headers
Michael Mussulis | 24 Dec 2009 12:54
Picon
Favicon

missing authority and additional sections using bind-sdb-9.6.1-13.P2 (FC12)

Hi,

I am no expert on bind, but I install bind-9.6.1-13.P2.fc12.i686 and bind-sdb-9.6.1-13.P2.fc12.i686 on Fedora 12 x86 with a mysql configuration example from bind-dlz.sourceforge.net.

If I do: "dig <at> 192.168.0.82 test24.com any", I get:

; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> <at> 192.168.0.82 test24.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23242
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;test24.com.                    IN      ANY

;; ANSWER SECTION:
test24.com.             10      IN      MX      10 mail.test24.com.
test24.com.             10      IN      A       192.168.0.82
test24.com.             10      IN      SOA     ns.dos.ro. hostmaster.dos.ro. 1261614770 28000 2800 64800 10
test24.com.             10      IN      NS      ns.test24.com.

;; Query time: 3 msec
;; SERVER: 192.168.0.82#53(192.168.0.82)
;; WHEN: Thu Dec 24 13:45:10 2009
;; MSG SIZE  rcvd: 138

But if I do the same for a real domain on a bind box without dlz, I get:

[root <at> mmhome ~]# dig eurofeeds.com any

; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> eurofeeds.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41475
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;eurofeeds.com.                 IN      ANY

;; ANSWER SECTION:
eurofeeds.com.          1494    IN      NS      ns.dos.ro.
eurofeeds.com.          1494    IN      NS      ns1.dos.ro.
eurofeeds.com.          1494    IN      SOA     ns.dos.ro. hostmaster.dos.ro. 2006093005 21600 7200 1209600 7200
eurofeeds.com.          1494    IN      A       86.55.19.190
eurofeeds.com.          1494    IN      MX      10 mail.eurofeeds.com.

;; AUTHORITY SECTION:
eurofeeds.com.          1494    IN      NS      ns.dos.ro.
eurofeeds.com.          1494    IN      NS      ns1.dos.ro.

;; ADDITIONAL SECTION:
ns.dos.ro.              5998    IN      A       212.104.212.82
ns1.dos.ro.             1195    IN      A       86.55.19.190
mail.eurofeeds.com.     1494    IN      A       86.55.19.190

;; Query time: 42 msec
;; SERVER: 193.231.100.130#53(193.231.100.130)
;; WHEN: Thu Dec 24 13:45:58 2009
;; MSG SIZE  rcvd: 232

Why are the additional and authority sections missing when using dlz?

My conf files are:

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        #listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { 192.168.0.82; };
        #listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.82; };
        recursion no;
        auth-nxdomain yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside . trust-anchor dlv.isc.org.;
};

logging {
        #channel all_log {
        #    file "/var/log/named.log";
        #    severity debug;
        #    print-time yes;
        #    print-category yes;
        #    print-severity yes;
        #};

        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";

include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";

include "/etc/named.dlz.conf";


and

[root <at> VMFC12 etc]# cat named.dlz.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

dlz "Mysql zone" {
   database "mysql
    {host=localhost dbname=****** user=******* pass=********}
    {select zone from dns_records where zone = '%zone%'}
    {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"')
        else data end from dns_records where zone = '%zone%' and host = '%record%'
        and not (type = 'SOA' or type = 'NS')}
    {select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum
        from dns_records where zone = '%zone%' and (type = 'SOA' or type='NS')}
    {select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire,
        minimum from dns_records where zone = '%zone%' and not (type = 'SOA' or type = 'NS')}
    {select zone from xfr_table where zone = '%zone%' and client = '%client%'}
    {update data_count set count = count + 1 where zone ='%zone%'}";
};

Many thanks,
Michael.

Use Hotmail to send and receive mail from your different email accounts. Find out how. 
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Bind-dlz-testers mailing list
Bind-dlz-testers <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bind-dlz-testers
Permalink | Reply | 2 comments |
headers
Christian Kujau | 25 Dec 2009 09:03
Picon

Re: missing authority and additional sections using bind-sdb-9.6.1-13.P2 (FC12)

On Thu, 24 Dec 2009 at 11:54, Michael Mussulis wrote:
> If I do: "dig  <at> 192.168.0.82 test24.com any", I get:

Please don't post HTML emails to the list.

> Why are the additional and authority sections missing when using dlz?

Since you seem to get your records from a MySQL database, you could look 
in the query log and see if they match your configuration.

C.
--

-- 
BOFH excuse #384:

it's an ID-10-T error

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
Permalink | Reply | 0 comments |
headers
Todd Lyons | 27 Dec 2009 17:39
Gravatar

Re: missing authority and additional sections using bind-sdb-9.6.1-13.P2 (FC12)

2009/12/24 Michael Mussulis <mike_at_hm <at> hotmail.com>:
> Why are the additional and authority sections missing when using dlz?
> My conf files are:

The additional section is missing because of the way that bind makes
cache lookups before it passes control to the dlz driver.  There have
been a few threads about domain subdelegation that explain why this
happens.

The authority section, well that's a good question, I just noticed
that mine is doing the same thing.  I'm running bind-9.5.1 with dlz.
If I do a lookup for type mx, txt, a, soa, it always has an authority
record, but if I do a lookup for type any, I get all the proper
answers back, but I don't get an authority answer.  But, I also get
the same symptoms from bind 9.2.4 (CentOS 4.7) and bind 9.3.4 (CentOS
5.3) servers that are not running dlz.  So if you're getting an
authority answer back from bind proper, it appears to be a new
behavior.  What version of bind without dlz is that query against?

--

-- 
Regards...      Todd
Real Integrity is doing the right thing, knowing that no body's going
to know whether you did it or not.

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
Permalink | Reply | 0 comments |

Gmane