headers
Mário Gamito | 1 Feb 2008 13:11
Picon
Gravatar

Problem with private domain server

Hi,

I have this DNS server in a single computer running djbdns with 
daemontools. I want to have a private wwlib.lan domain and the PCs in 
the office to use this server both for wwlib.lan and for the internet.

I've installed tinydns in 127.0.0.1

My data file contains:
".wwlib.lan:127.0.0.1:a:259200
=mail.wwlib.lan:192.168.1.4:86400"

Already did make :)

Also, in the same server, I've installed a dnscache in 192.168.1.2 and 
in the server directory I've created a file named wwlib.lan containing 
127.0.0.1 inside.

In resolv.conf I've inserted 192.168.1.2

Problem is it isn't working at all.
Everything is fine (checked with svstat and readprotitle), but no errors 
on the logs of tinydns or dnscache.

It's as nothing was installed on the server.

Any ideas ?

Any help would be appreciated.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Harm van Tilborg | 1 Feb 2008 15:05
Favicon

Re: Problem with private domain server

Hi Mário,

What does the following two commands give you:

dig mail.wwlib.lan  <at> 192.168.1.2
dig mail.wwlib.lan  <at> 127.0.0.1

Of course, these commands have to be executed on the machine running 
tinydns and dnscache.

Kind regards,
Harm van Tilborg

Mário Gamito wrote:
> Hi,
> 
> I have this DNS server in a single computer running djbdns with 
> daemontools. I want to have a private wwlib.lan domain and the PCs in 
> the office to use this server both for wwlib.lan and for the internet.
> 
> I've installed tinydns in 127.0.0.1
> 
> My data file contains:
> ".wwlib.lan:127.0.0.1:a:259200
> =mail.wwlib.lan:192.168.1.4:86400"
> 
> Already did make :)
> 
> Also, in the same server, I've installed a dnscache in 192.168.1.2 and 
> in the server directory I've created a file named wwlib.lan containing
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jose Celestino | 1 Feb 2008 15:37
Picon
Gravatar

Re: Problem with private domain server

Words by Mário Gamito [Fri, Feb 01, 2008 at 12:11:20PM +0000]:
> Hi,
>
> I have this DNS server in a single computer running djbdns with daemontools. 
> I want to have a private wwlib.lan domain and the PCs in the office to use 
> this server both for wwlib.lan and for the internet.
>
> I've installed tinydns in 127.0.0.1
>
> My data file contains:
> ".wwlib.lan:127.0.0.1:a:259200
> =mail.wwlib.lan:192.168.1.4:86400"
>
> Already did make :)
>
> Also, in the same server, I've installed a dnscache in 192.168.1.2 and in 
> the server directory I've created a file named wwlib.lan containing 
> 127.0.0.1 inside.
>
> In resolv.conf I've inserted 192.168.1.2
>
> Problem is it isn't working at all.
> Everything is fine (checked with svstat and readprotitle), but no errors on 
> the logs of tinydns or dnscache.
>
> It's as nothing was installed on the server.
>
> Any ideas ?
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jose Celestino | 1 Feb 2008 18:29
Picon
Gravatar

Re: Problem with private domain server - NOT

Words by Mário Gamito [Fri, Feb 01, 2008 at 04:54:51PM +0000]:
> Hi,
>
>> Yes.
>>
>> cd /service/dnscache
>> touch root/ip/192.168.1
>
> After all, I can ping Internet IPs, but not .lan.
>

What has ping to do with this?
Can you do a dnsq test, both to the authoritative and to the cache?
What does dnscache/log show?
What does tinydns/log show?
What does /etc/resolv.conf show?

--

-- 
Jose Celestino
----------------------------------------------------------------
http://www.msversus.org/     ; http://techp.org/petition/show/1
http://www.vinc17.org/noswpat.en.html
----------------------------------------------------------------
"If you would have your slaves remain docile, teach them hymns."
    -- Ed Weathers ("The Empty Box")
Permalink | Reply | 0 comments |
headers
Karel K. | 16 Feb 2008 11:48

Is there a limit of domains per nameserver

Hello everybody,

I have been using tinydns without dnscache to provide dns services for
a couple of thousand domains during the last years.

However I have noticed that reaching a critical number of domains
using identical nameserver names leads to a situation where they are
no longer resolved.    Splitting the domain names upon several
nameserver names (still using just one data file and tinydns process)
solves the problem.

Example:
a.tld in ns1
b.tld in ns1
c.tld in ns1
d.tld in ns1
=> c.tld and d.tld are not resolved (requests time-out)

a.tld in ns1
b.tld in ns1
c.tld in ns2
d.tld in ns2
=> everything works as expected

I am posting here, because I have noticed this discussion (
http://marc.info/?t=117190021100004&r=1&w=2 ) and think it may be
related.

As far as I remember, the same problem occurs, when each domain were
using its own individual nameserver.
(Continue reading)

Permalink | Reply | 0 comments |
headers
richard lucassen | 22 Feb 2008 09:30
Favicon

djbdns does not

At the moment my djbdns is not capable of resolving postbank.nl. 

There are three authoritative ns for postbank.nl:

dnsq ns postbank.nl ns-nl.nic.fr
2 postbank.nl:
125 bytes, 1+0+3+2 records, response, noerror
query: 2 postbank.nl
authority: postbank.nl 7200 NS ns1.bbl.be
authority: postbank.nl 7200 NS ns1.ing.nl
authority: postbank.nl 7200 NS ns2.ing.nl
additional: ns1.ing.nl 7200 A 145.221.25.194
additional: ns2.ing.nl 7200 A 145.221.93.194

This ns is working, but bbl.be is not resolvable:

dnsq ns bbl.be a.ns.dns.be
2 bbl.be:
154 bytes, 1+0+7+0 records, response, noerror
query: 2 bbl.be
authority: bbl.be 86400 NS ns3.ing.be
authority: bbl.be 86400 NS ns4.ing.be
authority: bbl.be 86400 NS ns1.bbl.be
authority: bbl.be 86400 NS ns1.ing.be
authority: bbl.be 86400 NS ns2.bbl.be
authority: bbl.be 86400 NS ns2.ing.be
authority: bbl.be 86400 NS ns3.bbl.be

dnsq mx bbl.be ns3.ing.be
[no answer]
(Continue reading)

Permalink | Reply | 7 comments |
headers
Peter Dambier | 22 Feb 2008 12:28
Picon
Gravatar

Re: djbdns does not

Seen with tools from the competition :)

; <<>> DiG 9.4.0 <<>> postbank.nl +trace
;; global options:  printcmd
.                       279560  IN      NS      e-root.cesidio.net.
.                       279560  IN      NS      d-root.cesidio.net.
.                       279560  IN      NS      a-root.cesidio.net.
.                       279560  IN      NS      b-root.cesidio.net.
.                       279560  IN      NS      c-root.cesidio.net.
;; Received 128 bytes from 7.19.30.36#53(7.19.30.36) in 0 ms

nl.                     96400   IN      NS      ns.domain-registry.nl.
nl.                     96400   IN      NS      nl1.dnsnode.net.
nl.                     96400   IN      NS      ns2.nic.nl.
nl.                     96400   IN      NS      ns3.nic.nl.
nl.                     96400   IN      NS      ns4.nic.nl.
nl.                     96400   IN      NS      ns-nl.nic.fr.
nl.                     96400   IN      NS      ns-ext.isc.org.
;; Received 399 bytes from 78.47.115.197#53(b-root.cesidio.net) in 66 ms

postbank.nl.            7200    IN      NS      ns1.bbl.be.
postbank.nl.            7200    IN      NS      ns1.ing.nl.
postbank.nl.            7200    IN      NS      ns2.ing.nl.
;; Received 125 bytes from 62.4.86.232#53(ns4.nic.nl) in 69 ms

postbank.nl.            900     IN      A       145.221.53.27
postbank.nl.            900     IN      NS      ns1.ing.nl.
postbank.nl.            900     IN      NS      ns2.ing.nl.
postbank.nl.            900     IN      NS      ns1.bbl.be.
;; Received 159 bytes from 145.221.25.194#53(ns1.ing.nl) in 74 ms
(Continue reading)

Permalink | Reply | 5 comments |
headers
richard lucassen | 22 Feb 2008 13:07
Favicon

Re: djbdns does not

On Fri, 22 Feb 2008 12:28:37 +0100
Peter Dambier <peter <at> peter-dambier.de> wrote:

> Seen with tools from the competition :)

[snip competition tools]

> Looks harmless.

[snip competition tools]

> Nothing suspicious except for the date.
> 
> Did they recently change something and your cache has not updated?

yes, they resolved the problem.

> Try killing dnscache. It restarts automatically and updates
> immediately.
> 
> 
> Try again if it resolves now.

That's the first thing I did. But the question remains why dnscache
doesn't ask ns2 and ns3 if ns1 refuses to reply. I remember I've seen
this behaviour before.

R.

--

--
(Continue reading)

Permalink | Reply | 4 comments |
headers
Miller, Raul D | 22 Feb 2008 19:36
Picon
Favicon

RE: djbdns does not

richard lucassen <mailinglists <at> lucassen.org> wrote:
> But the question remains why dnscache
> doesn't ask ns2 and ns3 if ns1 refuses to reply. 

Perhaps it had cached an earlier response which
would not let it contact ns2 or ns3.

--

-- 
Raul
Permalink | Reply | 0 comments |
headers
Charlie Brady | 22 Feb 2008 21:59

dnscache and missing glue records (Re: djbdns does not ...)


On Fri, 22 Feb 2008, richard lucassen wrote:

> dnsq ns bbl.be a.ns.dns.be
> 2 bbl.be:
> 154 bytes, 1+0+7+0 records, response, noerror
> query: 2 bbl.be
> authority: bbl.be 86400 NS ns3.ing.be
> authority: bbl.be 86400 NS ns4.ing.be
> authority: bbl.be 86400 NS ns1.bbl.be
> authority: bbl.be 86400 NS ns1.ing.be
> authority: bbl.be 86400 NS ns2.bbl.be
> authority: bbl.be 86400 NS ns2.ing.be
> authority: bbl.be 86400 NS ns3.bbl.be
...
> Why is djbdns not querying ns1.ing.nl or ns2.ing.nl? Those ns are
> working correctly.

dnscache chooses to resolve all name server IPs for bbl.be before sending
any of them a query concerning bbl.be. In the case you show, there is
missing glue for ns1.bbl.be, ns2.bbl.be and ns3.bbl.be, so dnscache is not
able to resolve all name server IPs, and doesn't progress further by
sending queries to the subset of name servers which it has located. 
Instead, it fruitlessly pursues other searches for ns{1,2,3}.bbl.be.

I've written here about this issue multiple times. I consider it
dnscache's biggest flaw. It should resolve names if possible (other name
servers do). It should not operate as a 'lint' checker for dns data
configuration.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane