I have two BIND servers providing DNS for the office. This is set up in Master/Slave configuration. This is still in testing phase as I am trying to get rid of manually updated HOSTS files on all PC's.

I notice that, every few days, resolution seems to stop working properly for a brief period.

I have configured OpenDNS for the forwarder, and sometimes if I ping by short hostname, eg host "linux" the responses I get is:

Reply from 67.215.65.132: bytes=32 time=185ms TTL=48

Having looked this up, it resolves to:

Name: hit-nxdomain.opendns.com
Address: 67.215.65.132

Then, I can wait a few minutes and try pinging by shortname again, and then get a correct response from the correct IP address. Renewing IP configuration in Windows always fixes this too.

As well as pinging this affects access to file shares, server sign on's, etc...

Can anybody shed any light?

I am not sure if you need to see named.conf but the SOA record for the master is as follows (company name changed to 'acme':

$TTL 2d
@ IN SOA ns1.acme.com. root.ns1.acme.com. (
2010020900
3h
1h
1w
1d )

And for reference, here is named.conf:

ns1:~ # cat /etc/named.conf
#Access Control for Internal Hosts Only - Queries, Zone Xfer, etc.
acl "Allowed" {
192.168.1.0/24;
172.16.2.0/24;
localnets;
localhost;
};

options {

directory "/var/lib/named";

dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";

allow-query { "Allowed"; };

notify yes;
include "/etc/named.d/forwarders.conf";

# Additional Options added by Admin
allow-transfer { "Allowed"; };
allow-recursion { "Allowed"; };
allow-query-cache { "Allowed"; };
};

zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

include "/etc/named.conf.include";
logging {
category xfer-in { log_syslog; };
channel log_syslog { syslog; };
category xfer-out { log_syslog; };
category default { log_syslog; };
};
zone "acme.com" in {
allow-transfer { "Allowed"; };
file "master/acme.com";
type master;
};
zone "1.168.192.in-addr.arpa" in {
allow-transfer { "Allowed"; };
file "master/192.168.1.rev";
type master;
};

I thought perhaps a connectivity issue but I can't see this happening at the same time on two different servers

NS1 is Open SuSE 11.1 (PPC)
NS2 is Open SuSE 11.2 (x86)

Many thanks

You have 2 issues here:
1. If you want to resolve short names you need "domain acme.com" or "search acme.com" in /etc/resolv.conf

2. You don't need to forward queries to opendns, because whenever opendns cannot resolve a hostname it presents you with their default "not found" server at 67.215.65.132
Since you have the hint zone in /etc/named.conf, you can ditch forwarders and run your server as a caching name server.

Regards

Thanks (once again!) Bathory.

You mentioned the need to add the domain in /etc/resolv.conf in another thread - admittedly I have not done that yet, but I will.

So I assume the hint zone knows of higher DNS servers? I will turn off the forwarders.

The odd thing is though that neither seems to explain the odd behaviour....this happens with both short name or FQDN. I need to test on other stations.

I will make the changes you suggest and keep an eye on it.

Thanks

An update, since I am finally back in the office!

I have checked, and for both Master and Slave, "search acme.com" is already in /etc/resolv.conf

I have commented out the line "include "/etc/named.d/forwarders.conf"; from named.conf - let's see how that turns out

Ok, so I have kept an eye on things and still I am getting:

Pinging host.acme.com [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=22ms TTL=52
Reply from 67.215.65.132: bytes=32 time=22ms TTL=52
Reply from 67.215.65.132: bytes=32 time=55ms TTL=52
Reply from 67.215.65.132: bytes=32 time=22ms TTL=52

I commented out the forward include..so why is it still coming from Open DNS?

Really quite stumped at the minute, I can't see what I'm doing wrong, nor why it only happens some of the time. If I restart named, it's ok. If I release/renew my IP, it's OK.

Is there something in the SOA values that I need to be looking at?

Also a new thing I have noticed is that my windows 7 PC doesn't use the slave server if the master is down...but all XP machines do!!

Hi,

What's in /etc/resolv.conf? IF you have an entry for opendns there, comment it out.
I cannot tell why it works after restarting named and after some time it does not. Maybe bind gets confused by opendns, if you use it in /etc/resolv.conf.
You can dump the bind cache and look for the A record of the host in question:
Regarding Windows 7, I have no clue for this behavior.

If I can just add, be wary of certain routers. One of my customers has a Draytek and all DNS requests - even directly forced against the server - get intercepted and proxied to odd places. Sometimes it's the NS's belonging to the ISP, other times it will push them to the servers named in the routers DHCP profile. There is currently no fix for this in many of the Draytek routers and it may also affect other devices.

I suspect that you have more than your own DNS servers listed in /etc/resolv.conf as Bathory hints - but be mindful of what the router may well be doing.

ns1:~ # cat /etc/resolv.conf
### /etc/resolv.conf file autogenerated by netconfig!
search acme.com
ns1:~ #

I have ran 'rndc dumpdb' (which seemed to output to /var/lib/named/log...but don't expect that matters, perhaps just a SuSE thing..) but strangely I cannot see any internal hosts in this cache. If I 'grep | 192.168' all I get is:

ns1:/var/lib/named/log # cat /var/lib/named/log/named_dump.db | grep 192.168
; 192.168.1.12 [srtt 3] [flags 00000000]

This is the slave nameserver.

With regards to the router spampig..interesting point. Our router DNS records are for Open DNS. The DHCP scope for the office for DNS is:

NS1
NS2
Firewall (which in turn has DNS info for Open DNS)

Perhaps I should omit this and test further?

Additionally, here Here is a 'real time' example, just to show how odd this is:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\me>ping ns1

Pinging ns1.acme.com [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=22ms TTL=52

Ping statistics for 67.215.65.132:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 22ms, Average = 22ms
Control-C
^C
C:\Users\me>ipconfig /renew

<output omitted>

C:\Users\me>ping ns1

Pinging ns1.acme.com [192.168.1.98] with 32 bytes of data:
Reply from 192.168.1.98: bytes=32 time=1ms TTL=63
Reply from 192.168.1.98: bytes=32 time=1ms TTL=63
Reply from 192.168.1.98: bytes=32 time=1ms TTL=63
Reply from 192.168.1.98: bytes=32 time=1ms TTL=63

Ping statistics for 192.168.1.98:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\me>

Would clearing the named cache help possibly?

Any ideas as to why it works after an ipconfig /renew?

I don't speak Microsoft but I would guess that renews a DHCP lease??? That would re-read/assign IP, GATEWAY, DNS..... <<<

The only common DNS phrase in my Microsoft vocab is 'ipconfig /flushdns' :-)

Yes sorry, I should have said... I'm aware of what it does but I'm not entirely sure why it's causing the DNS lookups to work again.

If I do ipconfig /all...the output does not change after /renew...the DNS order is exactly the same.

I set the lease time to 1 day to see if that would help but that didn't make a difference.

I'm going to assign a test machine with static IP and see if the problem can be replicated...at least then I can narrow it down a bit.

Is there something in the SOA record that I can modify? Is there something perhaps timing out, making the PC skip the BIND nameservers and head straight for the firewall? I'm at a bit of a loss now.

If this were an issue for me I'd tcpdump the name servers to see if they even get the request when this happens. Did you take out the forwarders as bathory suggested btw?

Thanks. That's a good idea, I will give that a try.

Yes, I commented out the line to include the forwarders.conf file.

I think I have a few areas to investigate - thanks for the support so far.

edit: I forgot to mention...I am not overly familiar with tcpdump and I always seem to get this:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
78 packets received by filter
0 packets dropped by kernel

This was when I ran "tcpdump port 53" and nothing seems to be captured..what am I doing wrong?

I'm sorry I can't give you better pointers - this may help you / save you some time:

Should be able to look at 'dns.pcap' with wireshark afterwards.

Excellent! Many thanks