Solved

new records in bind aren't being given out when doing nslookup....

Posted on 2011-03-02
16
385 Views
Last Modified: 2012-06-21
we had an old DNS server and I moved everything to a new box. DNS is working and it resolves names and internet, etc.

However, when I add a new record and then update the serial in named.soa and then restart the named service computers don't see the new records. Even if I do the lookup from the server itself it says it can't find it even though I can see it in the zone file.

Can anyone tell me what I'm missing?
0
Comment
Question by:willlandymore
  • 8
  • 8
16 Comments
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
Can you give me the domain name so I can run some tests on it?  I plan to use the dig tool to try and trace where teh fault lies to make sure it is that system.
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
mercyships.org
0
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
Ok, based on the trace below, it appears that this is hosted with rackspace, and is using their name servers.  Can you verify that the ip address at the end also appears correct?

=========================

; <<>> DiG 9.7.1-P2 <<>> +trace mercyships.org
;; global options: +cmd
.                       32380   IN      NS      b.root-servers.net.
.                       32380   IN      NS      d.root-servers.net.
.                       32380   IN      NS      i.root-servers.net.
.                       32380   IN      NS      c.root-servers.net.
.                       32380   IN      NS      g.root-servers.net.
.                       32380   IN      NS      f.root-servers.net.
.                       32380   IN      NS      l.root-servers.net.
.                       32380   IN      NS      k.root-servers.net.
.                       32380   IN      NS      m.root-servers.net.
.                       32380   IN      NS      e.root-servers.net.
.                       32380   IN      NS      h.root-servers.net.
.                       32380   IN      NS      a.root-servers.net.
.                       32380   IN      NS      j.root-servers.net.
;; Received 500 bytes from 192.168.1.34#53(192.168.1.34) in 27 ms

org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      d0.org.afilias-nst.org.
;; Received 434 bytes from 128.8.10.90#53(d.root-servers.net) in 35 ms

mercyships.org.         86400   IN      NS      ns2.rackspace.com.
mercyships.org.         86400   IN      NS      ns1.mercyships.org.
;; Received 97 bytes from 2001:500:b::1#53(c0.org.afilias-nst.info) in 64 ms

mercyships.org.         86400   IN      A       70.42.57.90
mercyships.org.         86400   IN      NS      ns.rackspace.com.
mercyships.org.         86400   IN      NS      ns2.rackspace.com.
;; Received 128 bytes from 65.61.188.4#53(ns2.rackspace.com) in 42 ms
0
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
Also, can you provide me with a specific FQDN (Fully qualified domain name) that you are attempting to look up. Also, when you are doing this lookup are you on the new DNS server testing it, or on a client system.  If on the DNS server, can you verify that it is set to look at itself DNS resolution and not some other name server?
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
well the rackspace one is in there, but then you can see the ns1.mercyships.org which is this box. I'm using:

nslookup server.mercyships.org ns1.mercyships.org

so that it specifically goes to itself to check that record. It's not finding it which means that it's looking at itself and not getting it even though it's sitting right there in /var/named/mercyships.org

0
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
Just to confirm, this is your current SOA serial number (2011030200).  Also, server.mercyships.org is the FQDN of the item that is not working, and not just an example, correct?
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
no the name of the box is thunderball.mercyships.org and the serial number now is 2011030201.
0
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
This is actually a bit odd.  The SOA for your ns1.mercyships.org seems to have regressed since I last loaded it, and is now stating (2011012600) and your rackspace servers are showing a completely different answer.  Are you intending to even use the rackspace servers any more?  

Are you seeing any bind error messages in your /var/log/syslog?


=======================

; <<>> DiG 9.7.1-P2 <<>> thunderball.mercyships.org. @ns1.mercyships.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9062
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns1.mercyships.org. root.mercyships.org. 2011012600 1800 900 3600 1800

;; Query time: 64 msec
;; SERVER: 198.97.51.1#53(198.97.51.1)
;; WHEN: Wed Mar  2 15:04:50 2011
;; MSG SIZE  rcvd: 89

root@ryoko:~# dig thunderball.mercyships.org. @ns1.rackspace.com                                                                                                    

; <<>> DiG 9.7.1-P2 <<>> thunderball.mercyships.org. @ns1.rackspace.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19926
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns.rackspace.com. hostmaster.rackspace.com. 1293861717 3600 300 1814400 300

;; Query time: 40 msec
;; SERVER: 69.20.95.4#53(69.20.95.4)
;; WHEN: Wed Mar  2 15:05:15 2011
;; MSG SIZE  rcvd: 107


0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:willlandymore
Comment Utility
No, I plan on removing the Rackspace hosts, but I need 2 external DNS servers before I can replace it.
0
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
Well, my concern is the rackspace and your dns are not in sync and are returning much different info, that could be causing problems with people being able to connect to you.  Not sure that is related to your initial issue, but a concern either way.  Other than that, are you seeing any errors in

/var/log/syslog

that are from the named process?
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
there are lots of entries in /var/log/messages concerning bind but it's to do with people trying zone transfers, etc.
0
 
LVL 2

Accepted Solution

by:
PortableTech earned 500 total points
Comment Utility
Ok,  Try the following commands for me and post the results.  I am assuming these are being done on the DNS server itself.

dig thunderball.mercyships.org

dig thunderball.mercyships.org @127.0.0.1

dig thunderball.mercyships.org @ns1.mercyships.org
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
dig thunderball.mercyships.org

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> thunderball.mercyships.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6158
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns1.mercyships.org. root.mercyships.org. 2011012600 1800 900 3600 1800

;; Query time: 56 msec
;; SERVER: 198.97.51.1#53(198.97.51.1)
;; WHEN: Wed Mar  2 15:03:44 2011
;; MSG SIZE  rcvd: 89

===============


dig thunderball.mercyships.org @127.0.0.1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> thunderball.mercyships.org @127.0.0.1
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root@excalibur named]# dig thunderball.mercyships.org @ns1.mercyships.org

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> thunderball.mercyships.org @ns1.mercyships.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30159
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns1.mercyships.org. root.mercyships.org. 2011012600 1800 900 3600 1800

;; Query time: 0 msec
;; SERVER: 198.97.51.1#53(198.97.51.1)
;; WHEN: Wed Mar  2 15:05:06 2011
;; MSG SIZE  rcvd: 89

That serial number it's getting is from the old named.soa on the old server, but the record for ns1 points to the new box and the service on the old one is stopped...
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
Okay, I found something. The default install of bind puts things in /var/named, but ours uses the /var/named/chroot/var/named.....so it's looking at the original copies of what's in the /var/named directory instead of using the links going to the deeper one.

Should I just delete the contents of that directory and then make the links pointing to the other ones?
0
 
LVL 2

Expert Comment

by:PortableTech
Comment Utility
Well, you will either need to place the files where it is looking as you have a chrooted server, or change the bind startup scripts to point it to where you want them to be.

The -t option will allow you to point it to the chrooted directory

-t /var/named/chroot/var/named

generally that is used with the -u option if you are trying to enhance security by running it as a non-root user.  But I am unsure what you were trying to accomplish with the chroot initially so I can only guess.
0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
eh, I just removed the chroot and then updated the files where it was actually looking.

Thanks.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now