Re: [opensuse] bind DNS: forwarders not working unless named is restarted

4 Jul 2012

      On 04/07/12 07:57, Per Jessen wrote:
...
lynn wrote:
...
On 03/07/12 20:31, Per Jessen wrote:
Hi Per, hi everyone
...
I guess you know forwarding is broken because your queries aren't
forwarded to the _right_ nameservers?  I mean, you have a special
reason for needing to use the dragonet.es nameservers?
Only that it would relieve our own servers.
...
I think it would be good to verify if forwarding happens or not (use
tcpdump) and then do a "dig <something>", then "dig +trace <something>"
that will require forwarding.  That ought to give us something to start
on.
It looks as if our servers are doing it all (192.168.1.2 is the DNS on DC1):

dig google.es

; <<>> DiG 9.8.1-P1 <<>> google.es
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2680
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;google.es.			IN	A

;; ANSWER SECTION:
google.es.		130	IN	A	74.125.230.95
google.es.		130	IN	A	74.125.230.87
google.es.		130	IN	A	74.125.230.88

;; AUTHORITY SECTION:
google.es.		86230	IN	NS	ns1.google.com.
google.es.		86230	IN	NS	ns2.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.		345551	IN	A	216.239.32.10
ns2.google.com.		345551	IN	A	216.239.34.10

;; Query time: 17 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Jul  4 10:48:42 2012
;; MSG SIZE  rcvd: 153

  dig +trace google.es

; <<>> DiG 9.8.1-P1 <<>> +trace google.es
;; global options: +cmd
.			516050	IN	NS	m.root-servers.net.
.			516050	IN	NS	h.root-servers.net.
.			516050	IN	NS	f.root-servers.net.
.			516050	IN	NS	d.root-servers.net.
.			516050	IN	NS	c.root-servers.net.
.			516050	IN	NS	e.root-servers.net.
.			516050	IN	NS	g.root-servers.net.
.			516050	IN	NS	k.root-servers.net.
.			516050	IN	NS	l.root-servers.net.
.			516050	IN	NS	j.root-servers.net.
.			516050	IN	NS	b.root-servers.net.
.			516050	IN	NS	a.root-servers.net.
.			516050	IN	NS	i.root-servers.net.
;; Received 436 bytes from 192.168.1.2#53(192.168.1.2) in 226 ms

es.			172800	IN	NS	ns3.nic.fr.
es.			172800	IN	NS	f.nic.es.
es.			172800	IN	NS	ns15.communitydns.net.
es.			172800	IN	NS	ns-ext.nic.cl.
es.			172800	IN	NS	ns1.cesca.es.
es.			172800	IN	NS	sns-pb.isc.org.
es.			172800	IN	NS	a.nic.es.
;; Received 453 bytes from 192.112.36.4#53(192.112.36.4) in 297 ms

google.es.		86400	IN	NS	ns2.google.com.
google.es.		86400	IN	NS	ns1.google.com.
;; Received 73 bytes from 194.69.254.1#53(194.69.254.1) in 227 ms

google.es.		300	IN	A	74.125.230.87
google.es.		300	IN	A	74.125.230.88
google.es.		300	IN	A	74.125.230.95
;; Received 75 bytes from 216.239.34.10#53(216.239.34.10) in 100 ms

/etc/named.conf
options {
	directory "/var/lib/named";
	managed-keys-directory "/var/lib/named/dyn/";
	forwarders { 217.70.240.135; 217.70.240.136; 192.168.1.3; };
	listen-on-v6 { none; };
	notify no;
	tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
zone "." in {
	type hint;
	file "root.hint";
};
zone "localhost" in {
	type master;
	file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
	type master;
	file "127.0.0.zone";
};
include "/etc/named.conf.include";
include "/usr/local/samba/private/named.conf";

named startup:
Jul  4 11:04:34 hh1 named[3188]: starting BIND 9.8.1-P1 -u named
Jul  4 11:04:34 hh1 named[3188]: built with '--prefix=/usr' 
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--localstatedir=/var' '--libdir=/usr/lib' 
'--includedir=/usr/include/bind' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--with-openssl' '--enable-threads' 
'--with-libtool' '--enable-runidn' '--with-libxml2' '--with-dlz-mysql' 
'--with-dlz-ldap' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 
-Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables 
-fasynchronous-unwind-tables -g -DNO_VERSION_DATE -fno-strict-aliasing' 
'LDFLAGS=-L/usr/lib'
Jul  4 11:04:34 hh1 named[3188]: adjusted limit on open files from 4096 
to 1048576
Jul  4 11:04:34 hh1 named[3188]: found 1 CPU, using 1 worker thread
Jul  4 11:04:34 hh1 named[3188]: using up to 4096 sockets
Jul  4 11:04:34 hh1 named[3188]: loading configuration from 
'/etc/named.conf'
Jul  4 11:04:34 hh1 named[3188]: reading built-in trusted keys from file 
'/etc/bind.keys'
Jul  4 11:04:34 hh1 named[3188]: using default UDP/IPv4 port range: 
[1024, 65535]
Jul  4 11:04:34 hh1 named[3188]: using default UDP/IPv6 port range: 
[1024, 65535]
Jul  4 11:04:35 hh1 named[3188]: listening on IPv4 interface lo, 
127.0.0.1#53
Jul  4 11:04:35 hh1 named[3188]: listening on IPv4 interface eth1, 
192.168.1.2#53
Jul  4 11:04:35 hh1 named[3188]: generating session key for dynamic DNS
Jul  4 11:04:35 hh1 named[3188]: sizing zone task pool based on 3 zones
Jul  4 11:04:35 hh1 named[3188]: Loading 'AD DNS Zone' using driver dlopen
Jul  4 11:04:35 hh1 named[3188]: samba_dlz: Unknown parameter 
encountered: "wide links"
Jul  4 11:04:35 hh1 named[3188]: samba_dlz: Ignoring unknown parameter 
"wide links"
Jul  4 11:04:35 hh1 named[3188]: samba_dlz: started for DN DC=hh3,DC=site
Jul  4 11:04:35 hh1 named[3188]: samba_dlz: starting configure
Jul  4 11:04:35 hh1 named[3188]: samba_dlz: configured writeable zone 
'hh3.site'
Jul  4 11:04:35 hh1 named[3188]: samba_dlz: configured writeable zone 
'_msdcs.hh3.site'
Jul  4 11:04:35 hh1 named[3188]: set up managed keys zone for view 
_default, file '/var/lib/named/dyn//managed-keys.bind'
Jul  4 11:04:35 hh1 named[3188]: Warning: 
'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 
empty zones
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 0.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 127.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 
100.51.198.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 
113.0.203.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 
255.255.255.255.IN-ADDR.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: D.F.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 8.E.F.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 9.E.F.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: A.E.F.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: B.E.F.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: automatic empty zone: 
8.B.D.0.1.0.0.2.IP6.ARPA
Jul  4 11:04:35 hh1 named[3188]: command channel listening on 127.0.0.1#953
Jul  4 11:04:35 hh1 named[3188]: couldn't add command channel ::1#953: 
address not available
Jul  4 11:04:35 hh1 named[3188]: zone 0.0.127.in-addr.arpa/IN: loaded 
serial 42
Jul  4 11:04:35 hh1 named[3188]: zone localhost/IN: loaded serial 42
Jul  4 11:04:35 hh1 named[3188]: managed-keys-zone ./IN: loaded serial 0
Jul  4 11:04:35 hh1 named[3160]: Starting name server BIND ..done
Jul  4 11:04:35 hh1 named[3188]: running
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org