umm... eh? my DNS is whacko...
Moderator: Moderators
umm... eh? my DNS is whacko...
umm, an A record != NS record
http://dnsstuff.com/tools/traversal.ch? ... org&type=A
and, your servers are the only ones that report a cname still for other domains
http://dnsstuff.com/tools/traversal.ch? ... org&type=A
http://dnsstuff.com/tools/traversal.ch? ... org&type=A
and, your servers are the only ones that report a cname still for other domains
http://dnsstuff.com/tools/traversal.ch? ... org&type=A
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Our DNS servers only do what they're told to by the master; we don't fix up any of the zone records that are transferred in. EveryDNS is using tinydns, which will handle some things differently than BIND9 will (which is what we use). That said, the nameservers are returning valid data for my domains and a handful of other secondary domains I randomly checked. You might try removing the wildcard records. I suspect that tinydns is just feeding back the IP address when it encounters a wildcard-based entry, whereas BIND creates a lookup chain.
Since you do not have "test.winbots.org" defined by any means other than a wildcard, BIND will do something like this to find the IP address:
test.winbots.org matches wildcard CNAME cobi.winbots.org.
cobi.winbots.org is defined as an A record for 24.136.175.7
test.winbots.org => cobi.winbots.org => 24.136.175.7
Nothing is actually wrong. The script you pointed me to either doesn't have explicit handling for wildcard entries, or doesn't take the CNAME chain far enough.
Since you do not have "test.winbots.org" defined by any means other than a wildcard, BIND will do something like this to find the IP address:
test.winbots.org matches wildcard CNAME cobi.winbots.org.
cobi.winbots.org is defined as an A record for 24.136.175.7
test.winbots.org => cobi.winbots.org => 24.136.175.7
Nothing is actually wrong. The script you pointed me to either doesn't have explicit handling for wildcard entries, or doesn't take the CNAME chain far enough.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Does your master send a NOTIFY? The RollerNet DNS doesn't do periodic reloads, it waits for the master to send a NOTIFY before it will do an AXFR/IXFR to update the zone. EveryDNS queries for changes every hour since tinydns doesn't have a native NOTIFY mechanisim.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Yes, you can. There's some stuff on tinydns.org towards the bottom of the page, too.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
ok I think I found a notify script, I just need to wait and see if rollernet gets the zone now
P.S. for those interested, the script is here: http://tinydns.org/dnsnotify
P.S. for those interested, the script is here: http://tinydns.org/dnsnotify
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Zone updates are instant when we get a NOTIFY from the master. Here's what our logs say:
Code: Select all
Apr 17 14:02:39 isidore named[1809]: received notify for zone 'winbots.org'
Apr 17 14:02:39 isidore named[1809]: zone winbots.org/IN: refresh: unexpected rcode (REFUSED) from master 24.136.174.165#53
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
hmm... from three places on the internet, when i try i always get this:
Code: Select all
<Snip>
;; Received 54 answers (54 records).
;; FROM: <snip> to SERVER: 24.136.174.165
;; WHEN: Sun Apr 17 19:16:58 2005
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
dig returns the proper information on both of the nameservers, but BIND is errors out when trying to load the zone with the same error message as above. I tried disabling IXFR in BIND, too, but that didn't work either. At this point I'm not sure what's going on; other domains are transferring normally when we get a notify, so it's not a server wide problem. All I can think of is that BIND doesn't like the response it's getting.
Here's the result of the attempt in tcpdump:
Here's the result of the attempt in tcpdump:
Code: Select all
00:19:36.577949 IP (tos 0x0, ttl 39, id 0, offset 0, flags [DF], length: 57) 24.136.174.165.53 > 67.118.43.92.40361: [udp sum ok] 59777 Refused- q: SOA? winbots.org. 0/0/0 (29)
0x0000: 4500 0039 0000 4000 2711 1db5 1888 aea5 E..9..@.'.......
0x0010: 4376 2b5c 0035 9da9 0025 fd9e e981 8005 Cv+\.5...%......
0x0020: 0001 0000 0000 0000 0777 696e 626f 7473 .........winbots
0x0030: 036f 7267 0000 0600 01 .org.....
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
does that tcp dump look like the tcp dumps of other zone transfers?
EDIT: http://www.fefe.de/djbdns/#bind9axfr
EDIT: http://www.fefe.de/djbdns/#bind9axfr
do you want me to patch my djbdns or do you want to patch bind 9?djbdns-FAQ wrote: BIND 9 won't accept AXFRs from djbdns!
Greg Hewgill posted a patch to djbdns-1.04 to the mailing list. I heard the BIND people fixed this in recent BIND 9 versions (it was, of course, a BIND bug).
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Thanks for the info. It is probably better for the long run that I fix the problem with BIND rather than force everyone else to work around it, but I need to do a little more research before upgrading. I apologize for the inconvenience and hopefully this will be resolved soon.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC