dns problem

dns problem

[Scott Howell]

Folks,

I ran into a dns problem and hope maybe someone can help me out.

I currently have a box named lrxms it shows up as far as I know as 
lrxms.lrxms.net and it has two interfaces of 66.92.147.165 and 
192.168.1.1.
Now I recently configured a new machine that will be a firewall box and 
run a few services instead of lrxms running everything including the 
firewall.

I first shutdown the lrxms machine and remove it from the network. I 
plugged in the new box which is named zoose; yeah on a greek mythology 
kick. I only edited the zone file to show the Cname of zoose, but made 
no other changes. The external ip and internal ip stayed the same from 
when lrxms was performing the dns service.

Now the first problem I ran into is I had to grab the db.cache file from 
the old box cause on the new Debian box, zoose it was empty. Ok, so now 
when I attempted to perform lookups I get server not found errors. I 
could do a lookup on my own domain, but nothing else.
I then put the old machine back online and all is fixed. So, I'd 
appreciate any help as to where to look for problems. I wonder if I need 
to tell the folks I registered my dns servers with about the change or 
my ISP who does reverse for me. I only told either about ns1.lrxms.net 
because I had planned to change the name of the machine in any case.
Ay I finally got the firewall working I think, but this dns problem has 
me running in circles. Its was bad enough I had to litterally use the 
same cables from my old machine when bringing the new one online. I 
think the switch keeps that segment info in its little brain and you all 
but have to unplug the damned thing I guess to reset it.

tia

Scott

Re: dns problem

[Gregory Nowak]

Yeah, if your isp or whoever you registered your domain with, knows your ns1 machine by one name, and you decide to give your ns1 another name without telling them, you're going to have problems. Either contact your isp and whoever you registered your domain with, and give them the new name for ns1, or make your new server have your old server's name.

I never saw the advantage of naming your dns servers as ns1.domain.com, but I think I do now (smile).

Greg


On Sun, Oct 13, 2002 at 10:43:04AM -0400, Scott Howell wrote:
> Folks,
> 
> I ran into a dns problem and hope maybe someone can help me out.
> 
> I currently have a box named lrxms it shows up as far as I know as 
> lrxms.lrxms.net and it has two interfaces of 66.92.147.165 and 
> 192.168.1.1.
> Now I recently configured a new machine that will be a firewall box and 
> run a few services instead of lrxms running everything including the 
> firewall.
> 
> I first shutdown the lrxms machine and remove it from the network. I 
> plugged in the new box which is named zoose; yeah on a greek mythology 
> kick. I only edited the zone file to show the Cname of zoose, but made 
> no other changes. The external ip and internal ip stayed the same from 
> when lrxms was performing the dns service.
> 
> Now the first problem I ran into is I had to grab the db.cache file from 
> the old box cause on the new Debian box, zoose it was empty. Ok, so now 
> when I attempted to perform lookups I get server not found errors. I 
> could do a lookup on my own domain, but nothing else.
> I then put the old machine back online and all is fixed. So, I'd 
> appreciate any help as to where to look for problems. I wonder if I need 
> to tell the folks I registered my dns servers with about the change or 
> my ISP who does reverse for me. I only told either about ns1.lrxms.net 
> because I had planned to change the name of the machine in any case.
> Ay I finally got the firewall working I think, but this dns problem has 
> me running in circles. Its was bad enough I had to litterally use the 
> same cables from my old machine when bringing the new one online. I 
> think the switch keeps that segment info in its little brain and you all 
> but have to unplug the damned thing I guess to reset it.
> 
> tia
> 
> Scott
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: dns problem

[Scott Howell]

I wonder in the short term if there is a way to account for both machine 
names so I'll not get bit in the process of changing names. I think the 
mistake is naming the machine the same name as the domain. I guess 
there's no point in naming your box example if your domain is 
example.com being as it'll show up as example.example.com which seems 
silly in any case.<grin>
I didn't think of this when I started. What is interesting though is why 
it wouldn't do lookups beyond my own domain. That I think bothers me 
more being as if it would have done lookups at least I couldn't have 
worked with the situation. I obviously dont' know dns as well as I'd 
like, but perhaps this could have something to do with the reverse 
lookups? Seems as long as my dns server can contact a root server it 
should still produce dns results.
I guess this is also punishment for not keeping my old box updated. Most 
the software on it is from Slackware 7.1 and its worked well enough. My 
mistake was trying to build a Debian box and I've not had to concern 
myself with setting up Debian as a server or firewall box so I imagine 
perhaps there's some differences or unique aspecs I overlooked, but 
didn't think so.

tnx

Actually one other interesting point is that ns1.lrxms.net resolves back 
to lrxms.lrxms.net per the zone file. I didn't think because ns1 was 
another name for the primary dns server, would it matter what the 
machine's real name is.

tnx

On Sun, Oct 13, 2002 at 11:43:25AM -0500, Gregory Nowak wrote:
> Yeah, if your isp or whoever you registered your domain with, knows your ns1 machine by one name, and you decide to give your ns1 another name without telling them, you're going to have problems. Either contact your isp and whoever you registered your domain with, and give them the new name for ns1, or make your new server have your old server's name.
> 
> I never saw the advantage of naming your dns servers as ns1.domain.com, but I think I do now (smile).
> 
> Greg

Re: dns problem

[Gregory Nowak]

If you can contact the root servers, and get a root hints file, you should be able to get dns info for other domains just fine (assuming your bind is setup correctly).

One more thing I forgot to mention is to make sure your SOA record has the correct info.

To answer your question, your machine may have a different name in dns from the one you see at the shell prompt. For example, my server is linserver.romuald.net.eu.org, but I could have just as easily defined it as ns1.romuald.net.eu.org in my zone file.

One more thing, there is no technical problem as far as I know in having your nameserver have the name of your domain. Yes, kind of strange, but it should work.

I don't know how you would take care of things during the name change, but maybe someone more knowledgable will come on here and enlighten us both.

Greg


On Sun, Oct 13, 2002 at 08:14:42PM -0400, Scott Howell wrote:
> I wonder in the short term if there is a way to account for both machine 
> names so I'll not get bit in the process of changing names. I think the 
> mistake is naming the machine the same name as the domain. I guess 
> there's no point in naming your box example if your domain is 
> example.com being as it'll show up as example.example.com which seems 
> silly in any case.<grin>
> I didn't think of this when I started. What is interesting though is why 
> it wouldn't do lookups beyond my own domain. That I think bothers me 
> more being as if it would have done lookups at least I couldn't have 
> worked with the situation. I obviously dont' know dns as well as I'd 
> like, but perhaps this could have something to do with the reverse 
> lookups? Seems as long as my dns server can contact a root server it 
> should still produce dns results.
> I guess this is also punishment for not keeping my old box updated. Most 
> the software on it is from Slackware 7.1 and its worked well enough. My 
> mistake was trying to build a Debian box and I've not had to concern 
> myself with setting up Debian as a server or firewall box so I imagine 
> perhaps there's some differences or unique aspecs I overlooked, but 
> didn't think so.
> 
> tnx
> 
> Actually one other interesting point is that ns1.lrxms.net resolves back 
> to lrxms.lrxms.net per the zone file. I didn't think because ns1 was 
> another name for the primary dns server, would it matter what the 
> machine's real name is.
> 
> tnx
> 

Re: dns problem

[Darrell Shandrow]

Hi Greg,

Yes!  This is always a good idea for the sake of standardization and ease of
understanding for potential future administrators who come along after.  Of
course, this is not so critical on a residential implementation, but...

----- Original Message -----
From: "Gregory Nowak" <greg@romuald.net.eu.org>
To: <speakup@braille.uwo.ca>
Sent: Sunday, October 13, 2002 9:43 AM
Subject: Re: dns problem


> Yeah, if your isp or whoever you registered your domain with, knows your
ns1 machine by one name, and you decide to give your ns1 another name
without telling them, you're going to have problems. Either contact your isp
and whoever you registered your domain with, and give them the new name for
ns1, or make your new server have your old server's name.
>
> I never saw the advantage of naming your dns servers as ns1.domain.com,
but I think I do now (smile).
>
> Greg
>
>
> On Sun, Oct 13, 2002 at 10:43:04AM -0400, Scott Howell wrote:
> > Folks,
> >
> > I ran into a dns problem and hope maybe someone can help me out.
> >
> > I currently have a box named lrxms it shows up as far as I know as
> > lrxms.lrxms.net and it has two interfaces of 66.92.147.165 and
> > 192.168.1.1.
> > Now I recently configured a new machine that will be a firewall box and
> > run a few services instead of lrxms running everything including the
> > firewall.
> >
> > I first shutdown the lrxms machine and remove it from the network. I
> > plugged in the new box which is named zoose; yeah on a greek mythology
> > kick. I only edited the zone file to show the Cname of zoose, but made
> > no other changes. The external ip and internal ip stayed the same from
> > when lrxms was performing the dns service.
> >
> > Now the first problem I ran into is I had to grab the db.cache file from
> > the old box cause on the new Debian box, zoose it was empty. Ok, so now
> > when I attempted to perform lookups I get server not found errors. I
> > could do a lookup on my own domain, but nothing else.
> > I then put the old machine back online and all is fixed. So, I'd
> > appreciate any help as to where to look for problems. I wonder if I need
> > to tell the folks I registered my dns servers with about the change or
> > my ISP who does reverse for me. I only told either about ns1.lrxms.net
> > because I had planned to change the name of the machine in any case.
> > Ay I finally got the firewall working I think, but this dns problem has
> > me running in circles. Its was bad enough I had to litterally use the
> > same cables from my old machine when bringing the new one online. I
> > think the switch keeps that segment info in its little brain and you all
> > but have to unplug the damned thing I guess to reset it.
> >
> > tia
> >
> > Scott
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: dns problem

[Scott Howell]

Greg,

That very well could be the problem. I am running bind 8.something on my 
old box and bind 9 on the new box. I simply used the same configuration 
file with a few minor changes to paths etc. Being that I can't contact 
any root servers, that probably would indicate there being some problem 
with the configuration.
What is interesting is that at one point it seem to work, but to be 
honest I haven't absolutely any clue what would have broken in such 
short order. I think what compounds the problem is I can't think of 
anything to ping beyond my own network just to be sure my packets are 
flowing as they should be. Yes, I can use netwatch, but it tends to be a 
bit to verbose just to get some simple info. I used to be able to ping 
the ISP's dns server, but guess they decided to block pings now.<grin>

Tnx will have to keep hacking this problem.

Re: dns problem

[Jude DaShiell]

Have you any nameserver's defined in your /etc/resolv.conf?  I can break a
connection real easy by removing those.

Re: dns problem

[Scott Howell]

Absolutely, don't have those your correct, things are going to be quite 
broken.:)


On Mon, Oct 14, 2002 at 07:20:08AM -0400, Jude DaShiell wrote:
> Have you any nameserver's defined in your /etc/resolv.conf?  I can break a
> connection real easy by removing those.

Re: dns problem

[Darrell Shandrow]

Hi Scott,

You can ping me.  Ping borg.shandrow.com, or the IP address 206.124.184.77.

Check your /etc/named.conf carefully.  Look for the zone file that is named
just ".".  Make sure that really does point to a valid root servers hints
file...

----- Original Message -----
From: "Scott Howell" <showell@lrxms.net>
To: <speakup@braille.uwo.ca>
Sent: Monday, October 14, 2002 3:25 AM
Subject: Re: dns problem


> Greg,
>
> That very well could be the problem. I am running bind 8.something on my
> old box and bind 9 on the new box. I simply used the same configuration
> file with a few minor changes to paths etc. Being that I can't contact
> any root servers, that probably would indicate there being some problem
> with the configuration.
> What is interesting is that at one point it seem to work, but to be
> honest I haven't absolutely any clue what would have broken in such
> short order. I think what compounds the problem is I can't think of
> anything to ping beyond my own network just to be sure my packets are
> flowing as they should be. Yes, I can use netwatch, but it tends to be a
> bit to verbose just to get some simple info. I used to be able to ping
> the ISP's dns server, but guess they decided to block pings now.<grin>
>
> Tnx will have to keep hacking this problem.
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: dns problem

[Igor Gueths]

Also, now that you mention this Scott, are you able to ping hostnames and
have them resolv to ip? Or can you ping just using ip? If you can't ping
with hostname and request times out, this may very well be a problem in
resolv.conf.

Microsoft dialogue
This company has performed an illegal operation and will be shutdown. If this problem persists, delete Winblows and install Linux. Close button

On Mon, 14 Oct 2002, Jude DaShiell wrote:

> Have you any nameserver's defined in your /etc/resolv.conf?  I can break a
> connection real easy by removing those.
>
>
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

Re: dns problem

[Gregory Nowak]

Scott, the configs from bind 8 to bind 9 changed noticeabley from what I recall. I'm certainly no expert, but if you'd like to send your config and zone files this way, I'd be happy to have a look, and see if I find something strange.

Greg


On Mon, Oct 14, 2002 at 06:25:31AM -0400, Scott Howell wrote:
> Greg,
> 
> That very well could be the problem. I am running bind 8.something on my 
> old box and bind 9 on the new box. I simply used the same configuration 
> file with a few minor changes to paths etc. Being that I can't contact 
> any root servers, that probably would indicate there being some problem 
> with the configuration.
> What is interesting is that at one point it seem to work, but to be 
> honest I haven't absolutely any clue what would have broken in such 
> short order. I think what compounds the problem is I can't think of 
> anything to ping beyond my own network just to be sure my packets are 
> flowing as they should be. Yes, I can use netwatch, but it tends to be a 
> bit to verbose just to get some simple info. I used to be able to ping 
> the ISP's dns server, but guess they decided to block pings now.<grin>
> 
> Tnx will have to keep hacking this problem.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: dns problem

[Scott Howell]

Actually to add to the dns issue. What I found most interesting is that 
I ran bind so I could watch anything it would log, once it started and 
said it was sending its nodify it just sits and I never see any logging 
beyond that point.

Here is a sample.

Starting domain name service: namedOct 14 10:40:04.119 starting BIND 
9.2.1 -g
Oct 14 10:40:04.125 using 1 CPU
Oct 14 10:40:04.174 loading configuration from '/etc/bind/named.conf'
Oct 14 10:40:04.261 no IPv6 interfaces found
Oct 14 10:40:04.262 listening on IPv4 interface lo, 127.0.0.1#53
Oct 14 10:40:04.269 listening on IPv4 interface eth0, 192.168.1.11#53
Oct 14 10:40:04.296 command channel listening on 127.0.0.1#953
Oct 14 10:40:04.297 ignoring config file logging statement due to -g 
option
Oct 14 10:40:04.310 zone 0.0.127.in-addr.arpa/IN: loaded serial 
2000121701
Oct 14 10:40:04.324 zone lrxms.net/IN: loaded serial 2002101301
Oct 14 10:40:04.325 running
Oct 14 10:40:04.329 zone lrxms.net/IN: sending notifies (serial 
2002101301)
./bind9: line 38:   730 Quit                    start-stop-daemon 
--start --quiet --pidfile /var/run/named.pid --exec /usr/sbin/named -- 
$OPTS
.

Now this is all you see even while making querries on another console it 
never changes.


I suspect and will have to do some real digging, but Debian does not 
have bind compile or configured to log the same as bind does on my 
Slackware box. If anyone is using Debian and bind and could tell me how 
its logging I'd appreciate it. I found a file called named.run and it 
had some info in it, but wasn't current. I tried moving it and touching 
a new file, but it was never populated. I then tried using the tail 
command to see if anything was being logged and nothing. This is 
really annoying. I guess I'm going to have to do more rtfming here 
because this doesn't make much sense and is proving a bit more tricky to 
find things.
I guess I could just get my own bind package and compile from scratch 
and know exactly where things are and doing what.

tnx