Discussion:
Issues with BIND
(too old to reply)
Drew Broadley
2004-04-15 23:54:57 UTC
Permalink
I am having issues with a SINGLE domain "corrupt.co.nz", every other
domain is fine!

Here's the deal:

Bind logs return nothing like they usually would saying there
was an error with the domain.

I can dig to ALL of my AUTH NS servers, and get the records
returned no problemo.

I can use XTRA, DTS (and a few others have used their own DNS
servers) and get returned results without any SERVFAIL errors.

I try to dig anything to the PARADISE NS servers
(203.96.152{4,12}) and I get mixed results.
I get www.corrupt.co.nz and corrupt.co.nz, but none of my overly
important records (home.corrupt.co.nz, mail.corrupt.co.nz)
It returns SERVFAIL id:2 whenever I try to request anything
other then www.corrupt.co.nz / corrupt.co.nz via PARADISES NS Servers

Any ideas?

I have contacted ***@paradise.net.nz but god knows how long that will
take to be processed.

- Drew
James Spooner
2004-04-16 00:07:13 UTC
Permalink
At risk of being accused as a top-poster....

http://www.dnsreport.com/tools/dnsreport.ch?domain=corrupt.co.nz
Post by Drew Broadley
I am having issues with a SINGLE domain "corrupt.co.nz", every other
domain is fine!
Does that help?
Cameron Kerr
2004-04-16 00:17:52 UTC
Permalink
Post by Drew Broadley
I get www.corrupt.co.nz and corrupt.co.nz, but none of my overly
important records (home.corrupt.co.nz, mail.corrupt.co.nz)
It returns SERVFAIL id:2 whenever I try to request anything
other then www.corrupt.co.nz / corrupt.co.nz via PARADISES NS Servers
The id value isn't a value of substance for this discussion (it's not an
error code at all, its used as a transaction ID).
Post by Drew Broadley
Any ideas?
One reason for the fault may be that a negative result has been cached
and will therefor require some time for it to invalidate the negative
result for those names.
--
Cameron Kerr
***@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!
Barry Murphy
2004-04-16 00:18:58 UTC
Permalink
Seems fine to me...

***@ns:~$ dig @rachel.paradise.net.nz corrupt.co.nz

; <<>> DiG 8.3 <<>> @rachel.paradise.net.nz corrupt.co.nz
; (1 server found)


;; ANSWER SECTION:
corrupt.co.nz. 38m14s IN A 202.36.205.18

;; AUTHORITY SECTION:
corrupt.co.nz. 38m14s IN NS theyre.corrupt.co.nz.
corrupt.co.nz. 38m14s IN NS im.corrupt.co.nz.
corrupt.co.nz. 38m14s IN NS hes.corrupt.co.nz.
corrupt.co.nz. 38m14s IN NS shes.corrupt.co.nz.

though terminator.xtra show ...

;; AUTHORITY SECTION:
corrupt.co.nz. 1h48m18s IN NS ns1.iplay.net.nz.
corrupt.co.nz. 1h48m18s IN NS ns2.iplay.net.nz.
corrupt.co.nz. 1h48m18s IN NS ns3.iplay.net.nz.
corrupt.co.nz. 1h48m18s IN NS ns4.iplay.net.nz.


Barry

----- Original Message -----
Post by Drew Broadley
I am having issues with a SINGLE domain "corrupt.co.nz", every other
domain is fine!
Bind logs return nothing like they usually would saying there
was an error with the domain.
I can dig to ALL of my AUTH NS servers, and get the records
returned no problemo.
I can use XTRA, DTS (and a few others have used their own DNS
servers) and get returned results without any SERVFAIL errors.
I try to dig anything to the PARADISE NS servers
(203.96.152{4,12}) and I get mixed results.
I get www.corrupt.co.nz and corrupt.co.nz, but none of my overly
important records (home.corrupt.co.nz, mail.corrupt.co.nz)
It returns SERVFAIL id:2 whenever I try to request anything
other then www.corrupt.co.nz / corrupt.co.nz via PARADISES NS Servers
Any ideas?
take to be processed.
- Drew
_______________________________________________
NZNOG mailing list
http://list.waikato.ac.nz/mailman/listinfo/nznog
Don Stokes
2004-04-16 00:31:36 UTC
Permalink
Post by Drew Broadley
I am having issues with a SINGLE domain "corrupt.co.nz", every other
domain is fine!
...
Post by Drew Broadley
It returns SERVFAIL id:2 whenever I try to request anything
other then www.corrupt.co.nz / corrupt.co.nz via PARADISES NS Servers
The Paradise servers list as name servers:

corrupt.co.nz. 1h8m39s IN NS theyre.corrupt.co.nz.
corrupt.co.nz. 1h8m39s IN NS im.corrupt.co.nz.
corrupt.co.nz. 1h8m39s IN NS hes.corrupt.co.nz.
corrupt.co.nz. 1h8m39s IN NS shes.corrupt.co.nz.

not the servers listed in the actual zone:

corrupt.co.nz. 2h13m20s IN NS ns1.iplay.net.nz.
corrupt.co.nz. 2h13m20s IN NS ns2.iplay.net.nz.
corrupt.co.nz. 2h13m20s IN NS ns3.iplay.net.nz.

which is different to the list on the registry:

corrupt.co.nz. 1D IN NS ns2.iplay.net.nz.
corrupt.co.nz. 1D IN NS ns3.iplay.net.nz.
corrupt.co.nz. 1D IN NS ns.iplay.net.nz.

The top list (theyre.corrupt.co.nz et al) are all CNAMES which is Not
Allowed. I suspect that Paradise has cached a broken configuration, and
you'll just have to wait until it times out in just over an hour.

You might like to make sure the registry and zone NS lists agree too.

-- don
Mark Goldfinch
2004-04-16 00:45:34 UTC
Permalink
I try to dig anything to the PARADISE NS servers (203.96.152{4,12}) and
I get mixed results.
I get www.corrupt.co.nz and corrupt.co.nz, but none of my overly
important records (home.corrupt.co.nz, mail.corrupt.co.nz)
It returns SERVFAIL id:2 whenever I try to request anything other then
www.corrupt.co.nz / corrupt.co.nz via PARADISES NS Servers
ns1.dns.net.nz lists the nameservers for corrupt.co.nz as being:

ns.iplay.net.nz.
ns2.iplay.net.nz
ns3.iplay.net.nz

iplay nameservers list:

ns1.iplay.net.nz.
ns2.iplay.net.nz.
ns3.iplay.net.nz.

Which is okayish, however not entirely certain how badly this will affect
things, ask the iplay servers about their own zone and you get a SERVFAIL
for anything for within iplay.net.nz.

You may want to ensure that the iplay nameservers reply for their own
zone, otherwise bind may cache the SERVFAIL result for iplay records and
then do the same for any zones which depend upon iplay records.


Best Regards,

---
Mark Goldfinch
Senior Systems Administrator
TelstraClear Ltd
Drew Broadley
2004-04-16 02:16:40 UTC
Permalink
Cheers for the help everyone, the links supplied by Tim and James will
help immensly in the future!

I know my config is a little nasty and I should have included a bit more
of my CHANGELOG history. It was broken before changing the NS details
for the domain, they originally did not mismatch.

It was a case of paradise caching a bad configuration for over 12 hours
which I found particulalry weird,
and it probably did not help that I was fiddling every hour or so with
the configuration.

I left it overnight for 8+ hours (with being able to successfully query
all my NS's and get full results) and it still did not refresh with the
latest working records.

Things seem to have sorted themselves out, now I'm going to slap myself
on the wrist and tidy up my conf.

- Drew
Drew Broadley
2004-04-16 02:17:27 UTC
Permalink
Cheers for the help everyone, the links supplied by Tim and James will
help immensly in the future!

I know my config is a little nasty and I should have included a bit more
of my CHANGELOG history. It was broken before changing the NS details
for the domain, they originally did not mismatch.

It was a case of paradise caching a bad configuration for over 12 hours
which I found particulalry weird,
and it probably did not help that I was fiddling every hour or so with
the configuration.

I left it overnight for 8+ hours (with being able to successfully query
all my NS's and get full results) and it still did not refresh with the
latest working records.

Things seem to have sorted themselves out, now I'm going to slap myself
on the wrist and tidy up my conf.

- Drew

Continue reading on narkive:
Loading...