN



However, another site that _does_ work (with both nameservers on this
host, not just ns1) shows the same thing:

# nslookup ns1.sharingserver.eu 178.63.65.136
Server: 178.63.65.136
Address:178.63.65.136#53

** server can't find ns1.sharingserver.eu: NXDOMAIN

Note that both the 171 and 136 addresses are on the same hardware
(eth0 and eth0:1)


> do the logs complain about any zones?  something like "not loading zone X"..
>

I don't see a named or bind log, but messages is clean of such things.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 01:14, Nuno Paquete  wrote:
> Are your servers running virtualized?
>

No, it's real hardware!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Greg Whynott

its as if they think hackers main source of targets comes from here.doesn't 
appear to really want any help anyway.  

-g



On Oct 4, 2010, at 8:35 PM, Noel Butler wrote:

> On Mon, 2010-10-04 at 17:29 -0500, Lyle Giese wrote:
>> Dotan Cohen wrote: 
> 
>>> The ports aren't blocked as another site (example.eu) hosted on the
>>> 1.1.1.1 server works fine. The working site has both nameservers
>>> pointed to that same server (on two different IP addresses on eth0 and
>>> etho0:0). Only the example.de site which has one nameserver on the
>>> 1.1.1.1 machine and the second nameserver on 1.1.2.2 is giving me a
>>> headache.
>>> 
>>> 
>>>   
>> I would like to help but since you are refusing to post the real ip address 
>> or the real hostnames or the real domain names involved, I can not.  I could 
>> do some testing from here to see if your firewall was configured correctly 
>> or what the view was from outside your network.  But I can not.  
>> 
> 
> Quite right, too many people with paranoia come here looking for help but 
> refuse to let us do correct remote testing.
> First post was 7.08am local, its 3 /12 hours later and we still have no real 
> info, had it been supplied his problem may been identified and resolved 3 
> hours ago.
> 
> 
> 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Christopher Cain

Dotan - Are zone transfers working correctly between ns1 & ns2?  Although
you have ns2 defined as a slave to ns1, your cat output of the zone on ns2
shows a zone with contents different from the master.  The slave zone is
missing a host record for ns1.  Is it possible the system trying to resolve
ns1 is querying ns2?

Christopher Cain
E: ch...@christophercain.ca
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Eivind Olsen

> but when I try to configure
> my domain name in the registrar's control panel I get this error:
> """
> Error : Unable to query the nameserver ns1.example.de
> """

Hm, you mention in another posting that you're hosting other domains. Are
they using the same registrar as the one that's giving you this error
message? Are you _naming_ the nameservers the same? I know some registrars
require you to first register your nameservers with them, so they can add
any glue records if needed. I'm just wondering if the error message might
be misleading.

But maybe they really can't contact your nameserver. As a few others have
mentioned, it's hard to help troubleshoot this when you've given no real
information.

Check your logs on your nameserver. Depending on your OS, it might end up
in /var/log/messages, /var/adm/messages, or somewhere else entirely (or
maybe not at all). You should at least see some log-entries when you start
BIND. The copies of named.conf you listed didn't show any custom logging
statements.

Verify nameserver operation, by doing something like this:

# dig any your.troublesome.domain @1.1.1.1
(replace the domain name + IP-address of your nameserver with the real data)

Do this from multiple places:
- from the nameserver itself
- from another server in the same subnet if possible, to avoid routing
issues etc...:
- from somewhere outside of your network

If it for example works from the nameserver itself + another server in
your local network, but doesn't work from an external address, I suggest
you look at any firewalls / access controls in your network.

You also mentioned you had another domain which worked, on the same
nameservers. Do the same kind of queries on that as well, from the same
places.

Let us know how these tests went. And/or post real data so we can check a
bit for ourselves.

Oh, and another thing - you mentioned you were running both nameservers on
the same server (eth0 and eth0:0). You _are_ aware of what this means, if
your domain name is only served by a single physical server and that
server happens to go down some day? Any server _will_ go down sometimes,
even if you decide to not patch it...
If it's serving a domain name you care about, I'd _really_ recommend
having multiple _separate_ nameservers, hosted on separate subnets. There
are various companies that sell cheap slave-DNS services.

Regards
Eivind Olsen


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

R: Unable to query the nameserver

2010-10-04 Thread Chiesa Stefano

On Mon, Oct 4, 2010 at 23:20, Andrey G. Sergeev (AKA Andris)
 wrote:
> Hi Dotan!
>

Hello hello!

> You might be blocking 53/udp and (or) 53/tcp port. Try to query your
> problematic server from some other location rather than the site this
> server is installed on.
>

The ports aren't blocked as another site (example.eu) hosted on the
1.1.1.1 server works fine. The working site has both nameservers
pointed to that same server (on two different IP addresses on eth0 and
etho0:0). Only the example.de site which has one nameserver on the
1.1.1.1 machine and the second nameserver on 1.1.2.2 is giving me a
headache.

Hello Dothan.
You said: "The working site has both nameservers pointed to that same
server (on two different IP addresses on eth0 and etho0:0)."
So the question is "Are you sure you answer to queries on the proper
interface?"
Maybe you (for instance) receive a query on eth0:0 (1.1.2.2 ?) but
answer on eth0 (1.1.1.1 ?)...
What is your default gateway? 

Ciao.
Stefano.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Andrey G. Sergeev (AKA Andris)

Hi Imran,


Mon, 4 Oct 2010 20:33:02 -0400 "Imran" wrote:

> Sounds like a resolv.conf issue ... make sure that you have an
> entry in the resolv.conf file that maps ns1.example.de to 1.1.1.1
> and ns2.example.de to 1.1.2.2

You're wrong. The resolv.conf file has nothing to do with
hostname-to-IP or vice versa mapping. Such mapping is a function of the
hosts file.

Regardless of the file name there is nothing to fix by setting some
"mappings".

> -Original Message-
> From: bind-users-bounces+imran=netwave...@lists.isc.org
> [mailto:bind-users-bounces+imran=netwave...@lists.isc.org] On Behalf
> Of Dotan Cohen
> Sent: Monday, October 04, 2010 5:09 PM
> To: bind-users@lists.isc.org
> Subject: Unable to query the nameserver
> 
> I am configuring BIND on two servers: ns1.example.de on a server
> with IP address 1.1.1.1 and ns2.example.de on a server with IP
> address 1.1.2.2. BIND starts fine on both servers, but when I try
> to configure my domain name in the registrar's control panel I get
> this error:
> """
> Error : Unable to query the nameserver ns1.example.de
> """
> 
> Of course I have been googling this for hours and I've been reading
> BIND manuals for about two weeks now! I'm really stuck. Here are my
> configuration files:
> 
> // On 1.1.1.1
> [r...@1.1.1.1]# cat /etc/named.conf
> options {
> directory "/etc";
> pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
> 
> zone "." {
> type hint;
> file "/etc/db.cache";
> };
> 
> zone "example.de" {
> type master;
> file "/var/named/example.de.hosts";
> notify yes;
> allow-query { any; };
> };
> zone "example.eu" {
> type master;
> file "/var/named/example.eu.hosts";
> };
> [r...@1.1.1.1]# cat /var/named/example.de.hosts
> $ORIGIN example.de.
> $TTL 86400
> example.de. IN  SOA example.de. foo.example.de. (
> 2010100401; Serial - increment me
> 10800
> 3600
> 604800
> 38400 )
>IN  NSns1.example.de.
>IN  NSns2.example.de.
>IN  A 1.1.1.1
> wwwIN  A 1.1.1.1
> ns1IN  A 1.1.1.1
> ns2IN  A 1.1.2.2
> 
> 
> 
> 
> // On 1.1.2.2
> [r...@1.1.2.2]# cat /etc/named.conf
> options {
> directory "/etc";
> pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
> 
> zone "." {
> type hint;
> file "/etc/db.cache";
> };
> 
> zone "example.de" {
> type slave;
> masters { 1.1.1.1; };
> allow-update { 1.1.1.1; };
> file "/var/named/example.de.hosts";
> notify yes;
> allow-query { any; };
> allow-notify { 1.1.2.2; };
> };
> [r...@1.1.2.2]# cat /var/named/example.de.hosts
> $ORIGIN example.de.
> $TTL 86400
> example.de. IN  SOA example.de. foo.example.de. (
> 2010100401; Serial - increment me
> 10800
> 3600
> 604800
> 38400 )
>IN  NSns2.example.de.
> ns2IN  A 1.1.2.2
> 
> 
> 
> 
> Of course, when I make a change to a hosts file I increment the
> serial number and restart bind. I also restart bind after making a
> change to named.conf. What am I doing wrong? Thanks!


-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Noel Butler

apart from my dig for you not giving real information..

On Mon, 2010-10-04 at 23:08 +0200, Dotan Cohen wrote:


> 
> // On 1.1.1.1
> [r...@1.1.1.1]# cat /etc/named.conf
> options {
> directory "/etc";
>  


Why are you specifying /etc here?
I suggest you use  /var/named


>pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
> 
> zone "." {
> type hint;
> file "/etc/db.cache";


remove /etc/

> };
> 
> zone "example.de" {
> type master;
> file "/var/named/example.de.hosts";
> 


only need the file name (so long as you correct the options statement

> notify yes;
> allow-query { any; };
> };



who are you notifying?
where is..
allow-transfer { remotedns; };



> zone "example.eu" {
> type master;
> file "/var/named/example.eu.hosts";
> };


correct as above for who to transfer to


> [r...@1.1.1.1]# cat /var/named/example.de.hosts
> $ORIGIN example.de.
> $TTL 86400
> example.de. IN  SOA example.de. foo.example.de. (

replace example.de.   with  @

> 2010100401; Serial - increment me
> 10800
> 3600
> 604800
> 38400 )
>IN  NSns1.example.de.
>IN  NSns2.example.de.


no MX record?


>IN  A 1.1.1.1
> wwwIN  A 1.1.1.1
> ns1IN  A 1.1.1.1
> ns2IN  A 1.1.2.2
> 
> 
> 
> 
> // On 1.1.2.2
> [r...@1.1.2.2]# cat /etc/named.conf

fix up as above


> options {
> directory "/etc";
> pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
> 




> zone "." {
> type hint;
> file "/etc/db.cache";
> };
> 
> zone "example.de" {
> type slave;
> masters { 1.1.1.1; };
> allow-update { 1.1.1.1; };

^  not needed


> file "/var/named/example.de.hosts";
> notify yes;

  remove


> allow-query { any; };

ya got one right :)


> allow-notify { 1.1.2.2; };
> };

remove


> [r...@1.1.2.2]# cat /var/named/example.de.hosts



irrelevant since it gets this from master



> 
> 
> 
> Of course, when I make a change to a hosts file I increment the serial
> number and restart bind. I also restart bind after making a change to


'rndc reload'   is all u need to do


> named.conf. What am I doing wrong? Thanks!
> 

once you tell us your real domains and NS's, maybe, just maybe we can
help more

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Unable to query the nameserver

2010-10-04 Thread Imran

Sounds like a resolv.conf issue ... make sure that you have an entry in the
resolv.conf file that maps ns1.example.de to 1.1.1.1 and ns2.example.de to
1.1.2.2



-Original Message-
From: bind-users-bounces+imran=netwave...@lists.isc.org
[mailto:bind-users-bounces+imran=netwave...@lists.isc.org] On Behalf Of
Dotan Cohen
Sent: Monday, October 04, 2010 5:09 PM
To: bind-users@lists.isc.org
Subject: Unable to query the nameserver

I am configuring BIND on two servers: ns1.example.de on a server with
IP address 1.1.1.1 and ns2.example.de on a server with IP address
1.1.2.2. BIND starts fine on both servers, but when I try to configure
my domain name in the registrar's control panel I get this error:
"""
Error : Unable to query the nameserver ns1.example.de
"""

Of course I have been googling this for hours and I've been reading
BIND manuals for about two weeks now! I'm really stuck. Here are my
configuration files:

// On 1.1.1.1
[r...@1.1.1.1]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type master;
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
};
zone "example.eu" {
type master;
file "/var/named/example.eu.hosts";
};
[r...@1.1.1.1]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.example.de.
   IN  NSns2.example.de.
   IN  A 1.1.1.1
wwwIN  A 1.1.1.1
ns1IN  A 1.1.1.1
ns2IN  A 1.1.2.2




// On 1.1.2.2
[r...@1.1.2.2]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type slave;
masters { 1.1.1.1; };
allow-update { 1.1.1.1; };
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
allow-notify { 1.1.2.2; };
};
[r...@1.1.2.2]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.example.de.
ns2IN  A 1.1.2.2




Of course, when I make a change to a hosts file I increment the serial
number and restart bind. I also restart bind after making a change to
named.conf. What am I doing wrong? Thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Noel Butler

On Mon, 2010-10-04 at 17:29 -0500, Lyle Giese wrote:

> Dotan Cohen wrote: 



> > The ports aren't blocked as another site (example.eu) hosted on the
> > 1.1.1.1 server works fine. The working site has both nameservers
> > pointed to that same server (on two different IP addresses on eth0 and
> > etho0:0). Only the example.de site which has one nameserver on the
> > 1.1.1.1 machine and the second nameserver on 1.1.2.2 is giving me a
> > headache.
> > 
> > 
> >   
> 
> I would like to help but since you are refusing to post the real ip
> address or the real hostnames or the real domain names involved, I can
> not.  I could do some testing from here to see if your firewall was
> configured correctly or what the view was from outside your network.
> But I can not.  
> 


Quite right, too many people with paranoia come here looking for help
but refuse to let us do correct remote testing.
First post was 7.08am local, its 3 /12 hours later and we still have no
real info, had it been supplied his problem may been identified and
resolved 3 hours ago.


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Unable to query the nameserver

2010-10-04 Thread Imri Zvik

You should first verify that you see the packets arriving to ns1.example.de
- tcpdump should do the work.
Then, enable the query log and ensure that BIND sees the query.
Again, the logs are your friends.


-Original Message-
From: Dotan Cohen [mailto:dotanco...@gmail.com] 
Sent: Monday, October 04, 2010 11:09 PM
To: bind-users@lists.isc.org
Subject: Unable to query the nameserver

I am configuring BIND on two servers: ns1.example.de on a server with
IP address 1.1.1.1 and ns2.example.de on a server with IP address
1.1.2.2. BIND starts fine on both servers, but when I try to configure
my domain name in the registrar's control panel I get this error:
"""
Error : Unable to query the nameserver ns1.example.de
"""

Of course I have been googling this for hours and I've been reading
BIND manuals for about two weeks now! I'm really stuck. Here are my
configuration files:

// On 1.1.1.1
[r...@1.1.1.1]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type master;
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
};
zone "example.eu" {
type master;
file "/var/named/example.eu.hosts";
};
[r...@1.1.1.1]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.example.de.
   IN  NSns2.example.de.
   IN  A 1.1.1.1
wwwIN  A 1.1.1.1
ns1IN  A 1.1.1.1
ns2IN  A 1.1.2.2




// On 1.1.2.2
[r...@1.1.2.2]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type slave;
masters { 1.1.1.1; };
allow-update { 1.1.1.1; };
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
allow-notify { 1.1.2.2; };
};
[r...@1.1.2.2]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.example.de.
ns2IN  A 1.1.2.2




Of course, when I make a change to a hosts file I increment the serial
number and restart bind. I also restart bind after making a change to
named.conf. What am I doing wrong? Thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Nuno Paquete


Are your servers running virtualized?

No dia 2010/10/04, às 23:56, "Dotan Cohen"   
escreveu:


On Mon, Oct 4, 2010 at 23:37, Greg Whynott   
wrote:
someone with way more bind clues than I would be able to give you a  
better answer.the error returned begs two questions..


1. is this server behind or running a local firewall?


No.


2. is bind actually listening on the proper interface?



Yes


--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Dotan Cohen

On Tue, Oct 5, 2010 at 00:29, Lyle Giese  wrote:
> I would like to help but since you are refusing to post the real ip address
> or the real hostnames or the real domain names involved, I can not.  I could
> do some testing from here to see if your firewall was configured correctly
> or what the view was from outside your network.  But I can not.
>

Thanks Lyle for the offer. Actually, I would very much appreciate if
you should me what to check so that I might do it myself. Although my
concern is in fact to get this configured, my goal is to learn and I'm
at a loss for which tools/commands to use to check that. How would you
go about it?

> You appear to be posting sanitized portions of named.conf, so we can not
> tell if you have a typo in there that would cause this problem.

I assure you that a typo in the domain name or IP address is not the
issue, nor a missing period after the domain name. I've gone over
that!

> You may
> also be bypassing a firewall misconfiguration because of your testing
> methods, but we can not tell as you are not posting the real IP addresses.

No firewall at this stage.

> Even though the ip addresses involved are registered for web and dns
> services that should be availible to the world anyway.
>

Yes, of course, I have no illusions that they might be hidden!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Nuno Paquete


Can you successfuly telnet port 53 from an external host?
Have you seen your logs? There must be something logged.

No dia 2010/10/04, às 23:56, "Dotan Cohen"   
escreveu:


On Mon, Oct 4, 2010 at 23:37, Greg Whynott   
wrote:
someone with way more bind clues than I would be able to give you a  
better answer.the error returned begs two questions..


1. is this server behind or running a local firewall?


No.


2. is bind actually listening on the proper interface?



Yes


--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Dotan Cohen

On Mon, Oct 4, 2010 at 23:37, Greg Whynott  wrote:
> someone with way more bind clues than I would be able to give you a better 
> answer.    the error returned begs two questions..
>
> 1. is this server behind or running a local firewall?

No.

> 2. is bind actually listening on the proper interface?
>

Yes


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Andrey G. Sergeev (AKA Andris)

Mon, 4 Oct 2010 23:41:13 +0200 Dotan Cohen wrote:

>> You might be blocking 53/udp and (or) 53/tcp port. Try to query
>> your problematic server from some other location rather than the
>> site this server is installed on.
>>
> 
> The ports aren't blocked as another site (example.eu) hosted on
> the 1.1.1.1 server works fine. The working site has both
> nameservers pointed to that same server (on two different IP
> addresses on eth0 and etho0:0). Only the example.de site which has
> one nameserver on the 1.1.1.1 machine and the second nameserver on
> 1.1.2.2 is giving me a headache.

It may be the zone transfer issue - the DENIC might want to trasfer the
zone example.de and your server at 1.1.1.1 has been configured to deny
these attempts originated from the unknown IPs. Grep your BIND log for
any error messages related to 'example.de'.

-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Lyle Giese

Dotan Cohen wrote:
> On Mon, Oct 4, 2010 at 23:20, Andrey G. Sergeev (AKA Andris)
>  wrote:
>   
>> Hi Dotan!
>>
>> 
>
> Hello hello!
>
>   
>> You might be blocking 53/udp and (or) 53/tcp port. Try to query your
>> problematic server from some other location rather than the site this
>> server is installed on.
>>
>> 
>
> The ports aren't blocked as another site (example.eu) hosted on the
> 1.1.1.1 server works fine. The working site has both nameservers
> pointed to that same server (on two different IP addresses on eth0 and
> etho0:0). Only the example.de site which has one nameserver on the
> 1.1.1.1 machine and the second nameserver on 1.1.2.2 is giving me a
> headache.
>
>
>   
I would like to help but since you are refusing to post the real ip
address or the real hostnames or the real domain names involved, I can
not. I could do some testing from here to see if your firewall was
configured correctly or what the view was from outside your network. But
I can not.

You appear to be posting sanitized portions of named.conf, so we can not
tell if you have a typo in there that would cause this problem. You may
also be bypassing a firewall misconfiguration because of your testing
methods, but we can not tell as you are not posting the real IP
addresses. Even though the ip addresses involved are registered for web
and dns services that should be availible to the world anyway.

Lyle Giese
LCR Computer Services, Inc.


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Dotan Cohen

On Mon, Oct 4, 2010 at 23:20, Andrey G. Sergeev (AKA Andris)
 wrote:
> Hi Dotan!
>

Hello hello!

> You might be blocking 53/udp and (or) 53/tcp port. Try to query your
> problematic server from some other location rather than the site this
> server is installed on.
>

The ports aren't blocked as another site (example.eu) hosted on the
1.1.1.1 server works fine. The working site has both nameservers
pointed to that same server (on two different IP addresses on eth0 and
etho0:0). Only the example.de site which has one nameserver on the
1.1.1.1 machine and the second nameserver on 1.1.2.2 is giving me a
headache.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Unable to query the nameserver

2010-10-04 Thread Greg Whynott

someone with way more bind clues than I would be able to give you a better 
answer.the error returned begs two questions..

1. is this server behind or running a local firewall?
2. is bind actually listening on the proper interface?

you could confirm #2 by typing 'nslookup ns1.example.de 1.1.1.1'  where 1.1.1.1 
is the ip of the local machine(you could even do this on another machine,  its 
telling the resolver to use 1.1.1.1 as the name server for initial queries,  if 
it works internally,  try an exterior machine to run the command on).  it 
should return your A RR.  also you could try typing " netstat -an | grep \:53\ 
| grep LIST " and see if its listening on the proper interface.  

do the logs complain about any zones?  something like "not loading zone X"..

good luck with things,
-g



From:
Sent: Monday, October 04, 2010 5:08 PM
To: bind-users@lists.isc.org
Subject: Unable to query the nameserver

I am configuring BIND on two servers: ns1.example.de on a server with
IP address 1.1.1.1 and ns2.example.de on a server with IP address
1.1.2.2. BIND starts fine on both servers, but when I try to configure
my domain name in the registrar's control panel I get this error:
"""
Error : Unable to query the nameserver ns1.example.de
"""

Of course
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-04 Thread Andrey G. Sergeev (AKA Andris)

Hi Dotan!

Mon, 4 Oct 2010 23:08:43 +0200 Dotan Cohen wrote:

> I am configuring BIND on two servers: ns1.example.de on a server with
> IP address 1.1.1.1 and ns2.example.de on a server with IP address
> 1.1.2.2. BIND starts fine on both servers, but when I try to
> configure
> my domain name in the registrar's control panel I get this error:
> """
> Error : Unable to query the nameserver ns1.example.de

[...]

You might be blocking 53/udp and (or) 53/tcp port. Try to query your
problematic server from some other location rather than the site this
server is installed on.

-- 

Yours sincerely,

Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Unable to query the nameserver

2010-10-04 Thread Dotan Cohen

I am configuring BIND on two servers: ns1.example.de on a server with
IP address 1.1.1.1 and ns2.example.de on a server with IP address
1.1.2.2. BIND starts fine on both servers, but when I try to configure
my domain name in the registrar's control panel I get this error:
"""
Error : Unable to query the nameserver ns1.example.de
"""

Of course I have been googling this for hours and I've been reading
BIND manuals for about two weeks now! I'm really stuck. Here are my
configuration files:

// On 1.1.1.1
[r...@1.1.1.1]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type master;
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
};
zone "example.eu" {
type master;
file "/var/named/example.eu.hosts";
};
[r...@1.1.1.1]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.example.de.
   IN  NSns2.example.de.
   IN  A 1.1.1.1
wwwIN  A 1.1.1.1
ns1IN  A 1.1.1.1
ns2IN  A 1.1.2.2




// On 1.1.2.2
[r...@1.1.2.2]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type slave;
masters { 1.1.1.1; };
allow-update { 1.1.1.1; };
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
allow-notify { 1.1.2.2; };
};
[r...@1.1.2.2]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.example.de.
ns2IN  A 1.1.2.2




Of course, when I make a change to a hosts file I increment the serial
number and restart bind. I also restart bind after making a change to
named.conf. What am I doing wrong? Thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

48 matches

Mail list logo