Date: 28 Feb 2002 13:52:50 -0600 From: Kirk Strauser <kirk@strauser.com> To: freebsd-net@FreeBSD.ORG Subject: My DNS is giving wrong answers (sometimes) Message-ID: <87u1s1tmct.fsf@pooh.int>
next in thread | raw e-mail | index | archive | help
Ack! I just migrated my primary DNS from one machine (ds10.honeypot.net) to
another (kanga.honeypot.net), both running FreeBSD 4.5-STABLE. I'm trying
to serve the honeypot.net domain. Here is the entry from named.conf:
zone "honeypot.net" {
type master;
file "db/db.honeypot.net";
};
and this is the contents of db/db.honeypot.net:
$TTL 86400
$ORIGIN net.
honeypot IN SOA ns2.honeypot.net. root.kanga.honeypot.net. (
2002022803 10800 3600 604800 86400 )
IN NS ns1.honeypot.net.
IN NS ns2.honeypot.net.
IN A 12.28.57.99
IN MX 0 mail.honeypot.net.
IN MX 10 ds10.dialnet.net.
$ORIGIN honeypot.net.
ns1 IN A 12.28.57.99
ns2 IN A 208.162.254.109
psmg IN A 12.28.57.99
www IN A 12.28.57.99
stats IN A 12.28.57.99
subwiki IN A 208.162.254.109
kanga IN A 208.162.254.109
pooh IN CNAME kanga.honeypot.net.
tigger IN CNAME kanga.honeypot.net.
mail IN A 208.162.254.109
ds10 IN A 12.28.57.99
zope IN A 208.162.254.109
On of my users notified me that he was now getting the wrong answer when he
queried for ds10.honeypot.net. Being skeptical, I tried a query from kanga:
root@kanga:/etc/namedb/db# dig @kanga.honeypot.net ds10.honeypot.net
; <<>> DiG 8.3 <<>> @kanga.honeypot.net ds10.honeypot.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; ds10.honeypot.net, type = A, class = IN
;; ANSWER SECTION:
ds10.honeypot.net. 1D IN A 12.28.57.99
;; AUTHORITY SECTION:
honeypot.net. 1D IN NS ns1.honeypot.net.
honeypot.net. 1D IN NS ns2.honeypot.net.
;; ADDITIONAL SECTION:
ns1.honeypot.net. 1D IN A 12.28.57.99
ns2.honeypot.net. 1D IN A 208.162.254.109
;; Total query time: 4 msec
;; FROM: kanga.int to SERVER: kanga.honeypot.net 208.162.254.109
;; WHEN: Thu Feb 28 13:44:12 2002
;; MSG SIZE sent: 35 rcvd: 119
The anwers were correct, as far as I can tell, so I didn't think too much
about it. However, my user insisted that he was still getting wrong
answers. I ssh'ed into a remote machine and was surprised to get:
strauser@csc ~$ dig @kanga.honeypot.net ds10.honeypot.net
; <<>> DiG 8.3 <<>> @kanga.honeypot.net ds10.honeypot.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; ds10.honeypot.net, type = A, class = IN
;; ANSWER SECTION:
ds10.honeypot.net. 0S IN A 208.162.254.109
;; AUTHORITY SECTION:
honeypot.net. 0S IN NS ns1.honeypot.net.
honeypot.net. 0S IN NS ns2.honeypot.net.
;; ADDITIONAL SECTION:
ns1.honeypot.net. 0S IN A 208.162.254.109
ns2.honeypot.net. 0S IN A 208.162.254.109
;; Total query time: 112 msec
;; FROM: csc.smsu.edu to SERVER: kanga.honeypot.net 208.162.254.109
;; WHEN: Thu Feb 28 13:43:56 2002
;; MSG SIZE sent: 35 rcvd: 119
Basically, if I query $host.honeypot.net, and $host is defined, then I
always get the answer of kanga.honeypot.net's own IP. I don't *think* it
would matter, but I'm on a permanent DSL connection with a static IP, and my
LAN (and kanga.honeypot.net itself) is numbered in the 10/8 netblock. My
Cisco 678 router is handling NAT, with dynamic mapped outbound connections,
and a small set of static mapped inbound rules (DNS, SMTP, HTTP, etc.).
Any suggestions? This is a Really Bad Thing, and I have no idea what's
causing the problem. Please take pity on a desperate sysadmin!
--
Kirk Strauser
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87u1s1tmct.fsf>