BIND A Record propogation problems

[asdf]

Hey guys,

I'm having problems with my A records for my domain heyretard.org propogating to the root servers. Here are the related files:

named.conf

Code:

// Config file for caching only name server
//
// The version of the HOWTO you read may contain leading spaces
// (spaces in front of the characters on these lines ) in this and
// other files.  You must remove them for things to work.
//
// Note that the filenames and directory names may differ, the
// ultimate contents of should be quite similar though.

options {
        directory "/var/named";

        listen-on { 209.113.190.141; 127.0.0.1; };

                // Uncommenting this might help if you have to go through a
                // firewall and things are not working out.  But you probably
                // need to talk to your firewall admin.

                // query-source port 53;
        pid-file "/var/run/named/named.pid";
        };

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
        algorithm hmac-md5;
        secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

zone "." {
        type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
       type master;
       file "pz/127.0.0";
};

zone "heyretard.org" {
        type master;
        //notify no;
        file "pz/heyretard.org";
};

// Reverse Zone Info
zone "190.113.209.in-addr.arpa" {
        type master;
        notify no;
        file "pz/209.113.190";
};

heyretard.org zone file - I'm uncertain in this file if I can have multiple A records for the same IP? For instance ftp.heyretard.org, mail.heyretard.org, and www.heyretard.org all point to the same IP.

In the reverse zone I can only have one PTR record I believe. I tried to have more than one but when I ping the IP i get replies from ftp, mail, ns1, etc.

Code:

;
; Zone file for heyretard.org!
;
; The full zone file
;
$TTL 3D
@       IN      SOA     ns1.heyretard.org. postmaster.heyretard.org. (
                        2004101503      ; serial, todays date + todays serial #
                        3600            ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
;
                TXT     "Heyretard.org, you're a retarded retard!"
                NS      ns1             ; Inet Address of name server
                MX      10 mail.heyretard.org. ; Primary Mail Exchanger
;                MX      20 mailman.heyretard.org.; Secondary Mail Exchanger
;
localhost       A       127.0.0.1
ns1             A       209.113.190.141

heyretard.org.  A       209.113.190.141
www             A       209.113.190.141
mail            CNAME   ns1
ftp             CNAME   ns1

My reverse lookup zone

Code:

$TTL 3D
@       IN      SOA     ns1.heyretard.org. hostmaster.heyretard.org. (
                        2004101802 ; Serial, todays date + todays serial
                        3600      ; Refresh
                        2H      ; Retry
                        4W      ; Expire
                        1D   ; Minimum TTL
                        )
        IN      NS      ns1.heyretard.org.
141     IN      PTR     www.heyretard.org.
;141            PTR     ftp.heyretard.org.

Any help is GREATLY appreciated! I'll be harassing the usual suspects on IRC tonight over this...

[wassy121]

I think your problem is in the zone file itself. You will need entries for both ns1.heyretard.org and ns2.heyretard.org. Also, is this zone generating any errors in /var/log/messages (or wherever your INFO statements are going)?

I would re-write the zone file like:

Code:

;
; Zone file for heyretard.org!
;
; The full zone file
;
$TTL 3D
@       IN      SOA     ns1.heyretard.org. postmaster.heyretard.org. (
                        2004101503      ; serial, todays date + todays serial #
                        3600            ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
;
                TXT     "Heyretard.org, you're a retarded retard!"
heyretard.org.  A       209.113.190.141
mail            A       209.113.190.141
ns1             CNAME   heyretard.org.
ns2             CNAME   heyretard.org.

www             CNAME   heyretard.org.
ftp             CNAME   heyretard.org.
                NS      ns1             ; Inet Address of name server
                NS      ns2             ; Inet Address of secondary name server
                MX      10 mail.heyretard.org. ; Primary Mail Exchanger
;                MX      20 mailman.heyretard.org.; Secondary Mail Exchanger
;

Just ensure that you are serving the name correctly by running 'dig @localhost heyretard.org'. Also, please note that mail (the MX) must be an A record. You will have all sorts of intermittent problems if you leave it as a CNAME.

Best,

Samuel

[asdf]

wassy121,

I'll make these editions and see what happens tomorrow. Thanks a lot!

[asdf]

Hey Samual,

Here is the ouput from dig @localhost heyretard.org

Code:

root@mailman pz # dig @localhost heyretard.org

; <<>> DiG 9.2.3 <<>> @localhost heyretard.org
;; global options&#58;  printcmd
;; Got answer&#58;
;; ->>HEADER<<- opcode&#58; QUERY, status&#58; SERVFAIL, id&#58; 19259
;; flags&#58; qr rd ra; QUERY&#58; 1, ANSWER&#58; 0, AUTHORITY&#58; 0, ADDITIONAL&#58; 0

;; QUESTION SECTION&#58;
;heyretard.org.                 IN      A

;; Query time&#58; 2 msec
;; SERVER&#58; 127.0.0.1#53&#40;localhost&#41;
;; WHEN&#58; Tue Oct 19 04&#58;23&#58;01 2004
;; MSG SIZE  rcvd&#58; 31

There is no answer section so I assume that is not correct. Your thoughts?

Thanks,

- Justin

[asdf]

It looks like my server is not updating the roto servers for whatever reason. Here is a dig from my local DNS server:

Code:

root@mailman jstn # dig 209.113.190.141

; <<>> DiG 9.2.3 <<>> 209.113.190.141
;; global options&#58;  printcmd
;; Got answer&#58;
;; ->>HEADER<<- opcode&#58; QUERY, status&#58; NXDOMAIN, id&#58; 39170
;; flags&#58; qr rd ra; QUERY&#58; 1, ANSWER&#58; 0, AUTHORITY&#58; 1, ADDITIONAL&#58; 0

;; QUESTION SECTION&#58;
;209.113.190.141.               IN      A

;; AUTHORITY SECTION&#58;
.                       10644   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2004101900 1800 900 604800 86400

;; Query time&#58; 2 msec
;; SERVER&#58; 127.0.0.1#53&#40;127.0.0.1&#41;
;; WHEN&#58; Tue Oct 19 07&#58;07&#58;51 2004
;; MSG SIZE  rcvd&#58; 108

and from my external unix shell:

Code:

[jstn@sdf] ~ $ dig 209.113.190.141

; <<>> DiG 9.2.2-P2 <<>> 209.113.190.141
;; global options&#58;  printcmd
;; Got answer&#58;
;; ->>HEADER<<- opcode&#58; QUERY, status&#58; NXDOMAIN, id&#58; 50672
;; flags&#58; qr rd ra; QUERY&#58; 1, ANSWER&#58; 0, AUTHORITY&#58; 1, ADDITIONAL&#58; 0

;; QUESTION SECTION&#58;
;209.113.190.141.               IN      A

;; AUTHORITY SECTION&#58;
.                       10800   IN      SOA     ns0.opennic.glue. hostmaster.opennic.glue. 2003112302 1800 900 604800 86400

;; Query time&#58; 47 msec
;; SERVER&#58; 192.94.73.20#53&#40;192.94.73.20&#41;
;; WHEN&#58; Tue Oct 19 16&#58;02&#58;13 2004
;; MSG SIZE  rcvd&#58; 95

So what I did was I checked out opennic.glue and they have their own set of root server, so I replaced my root.hints with theirs. I'm going to see if the A records update now and see where this goes!

Thanks!

- Justin

[asdf]

Well I've waited another day and dig still reports that the Authorative nameserver is still ns0.opennic.glue. hostmaster.opennic.glue. I ran a dig <my ip>.

Anyone else have an idea what I'm doing wrong here? I spoke with my ISP and they're not blocking any ports for DNS, so it's something I'm doing (realistically not doing) I suppose.

[wassy121]

You are misusing dig. You mean to be doing either 'dig -x $IP' to do a reverse DNS lookup of your IP address, or running 'dig @$IP domain.com' to actually query the $IP address in question for domain.com.

This should make your follow-ups a little more reliable, so we can see what is really going on.

Best,

Samuel