Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 02 Feb 2008 21:44:21 -0800
From:      "Mark D. Foster" <mark@foster.cc>
To:        DAve <dave.list@pixelhammer.com>
Cc:        'User Questions' <freebsd-questions@freebsd.org>
Subject:   Re: OT: Silly Bind question
Message-ID:  <47A554B5.1080300@foster.cc>
In-Reply-To: <47A54DDE.3010400@pixelhammer.com>
References:  <47A54DDE.3010400@pixelhammer.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
DAve wrote:
> Excuse the OT question but I need a well rounded experienced group for
> this question. I have begun a migration from Bind to TinyDNS. TinyDNS is
> working flawlessly, beyond expectations. However I need to drag the old
> Bind servers behind until I can get several hundred pieces of client
> equipment and devices switched over to the new DNS servers. This because
> we are also changing the domain name of our authoritative servers.
>
> The problem, I have a client requesting SPF records. The TinyDNS servers
> are responding correctly but for the life of me I cannot get Bind to
> return a TXT record. I am baffled as to what I've done wrong.
>
> An example domain, pixelhammer.com querying the new servers.
> bash-2.05b$ dig @ns1.tls.net pixelhammer.com txt
>
> ; <<>> DiG 8.3 <<>> @ns1.tls.net pixelhammer.com txt
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      pixelhammer.com, type = TXT, class = IN
>
> ;; ANSWER SECTION:
> pixelhammer.com.        23h47m45s IN TXT  "v=spf1 ip4:65.196.224.82
> ip4:65.196.224.83 ~all"
>
> ;; Total query time: 4 msec
> ;; FROM: avhost1.tls.net to SERVER: ns1.tls.net  65.124.104.29
> ;; WHEN: Sun Feb  3 00:10:36 2008
> ;; MSG SIZE  sent: 33  rcvd: 93
>
> No problem there, but when I query the old bind servers, I get nuthin,
> nada, zip.
>
> bash-2.05b$ dig @ns1.totallogic.com pixelhammer.com txt
>
> ; <<>> DiG 8.3 <<>> @ns1.totallogic.com pixelhammer.com txt
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      pixelhammer.com, type = TXT, class = IN
>
> ;; AUTHORITY SECTION:
> pixelhammer.com.        1D IN SOA       ns2.totallogic.com.
> hostmaster.tls.net. (
>                                         2008020219      ; serial
>                                         3H              ; refresh
>                                         1H              ; retry
>                                         1D              ; expiry
>                                         1D )            ; minimum
>
>
> ;; Total query time: 3 msec
> ;; FROM: avhost1.tls.net to SERVER: ns1.totallogic.com  65.196.224.2
> ;; WHEN: Sun Feb  3 00:10:01 2008
> ;; MSG SIZE  sent: 33  rcvd: 102
>
>
> Here are the contents of the zone file.
> ;Creating pixelhammer.com zone file
> $TTL	1D
> @	IN	SOA	ns2.totallogic.com.	hostmaster.tls.net.	(
> 	2008020219 3H	1H	1D	1D	)
>
> ; MX Recs
> 	IN	MX	10	avhost.tls.net.
> 	IN	MX	20	mailgate.tls.net.
>
> ; NS Recs
> 	IN	NS	ns1auth.tls.net.
> 	IN	NS	ns3auth.tls.net.
> 	IN	NS	ns2auth.tls.net.
>
> ; A Recs
> 	IN	A	65.196.224.25
> www	IN	A	65.196.224.25
> ftp	IN	A	65.196.224.25
>
> ; TEXT Recs
> 	IN	TXT	"v=spf1 ip4:65.196.224.82 ip4:65.196.224.83 ~all"
>
> ; CNAME Recs
> mail	IN	CNAME	mail.tls.net.
> smtp	IN	CNAME	smtp.tls.net.
>
> ;END pixelhammer.com zone file
>
> I am stumped, what have I done wrong?
>
> Thanks,
>
> DAve
>
>
>   
Looks to me like you need to remove the pixelhammer.com zone from your
old bind servers, as the delegation from the root points to
ns1auth.tls.net and ns2auth.tls.net both of which appear to have
authority for the zone AND the txt record you seek.

monk:~> dig +trace pixelhammer.com ns

; <<>> DiG 9.4.1-P1 <<>> +trace pixelhammer.com ns
;; global options:  printcmd
.                       65035   IN      NS      I.ROOT-SERVERS.NET.
.                       65035   IN      NS      J.ROOT-SERVERS.NET.
.                       65035   IN      NS      K.ROOT-SERVERS.NET.
.                       65035   IN      NS      L.ROOT-SERVERS.NET.
.                       65035   IN      NS      M.ROOT-SERVERS.NET.
.                       65035   IN      NS      A.ROOT-SERVERS.NET.
.                       65035   IN      NS      B.ROOT-SERVERS.NET.
.                       65035   IN      NS      C.ROOT-SERVERS.NET.
.                       65035   IN      NS      D.ROOT-SERVERS.NET.
.                       65035   IN      NS      E.ROOT-SERVERS.NET.
.                       65035   IN      NS      F.ROOT-SERVERS.NET.
.                       65035   IN      NS      G.ROOT-SERVERS.NET.
.                       65035   IN      NS      H.ROOT-SERVERS.NET.
;; Received 436 bytes from 192.168.1.11#53(192.168.1.11) in 3 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 493 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 488 ms

pixelhammer.com.        172800  IN      NS      ns1auth.tls.net.
pixelhammer.com.        172800  IN      NS      ns2auth.tls.net.
;; Received 116 bytes from 192.54.112.30#53(h.gtld-servers.net) in 179 ms

monk:~> host ns1auth.tls.net
ns1auth.tls.net has address 65.124.104.30
monk:~> host ns2auth.tls.net
ns2auth.tls.net has address 65.123.104.30

monk:~> dig @ns1auth.tls.net pixelhammer.com txt

; <<>> DiG 9.4.1-P1 <<>> @ns1auth.tls.net pixelhammer.com txt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11218
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;pixelhammer.com.               IN      TXT

;; ANSWER SECTION:
pixelhammer.com.        86400   IN      TXT     "v=spf1
ip4:65.196.224.82 ip4:65.196.224.83 ~all"

;; AUTHORITY SECTION:
pixelhammer.com.        86400   IN      NS      ns1auth.tls.net.
pixelhammer.com.        86400   IN      NS      ns2auth.tls.net.
pixelhammer.com.        86400   IN      NS      ns3auth.tls.net.

;; ADDITIONAL SECTION:
ns1auth.tls.net.        86400   IN      A       65.124.104.30
ns2auth.tls.net.        86400   IN      A       65.123.104.30
ns3auth.tls.net.        86400   IN      A       65.124.110.14

;; Query time: 84 msec
;; SERVER: 65.124.104.30#53(65.124.104.30)
;; WHEN: Sat Feb  2 21:39:41 2008
;; MSG SIZE  rcvd: 214

-- 
Said one park ranger, 'There is considerable overlap between the 
 intelligence of the smartest bears and the dumbest tourists.'
Mark D. Foster, CISSP <mark@foster.cc>  http://mark.foster.cc/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47A554B5.1080300>