Bind returns 0 answers on the zone it is set to be master on

Timur Sakayev · 12-28-2004, 05:16 PM

Greetings to everybody.

Third day, second reinstall. same problem :-( .
I'm trying to set up a linux DNS server (bind 9.3.0). Seems to be working just fine for any info for external domains. The only domain that causes the problem is the one that this DNS server is supposed to be master for. when i'm trying to dig from another machine - get Answers:0. At the same time I have another DNS server (Win2000) and have no problem getting info from it.
Below are the named.conf, config files for the zone and examples of return. I get a feeling that i'm missing something small, and just don't see it because i'm relatively new to network administration.
I would appreciate any advice as to what to do or where to look for an answer as well as advice on efficiency of the configuration (i created the file after the one that was already in place and not sure as to how efficient it is).

Thank you in advance,

Tim

named.conf:

Code:

	    view "my-domain" {
		match-clients {192.168.1.0/24; 127/8; };
		zone "my-domain.net" {
		   type master;
		   file "my-domain.net";
		};
	    };

my-domain.net:

Code:

$TTL 3600
my-domain.net. IN SOA ns1.my-domain.net. hostmaster.my-domain.net. (
							20041228	; serial
							3h		; refresh after 3 hours
							1h		; retry after 1 hour
							1w		; expire after 1 week
							1h)		;negative caching TTL 1 hour
;
; Name servers
;
my-domain.net.	IN NS	dns17.register.com.
my-domain.net.	IN NS	dns18.register.com.

;
; Mail servers
;
my-domain.net.	IN MX 	10 mail.my-domain.net.

;
; Addresses
;servers
localhost.my-domain.net.		IN A		127.0.0.1
boromir.my-domain.net.		IN A		192.168.1.101
caesar.my-domain.net.		IN A		192.168.1.103
degas.my-domain.net.		IN A		192.168.1.104
faramir.my-domain.net.		IN A		192.168.1.102
frodo.my-domain.net.		IN A		192.168.1.100
leonardo.my-domain.net.		IN A		192.168.1.103
;printers
merry.printers.my-domain.net.	IN A		192.168.1.200
pippin.printers.my-domain.neti.	IN A		192.168.1.201
;system
mail.my-domain.net.		IN CNAME	host53a.external-mail-prvider.com.
webmail.my-domain.net.		IN CNAME	mail.my-domain.net.
w-w-w.my-domain.net.		IN A		99.99.99.99
ns1.my-domain.net.		IN A		99.99.99.99
ns2.my-domain.net.		IN A		99.99.99.99
;
; Aliases
;
tdev.my-domain.net.		IN CNAME	leonardo.my-domain.net.
intranet.my-domain.net.		IN CNAME	leonardo.my-domain.net.

192.168.1:

Code:

$TTL 3h

1.168.192.in-addr.arpa. IN SOA ns1.my-domain.net. hostmaster.my-domain.net. (
							20041228	; serial
							3h		; refresh after 3 hours
							1h		; retry after 1 hour
							1w		; expire after 1 week
							1h )		; negatice caching TTL of 1 hour

;
; Name servers
;
1.168.192.in-addr.arpa.		IN NS	dns17.register.com.
1.168.192.in-addr.arpa.		IN NS	dns18.register.com.

;
; Addresses point to canonical name
; servers
100.1.168.192.in-addr.arpa.	IN PTR	frodo.my-domain.net
101.1.168.192.in-addr.arpa.	IN PTR	boromir.my-domain.net
102.1.168.192.in-addr.arpa.	IN PTR	faramir.my-domain.net
103.1.168.192.in-addr.arpa.	IN PTR	caesar.my-domain.net
104.1.168.192.in-addr.arpa.	IN PTR	degas.my-domain.net
105.1.168.192.in-addr.arpa.	IN PTR	leonardo.my-domain.net
; printers
200.1.168.192.in-addr.arpa.	IN PTR	merry.printers.my-domain.net
201.1.168.192.in-addr.arpa.	IN PTR	pippin.printers.my-domain.net
; dhcp clients
1.1.168.192.in-addr.arpa.	IN PTR	dhcp1.my-domain.net
2.1.168.192.in-addr.arpa.	IN PTR	dhcp2.my-domain.net
3.1.168.192.in-addr.arpa.	IN PTR	dhcp3.my-domain.net
4.1.168.192.in-addr.arpa.	IN PTR  dhcp4.my-domain.net

DIGs from the linux (1.103) and Win(1.100)

Code:

; <<>> DiG 9.3.0 <<>> @192.168.1.103 frodo.my-domain.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11688
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;frodo.my-domain.net.	IN	A

;; AUTHORITY SECTION:
my-domain.net.	8479	IN	SOA	dns17.register.com. root.register.com. 200404326 10800 3600 604800 21600

;; Query time: 2 msec
;; SERVER: 192.168.1.103#53(192.168.1.103)
;; WHEN: Tue Dec 28 18:05:25 2004
;; MSG SIZE  rcvd: 103

; <<>> DiG 9.3.0 <<>> @192.168.1.100 frodo.my-domain.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43206
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;frodo.my-domain.net.	IN	A

;; ANSWER SECTION:
frodo.my-domain.net. 3600 IN	A	192.168.1.100

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Dec 28 18:05:35 2004
;; MSG SIZE  rcvd: 60


; <<>> DiG 9.3.0 <<>> @192.168.1.103 frodo
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33292
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;frodo.				IN	A

;; AUTHORITY SECTION:
.			10800	IN	SOA	A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2004122800 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 192.168.1.103#53(192.168.1.103)
;; WHEN: Tue Dec 28 18:05:43 2004
;; MSG SIZE  rcvd: 98


; <<>> DiG 9.3.0 <<>> @192.168.1.100 frodo
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6367
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;frodo.				IN	A

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Dec 28 18:05:49 2004
;; MSG SIZE  rcvd: 23

scowles · 12-28-2004, 09:57 PM

You seem to be referencing register.com's name servers as NS records in both zones. Yet you are loading the zone as type master. If your goal is to create an authoritative name server for your private domain, then your NS records should point to your name server and the zone loaded as a master.(see below) Otherwise the zone should be loaded as type "forward"

Some other things I noticed...

Code:

view "my-domain" {
		match-clients {192.168.1.0/24; 127/8; };
		zone "my-domain.net" {
		   type master;
		   file "my-domain.net";
		};
	    };

You have defined a single view which loads a single zone (my-domain.net), but yet the reverse zone is not loaded within the view. Also, where is the root zone loaded?

Code:

; Name servers
;
my-domain.net.	IN NS	dns17.register.com.
my-domain.net.	IN NS	dns18.register.com.

Huh? If your goal is to make an authoritative name sever for your private network, then the NS records should point to your servers name/IP address (glue records), not register.com. ie.

Code:

my-domain.net    IN    NS    ns1.my-domain.net.
my-domain.net    IN    NS    ns2.my-domain.net.
; glue records
ns1    IN     NS     192.168.1.2
ns2    IN     NS     192.168.1.3

Printers...

Code:

;printers
merry.printers.my-domain.net.	IN A		192.168.1.200
pippin.printers.my-domain.neti.	IN A		192.168.1.201

You have these printers listed under the sub-domain of printers.my-domain.net, but yet you have not added the necesaary delegation records (SOA) for this sub-domain. This would require a separate zone file for printers.my-domain.net. Plus you have .neti instead of .net in the second record.

Example of a sub-domain delegation: In my-domain.net zone file, add...

Code:

; Delegate printers.my-domain.net to this server
printers.my-domain.net.    IN    NS    ns1.printers.my-domain.net.
; glue record for ns1.prnters.my-domain.net
ns1.printers    IN    A    192.168.1.2

Now create a zone file for printers.my-domain.net that contains the A records for merry and pippin. Oh!, and don't forget load this zone in named.conf.

Code:

;system
mail.my-domain.net.		IN CNAME	host53a.external-mail-prvider.com.
webmail.my-domain.net.		IN CNAME	mail.my-domain.net.

Although a topic of many debates... you have your MX record pointing to a CNAME. Plus the second record is basically a CNAME pointing to a CNAME.

As for the 192.168.1 reverse zone...

1) Your NS records are pointing to register.com when they should probably point to your name server. Especially since this zone is for an RFC1918 address space. NO name server on this planet (except yours) is going to answer an RFC1918 adddress request.
2) None of the PTR records have a termination (period) ie.

Code:

100.1.168.192.in-addr.arpa.	IN PTR	frodo.my-domain.net
101.1.168.192.in-addr.arpa.	IN PTR	boromir.my-domain.net

shoud be...
100.1.168.192.in-addr.arpa.	IN PTR	frodo.my-domain.net.
101.1.168.192.in-addr.arpa.	IN PTR	boromir.my-domain.net.

DHCP entries are listed in the reverse zone, but are not lsited in the forward zone. BTW: did you know you can use the $GENERATE statment to build these A/PTR records when the zone loads? Example:

Code:

; dhcp clients
1.1.168.192.in-addr.arpa.	IN PTR	dhcp1.my-domain.net
2.1.168.192.in-addr.arpa.	IN PTR	dhcp2.my-domain.net
3.1.168.192.in-addr.arpa.	IN PTR	dhcp3.my-domain.net
4.1.168.192.in-addr.arpa.	IN PTR  dhcp4.my-domain.net

...the above can be replaced with (substitute the 1-10 with the range you need)

$GENERATE 1-10  $      PTR             dhcp$.my-domain.net.

...and in the forward zone (my-domain.net)
$GENERATE 1-10  dhcp$      A       192.168.1.$

Timur Sakayev · 12-29-2004, 08:46 AM

thank you very much scowles,

I understand that the file was a mess - again - i'm a

in network administration who was forced to take over infrastructure.

The problem is still there though. i corrected everything as you mentioned. i am running the server as master, i simply got rid of the subdaomains. Still when i dig the server i get no response. and here is what looks weird - the authority section mentions dns17.register.com even though now there is not a line in zone files mentioning register.com. I assume that the server, once it receives request turns around and goes to register.com to find out the ip address, even thouhg the server is set as master of that zome. I got into debugging log - there is one thing that sort of confuses me - when i reload server, i get :
[code]
29-Dec-2004 09:19:56.387 general: debug 1: zone_loaddone: zone my-domain.net/IN/abacus: enter
29-Dec-2004 09:19:56.387 general: debug 1: zone my-domain.net/IN/mdomain: loaded
29-Dec-2004 09:19:56.387 database: debug 1: calling free_rbtdb(my-domain.net)
29-Dec-2004 09:19:56.387 general: info: zone my-domain.net/IN/mdomain: loaded serial 20041228
29-Dec-2004 09:19:56.392 general: debug 1: zone_timer: zone my-domain.net/IN/mdomain: enter
29-Dec-2004 09:19:56.392 general: debug 1: zone_maintenance: zone abacus-analytics.net/IN/mdomain: enter
29-Dec-2004 09:19:56.392 notify: info: zone my-domain.net/IN/mdomain: sending notifies (serial 20041228)
29-Dec-2004 09:19:56.394 notify: notice: client 192.168.1.103#53: view external: received notify for zone 'my-domain.net': not authoritative
29
[\code]

the last line is the one that concerns me. if the server is set up as master, what is the ntify response? I am running only this server - it doesn't have any slave servers.
In case if this helps - my purpose is to create a DNS server on internal network that will contain info about the hosts on this network. It will nt be queried from anywhere but the LAN.
Somehow everything was working up until we moved to different location. Previous server in old location was set up by my predecessor who claimed to be a networking genius and quit on me without even giving me passwords to linux servers. when i had to rebuild the network - i just created setup parallel to what i found on the previous DNS server.

In any case - i really appreciate your help.

Tim.