Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 540
  • Last Modified:

These are nameservers that do NOT answer authoritatively for your domain

Hello,

I am running 2 nameservers for my domain snowdivers.com

box1 (arial.snowdivers.com) is running an old version of slackware and bind 8.1.2
box2 (gimli.snowdivers.com) is running slackware 9, and bind 9.2.2 p3

When I run dnsreport against my domain, I get the following error related to my primary, which is box1. "These are nameservers that do NOT answer authoritatively for your domain"

Here is my named.conf file from the bind 8.1.2 machine, but it the same on the other server. I added the auth-nxdomain yes; to the options, but this did not help, athough it fixed the problem on the bind 9.2.2 box.

arial:~# cat /etc/named.conf
/*
 * A simple BIND 8 configuration
 */

options {
        directory "/var/named";
        auth-nxdomain yes;
       multiple-cnames no;
};
zone "." {
         type hint;
         file "named.ca";
};
zone "snowdivers.com" {
        type master;
        file "zone/snowdivers.com";
};
zone "671.221.621.612.in-addr.arpa" {
        type master;
        file "zone/216.126.122.176";
};
zone "0.0.127.in-addr.arpa" in {
        type master;
        file "zone/named.local";
};


any suggestions?

Thanks,
Eric.
0
tagish
Asked:
tagish
  • 2
1 Solution
 
wesly_chenCommented:
Hi,

   In your zone file "zone/snowdivers.com", how many nameservers listed for your domain "snowdivers.com"?
I mean for example:
------------------
$TTL 86400
@ IN SOA NS.snowdivers.com. hostmaster.snowdivers.com. (
2004041905 ; Serial (yyyymmddxx format)
10800 ; Refresh 3 hours
3600 ; Retry 1 hour
604800 ; Expire
86400 ) ; Default_ttl 24 hours

@ IN NS arial.snowdivers.com.   <=== How many "@ IN NS ......" in "zone/snowdivers.com" file
@ IN NS gimli.snowdivers.com.   <===
----------------------
I check the dnsreport with your domain and only saw 2 nameservers are registered.
http://www.dnsreport.com/tools/dnsreport.ch?domain=snowdivers.com

If you have more than 2 nameservers in zone/snowdivers.com, then you will get "lame server" failure on dnsreport.
Either you register "216.126.97.90" as your nameserver or simply take it out from the zone file.

Regards,

Wesly
0
 
tagishAuthor Commented:
I have only 2 name servers currently. I have not set them up to be master/slave's, as I was hoping both would be authoratative, and could do a manual update of the zone files as needed...

My zone file is as follows on the primary (arial.snowdivers.com)
arial:~# cat /var/named/zone/snowdivers.com
#$ttl 38400
snowdivers.com. IN      SOA     arial.snowdivers.com. arial.snowdivers.com. (
                        2004112601      ;serial
                        7200            ;refresh
                        7200            ;retry
                        3w              ;expiry
                        86400 )         ;min
                        NS       arial.snowdivers.com.  ;
                        NS       gimli.snowdivers.com.  ;
                        MX       10  taz.snowdivers.com.;

localhost               A        127.0.0.1              ;
arial.snowdivers.com.   IN      A       216.126.97.90
                        HINFO   "PC"    "LINUX"         ;
taz.snowdivers.com.     IN      A       216.126.97.91
                        HINFO   "linux" "SERVER"        ;
www.snowdivers.com.     IN      A       216.126.97.91   ;
ftp.snowdivers.com.     IN      A       216.126.97.91   ;
arial.snowdivers.com.   IN      RP      ericb.snowdivers.com. resperson;
gimli.snowdivers.com.   IN      A       216.126.97.89
                        HINFO    "LINUX" "SERVER"       ;

thanks.
0
 
marcin79Commented:
The error is just a warning to you - the problem is with the
machine that in.named is reporting to. It is delegating authority
for one of it's subdomains to a machine which is not lower in the
DNS hierarchy.

Do a master/slave hierarchy and be sure that both of them will be authoritative it *might* solve the question

Marcin
0
 
tagishAuthor Commented:
Thanks,

I am going to accept Marcin's answer. It makes sense, and fits with some other reading I have been doing. My plan was to make my server a master and have it update a slave at a different location (right now they sit one on top of the other :-) ). I will make that change sooner now and see what happens rather than change the config on my current machine that will be turned off soon.

Thanks,
Eric.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now