Results 1 to 10 of 10

Thread: DNS has gone weird

  1. #1
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default DNS has gone weird

    Recently my DNS Slave server has started doing something odd.
    If I am on my main Unix server and run nslookup (dig not available) against
    my primary DNS server I get something like:

    Server: main-dns.domain.com
    Address: 192.168.0.1

    Name: serverqueriedon.domain.com
    Address: 192.168.0.100

    >


    If I then switch to my slave server

    > server slave-dns.domain.com


    and query again I get:

    Server: main-dns.domain.com
    Address: 192.168.0.1

    Name: serverqueriedon.domain.com
    Address: 192.168.0.100

    and all is right with the world...BUT....

    If I then switch back to the main server:

    > server main-dns.domain.com


    I see:

    Default Server: NAT'd.IP.Information.From.External.DNS.query
    Address: 192.168.0.1

    The problem I believe is the slave server is using an external forwarder
    when it does its own resolution.

    To resolve the issue, I have temporarily removed the external forwarders on
    the slave server and added the Primary DNS server as the only listed
    forwarder. Obviously this is a short term hack since if the primary DNS went
    down there would be no forwarder at all.

    I discovered this problem when one of our automated process attempted to RCP
    from the Unix host to another host and uses the slave DNS server. Since the
    remote host uses .rhosts and the names do not match, the rcp connect fails.

    This configuration has been in place for oh say, 2 years. It's just a simple
    master/slave arrangement.

    Any ideas?




  2. #2
    Kevin Miller NNTP User

    Default Re: DNS has gone weird

    GofBorg wrote:
    > Recently my DNS Slave server has started doing something odd.
    > If I am on my main Unix server and run nslookup (dig not available) against
    > my primary DNS server I get something like:
    >
    > Server: main-dns.domain.com
    > Address: 192.168.0.1
    >
    > Name: serverqueriedon.domain.com
    > Address: 192.168.0.100
    >
    >
    > If I then switch to my slave server
    >
    >> server slave-dns.domain.com

    >
    > and query again I get:
    >
    > Server: main-dns.domain.com
    > Address: 192.168.0.1
    >
    > Name: serverqueriedon.domain.com
    > Address: 192.168.0.100
    >
    > and all is right with the world...BUT....
    >
    > If I then switch back to the main server:
    >
    >> server main-dns.domain.com

    >
    > I see:
    >
    > Default Server: NAT'd.IP.Information.From.External.DNS.query
    > Address: 192.168.0.1
    >
    > The problem I believe is the slave server is using an external forwarder
    > when it does its own resolution.
    >
    > To resolve the issue, I have temporarily removed the external forwarders on
    > the slave server and added the Primary DNS server as the only listed
    > forwarder. Obviously this is a short term hack since if the primary DNS went
    > down there would be no forwarder at all.
    >
    > I discovered this problem when one of our automated process attempted to RCP
    > from the Unix host to another host and uses the slave DNS server. Since the
    > remote host uses .rhosts and the names do not match, the rcp connect fails.
    >
    > This configuration has been in place for oh say, 2 years. It's just a simple
    > master/slave arrangement.
    >
    > Any ideas?


    Not really sure what's happening there, but you don't really need to be
    using forwarders at all. Just make sure you have a current version of
    the root.hint file. Your server will then query the root servers and
    resolve external addresses just fine, even if the master goes down.

    Of course, *your* zone data will eventually time out so you'll have to
    get the master server up in a timely manner. But that's a different issue.

    The main advantage of forwarders is they may have your query already
    cached, which speeds things up a bit. No need to hit the root servers
    and recurse down to the authoritative server for a given domain. The
    hit is pretty minor though, and I doubt your users will notice. After
    the first hit, your dns server will have the entry cached itself.

    ....Kevin
    --
    Kevin Miller
    Juneau, Alaska
    http://www.alaska.net/~atftb
    In a recent poll, seven out of ten hard drives preferred Linux.

  3. #3
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default Re: DNS has gone weird

    > Not really sure what's happening there, but you don't really need to be
    > using forwarders at all. Just make sure you have a current version of
    > the root.hint file. Your server will then query the root servers and
    > resolve external addresses just fine, even if the master goes down.
    >
    > Of course, *your* zone data will eventually time out so you'll have to
    > get the master server up in a timely manner. But that's a different
    > issue.
    >
    > The main advantage of forwarders is they may have your query already
    > cached, which speeds things up a bit. No need to hit the root servers
    > and recurse down to the authoritative server for a given domain. The
    > hit is pretty minor though, and I doubt your users will notice. After
    > the first hit, your dns server will have the entry cached itself.


    Thanks for those bits Kevin. I've been using forwarders since forever.
    This problem is just a bit perplexing. Do you think that if my slave server
    has a forwarders file with just my master DNS server as the only entry, and
    the master goes down that the slave server would then try root.hint before
    returning unresolvable? If so then I think my current arrangement is okay as
    the server does have a current root.hint file. Just not sure if there is an
    order of priority like forwarders>root.hint or if they are mutually
    exclusive and one overrides the other completely.


  4. #4
    Kevin Miller NNTP User

    Default Re: DNS has gone weird

    GofBorg wrote:
    >
    > Thanks for those bits Kevin. I've been using forwarders since
    > forever. This problem is just a bit perplexing. Do you think that if
    > my slave server has a forwarders file with just my master DNS server
    > as the only entry, and the master goes down that the slave server
    > would then try root.hint before returning unresolvable? If so then I
    > think my current arrangement is okay as the server does have a
    > current root.hint file. Just not sure if there is an order of
    > priority like forwarders>root.hint or if they are mutually exclusive
    > and one overrides the other completely.


    Hmmm. Not sure what happens if your forward server goes down. I would
    think it would then fall back to the root servers, but don't really know
    for certain. Do you have the luxury of stopping named on the master for
    30 seconds and then trying a lookup from the slave?

    If you can do that, be sure the slave isn't looking up something already
    cached. Pick some domain that you're pretty sure nobody has done a
    query on, or restart named on the slave - that will flush the cache.
    (Probably a more elegant way to flush the dns cache but I'm too lazy to
    look it up.)



    ....Kevin
    --
    Kevin Miller
    Juneau, Alaska
    http://www.alaska.net/~atftb
    In a recent poll, seven out of ten hard drives preferred Linux.

  5. #5
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default Re: DNS has gone weird

    > Hmmm. Not sure what happens if your forward server goes down. I would
    > think it would then fall back to the root servers, but don't really know
    > for certain. Do you have the luxury of stopping named on the master for
    > 30 seconds and then trying a lookup from the slave?


    Yah I was going to try that if you weren't certain anyway. I can do it
    after hours. I'll let you know the results.




  6. #6
    Kevin Miller NNTP User

    Default Re: DNS has gone weird

    GofBorg wrote:
    >> Hmmm. Not sure what happens if your forward server goes down. I would
    >> think it would then fall back to the root servers, but don't really know
    >> for certain. Do you have the luxury of stopping named on the master for
    >> 30 seconds and then trying a lookup from the slave?

    >
    > Yah I was going to try that if you weren't certain anyway. I can do it
    > after hours. I'll let you know the results.


    So how'd it work out?

    ....Kevin
    --
    Kevin Miller - http://www.alaska.net/~atftb
    Juneau, Alaska
    In a recent survey, 7 out of 10 hard drives preferred Linux
    Registered Linux User No: 307357, http://counter.li.org

  7. #7
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default Re: DNS has gone weird

    >>> Hmmm. Not sure what happens if your forward server goes down. I would
    >>> think it would then fall back to the root servers, but don't really know
    >>> for certain. Do you have the luxury of stopping named on the master for
    >>> 30 seconds and then trying a lookup from the slave?

    >>
    >> Yah I was going to try that if you weren't certain anyway. I can do it
    >> after hours. I'll let you know the results.

    >
    > So how'd it work out?


    Got tied up on some other things. Will see if I can test it tonight.




  8. #8
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default Re: DNS has gone weird

    >>>> Hmmm. Not sure what happens if your forward server goes down. I would
    >>>> think it would then fall back to the root servers, but don't really
    >>>> know
    >>>> for certain. Do you have the luxury of stopping named on the master
    >>>> for 30 seconds and then trying a lookup from the slave?


    It fails. Times out with no servers available.



  9. #9
    Kevin Miller NNTP User

    Default Re: DNS has gone weird

    GofBorg wrote:
    >>>>> Hmmm. Not sure what happens if your forward server goes down. I would
    >>>>> think it would then fall back to the root servers, but don't really
    >>>>> know
    >>>>> for certain. Do you have the luxury of stopping named on the master
    >>>>> for 30 seconds and then trying a lookup from the slave?

    >
    > It fails. Times out with no servers available.


    I'm 99.9% certain I used to run my slaves w/o forwarders. They would
    still receive updates for the zones which they're authoritative for from
    my master, but would also do their own lookups. Don't know if that's an
    option for you or not but you might give it a test. That way you
    wouldn't be dependent solely on your master...

    ....Kevin
    --
    Kevin Miller
    Juneau, Alaska
    http://www.alaska.net/~atftb
    In a recent poll, seven out of ten hard drives preferred Linux.

  10. #10
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default Re: DNS has gone weird

    > I'm 99.9% certain I used to run my slaves w/o forwarders. They would
    > still receive updates for the zones which they're authoritative for from
    > my master, but would also do their own lookups. Don't know if that's an
    > option for you or not but you might give it a test. That way you
    > wouldn't be dependent solely on your master...


    I'll check it out. Thanks again.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •