Hi there,
when I fire up svscan on one of my pfsense 2.0.1 boxes, it starts
"supervise tinydns" processes. These supervise processes spawn plenty of
processes that end up as zombies, each of which dies some seconds. I.e.,
I have a block of 5-6 <defeunct>s traversing my process list.
Constantly. The TinyDNS log in the Web UI looks fine.
I actually did a ls -ltr /var/log to see whether anything about the
zombies is written to any of the log files. However, there is nothing.
Is there a way to find out what is going wrong?
TinyDNS appears to be running and respondign ok:
[2.0.1-RELEASE][r...@secgw.pfaf.intra.rsd.ch]/root(173): dig @127.0.0.1
mach.pfaf.intra.rsd.ch
; <<>> DiG 9.6.2-P2 <<>> @127.0.0.1 mach.pfaf.intra.rsd.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3323
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mach.pfaf.intra.rsd.ch. IN A
;; ANSWER SECTION:
mach.pfaf.intra.rsd.ch. 86400 IN A 192.168.10.196
;; AUTHORITY SECTION:
pfaf.intra.rsd.ch. 259200 IN NS ns.pfaf.intra.rsd.ch.
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 27 14:08:14 2012
;; MSG SIZE rcvd: 80
I am coming from BIND9, so I've been spoilt with working CNAMEs.
Somehow TinyDNS appears to have serious trouble with those:
[2.0.1-RELEASE][r...@secgw.pfaf.intra.rsd.ch]/root(175): dig @127.0.0.1
ns.pfaf.intra.rsd.ch
; <<>> DiG 9.6.2-P2 <<>> @127.0.0.1 ns.pfaf.intra.rsd.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32225
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns.pfaf.intra.rsd.ch. IN A
;; ANSWER SECTION:
ns.pfaf.intra.rsd.ch. 86400 IN CNAME secgw.pfaf.intra.rsd.ch.
;; AUTHORITY SECTION:
pfaf.intra.rsd.ch. 259200 IN NS ns.pfaf.intra.rsd.ch.
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 27 14:11:39 2012
;; MSG SIZE rcvd: 79
There's an answer to go and check out secgw.pfaf.intra.rsd.ch., but
it's simply not working:
[2.0.1-RELEASE][r...@secgw.pfaf.intra.rsd.ch]/root(176): ping
ns.pfaf.intra.rsd.ch
ping: cannot resolve ns.pfaf.intra.rsd.ch: Unknown server error
Here's my zone file as it is shown in the Web UI. Is there some obvious
mistake that I'm not awar of?:
Record Name Record Type rDNS Record Data
pfaf.intra.rsd.ch SOA ns.pfaf.intra.rsd.ch.
jupiter.pfaf.intra.rsd.ch A on 192.168.10.199
phatmac.pfaf.intra.rsd.ch A on 192.168.10.198
pfaf.intra.rsd.ch MX mail.rsd.ch.
smack.pfaf.intra.rsd.ch A on 192.168.10.197
mach.pfaf.intra.rsd.ch A on 192.168.10.196
micro.pfaf.intra.rsd.ch A on 192.168.10.195
nano.pfaf.intra.rsd.ch A on 192.168.10.194
dlink-ap1.pfaf.intra.rsd.ch A on 192.168.10.249
dlink-ap2.pfaf.intra.rsd.ch A on 192.168.10.248
lp1.pfaf.intra.rsd.ch A on 192.168.10.229
kvm1.pfaf.intra.rsd.ch A on 192.168.10.10
hpsw1.pfaf.intra.rsd.ch A on 192.168.10.9
ats1.pfaf.intra.rsd.ch A on 192.168.10.3
pdu1.pfaf.intra.rsd.ch A on 192.168.10.1
pdu2.pfaf.intra.rsd.ch A on 192.168.10.2
secgw.pfaf.intra.rsd.ch A on 192.168.10.254
ns.pfaf.intra.rsd.ch CNAME secgw.pfaf.intra.rsd.ch.
I've checked the TinyDNS documentation. There, one can read :"Don't use
Cfqdn if there are any other records for fqdn. Don't use Cfqdn for
common aliases; use +fqdn instead. Remember the wise words of Inigo
Montoya: ``You keep using CNAME records. I do not think they mean what
you think they mean.'' ". Honestly, I don't get it. What's so special
about CANMEs on TinyDNS. I just see them as the equivalent of a Symbolic
Link in Linux. Am I too naive about this?
On another matter: I've sent a question concerning DNS and pfSense two
days ago (Title: "DNS internal, caching external & forwarding requests
to upstream servers. What's the best practice on pfsense 2.0.1?") to
which I got not a single response. I keep wondering why? Was the
question stupid? Or should I have sent it elsewhere?: (TinyDNS Forum for
instance). Or is no one here using a DNS server on pfSense? Too much
jargon or not enough of it? Break of some netiquette rule that I'm not
awar of? Please, give me a pointer here and I'll try to improve!
Cheers,
Ray
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list