NAMED try to solve domain from old authoritative server

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

NAMED try to solve domain from old authoritative server

Teerapatr Kittiratanachai
Hi List,

I have faced the problem.
Firstly, I have 2 nameserver, the first nameserver is the
authoritative nameserver and not allow the recursive. The second one
is the recursive nameserver, and also store zonefile as the same with
the first server.

I have remove zonefile from the first server and reload named process.
It can work normally, I got the SERVFAIL response when I try to query
from it.
And at the second server, after it remove zone from named.conf and
`rndc reload`, it also can query from the new authoritative
nameserver. But after a few hours, new TTL is 600, it go back to query
from my first server which give me below log.

lame-servers: error (unexpected RCODE REFUSED) resolving
'www.domain.tld/A/IN': 192.168.1.1#53
lame-servers: lame server resolving 'www.domain.tld' (in
'domain.tld'?): 2001:db8:0:1::101#53

I must do the `rndc flushname domain.tld` to flush the cache.
However a few hours after I flush cache, the problem occur again.

Does anyone ever face this problem?

My named version is below.

#named -V
BIND 9.9.2-P1 built with '--localstatedir=/var' '--disable-linux-caps'
'--disable-symtable' '--with-randomdev=/dev/random' '--without-python'
'--with-openssl=/usr' '--with-libxml2=/usr/local' '--without-idn'
'--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb'
'--prefix=/usr/local' '--mandir=/usr/local/man'
'--infodir=/usr/local/info/' '--build=x86_64-portbld-freebsd8.2'
'build_alias=x86_64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe
-fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath=/usr/lib:/usr/local/lib'
'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe
-fno-strict-aliasing'
using OpenSSL version: OpenSSL 0.9.8q 2 Dec 2010
using libxml2 version: 2.7.8

BR,
Te
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: NAMED try to solve domain from old authoritative server

Mark Andrews

Do you really want help?  If so stop obscuring the details.

Mark

In message <CADC-1a0BdZDCGpkyWTDYuj9gj=[hidden email]>, Teerapatr Kittiratanachai writes:

> Hi List,
>
> I have faced the problem.
> Firstly, I have 2 nameserver, the first nameserver is the
> authoritative nameserver and not allow the recursive. The second one
> is the recursive nameserver, and also store zonefile as the same with
> the first server.
>
> I have remove zonefile from the first server and reload named process.
> It can work normally, I got the SERVFAIL response when I try to query
> from it.
> And at the second server, after it remove zone from named.conf and
> `rndc reload`, it also can query from the new authoritative
> nameserver. But after a few hours, new TTL is 600, it go back to query
> from my first server which give me below log.
>
> lame-servers: error (unexpected RCODE REFUSED) resolving
> 'www.domain.tld/A/IN': 192.168.1.1#53
> lame-servers: lame server resolving 'www.domain.tld' (in
> 'domain.tld'?): 2001:db8:0:1::101#53
>
> I must do the `rndc flushname domain.tld` to flush the cache.
> However a few hours after I flush cache, the problem occur again.
>
> Does anyone ever face this problem?
>
> My named version is below.
>
> #named -V
> BIND 9.9.2-P1 built with '--localstatedir=/var' '--disable-linux-caps'
> '--disable-symtable' '--with-randomdev=/dev/random' '--without-python'
> '--with-openssl=/usr' '--with-libxml2=/usr/local' '--without-idn'
> '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb'
> '--prefix=/usr/local' '--mandir=/usr/local/man'
> '--infodir=/usr/local/info/' '--build=x86_64-portbld-freebsd8.2'
> 'build_alias=x86_64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe
> -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath=/usr/lib:/usr/local/lib'
> 'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe
> -fno-strict-aliasing'
> using OpenSSL version: OpenSSL 0.9.8q 2 Dec 2010
> using libxml2 version: 2.7.8
>
> BR,
> Te
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: NAMED try to solve domain from old authoritative server

Teerapatr Kittiratanachai
Mark,
Unfortunately, due to my company's policy, i cannot provide you the information.

Thank you for your help.
Te

On Thu, Apr 2, 2015 at 12:07 PM, Mark Andrews <[hidden email]> wrote:

>
> Do you really want help?  If so stop obscuring the details.
>
> Mark
>
> In message <CADC-1a0BdZDCGpkyWTDYuj9gj=[hidden email]>, Teerapatr Kittiratanachai writes:
>> Hi List,
>>
>> I have faced the problem.
>> Firstly, I have 2 nameserver, the first nameserver is the
>> authoritative nameserver and not allow the recursive. The second one
>> is the recursive nameserver, and also store zonefile as the same with
>> the first server.
>>
>> I have remove zonefile from the first server and reload named process.
>> It can work normally, I got the SERVFAIL response when I try to query
>> from it.
>> And at the second server, after it remove zone from named.conf and
>> `rndc reload`, it also can query from the new authoritative
>> nameserver. But after a few hours, new TTL is 600, it go back to query
>> from my first server which give me below log.
>>
>> lame-servers: error (unexpected RCODE REFUSED) resolving
>> 'www.domain.tld/A/IN': 192.168.1.1#53
>> lame-servers: lame server resolving 'www.domain.tld' (in
>> 'domain.tld'?): 2001:db8:0:1::101#53
>>
>> I must do the `rndc flushname domain.tld` to flush the cache.
>> However a few hours after I flush cache, the problem occur again.
>>
>> Does anyone ever face this problem?
>>
>> My named version is below.
>>
>> #named -V
>> BIND 9.9.2-P1 built with '--localstatedir=/var' '--disable-linux-caps'
>> '--disable-symtable' '--with-randomdev=/dev/random' '--without-python'
>> '--with-openssl=/usr' '--with-libxml2=/usr/local' '--without-idn'
>> '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb'
>> '--prefix=/usr/local' '--mandir=/usr/local/man'
>> '--infodir=/usr/local/info/' '--build=x86_64-portbld-freebsd8.2'
>> 'build_alias=x86_64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe
>> -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath=/usr/lib:/usr/local/lib'
>> 'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe
>> -fno-strict-aliasing'
>> using OpenSSL version: OpenSSL 0.9.8q 2 Dec 2010
>> using libxml2 version: 2.7.8
>>
>> BR,
>> Te
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> [hidden email]
>> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: NAMED try to solve domain from old authoritative server

Matus UHLAR - fantomas
In reply to this post by Teerapatr Kittiratanachai
On 02.04.15 11:52, Teerapatr Kittiratanachai wrote:
>Firstly, I have 2 nameserver, the first nameserver is the
>authoritative nameserver and not allow the recursive. The second one
>is the recursive nameserver, and also store zonefile as the same with
>the first server.
>
>I have remove zonefile from the first server and reload named process.
>It can work normally, I got the SERVFAIL response when I try to query
>from it.

if the server is configured to read zone file, but can not find the file, it
treats this as an error and returns SERVFAIL.

>And at the second server, after it remove zone from named.conf and
>`rndc reload`, it also can query from the new authoritative
>nameserver.

if you don't remove the zone file, but the zone definition, the zone is not
considered as local, and recursion takes place.

>But after a few hours, new TTL is 600, it go back to query
>from my first server which give me below log.

some of new authoritative files contains NS record for the domain pointing
to your first server, so the recursive server asks your first server, which
returns SERVFAIL.

>I must do the `rndc flushname domain.tld` to flush the cache.
>However a few hours after I flush cache, the problem occur again.
>
>Does anyone ever face this problem?

such problems appear when people put incorrect NS records to zone files.
Note that not only parent zone must have proper NS (glue) records to child zones,
but the child zones must have them too.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users