HPE Community
Operating System - HP-UX
1834150 Members
3469 Online
110064 Solutions
New Discussion

Re: Behaviour of BIND v4 vs. V9

 
Syed Naseer_1
Occasional Advisor

‎10-26-2004 11:38 PM

‎10-26-2004 11:38 PM

Behaviour of BIND v4 vs. V9

Hi,

Recently we upgrade BIND from v4.9.7 to v9.2.0 on a HPUX v11.00 system.

The following is an extract from the db.pilship file:

==========================================
;Delegate sub-zone :ovr.pilship.com
;
ovr IN MX 10 pilnotes02.pil.com.sg.
ovr IN MX 10 smtp02.sgp.pilship.com.
ovr IN NS nswebcsm.webcsm.com.
ovr IN NS nsstarhub.pilship.com.
ovr IN NS nswebcsm1.webcsm.com.
ovr IN NS nsstarhub1.pilship.com.
==========================================

When all the 4 NS are temporarily unreachable, we see the following results when using v4.9.7

# nslookup
Default Name Server: piln03
Address: 172.30.100.43

> set type=MX
> ovr.pilship.com
Name Server: piln03
Address: 172.30.100.43

Trying DNS
Non-authoritative answer:
ovr.pilship.com preference = 10, mail exchanger = pilnotes02.pil.com.sg
ovr.pilship.com preference = 10, mail exchanger = smtp02.sgp.pilship.com

Authoritative answers can be found from:
ovr.pilship.com nameserver = nswebcsm.webcsm.com
ovr.pilship.com nameserver = nsstarhub.pilship.com
ovr.pilship.com nameserver = nswebcsm1.webcsm.com
ovr.pilship.com nameserver = nsstarhub1.pilship.com
pilnotes02.pil.com.sg internet address = 203.116.44.4
smtp02.sgp.pilship.com internet address = 203.125.187.232
nswebcsm.webcsm.com internet address = 203.125.187.238
nsstarhub.pilship.com internet address = 203.116.44.13
nswebcsm1.webcsm.com internet address = 203.125.187.253
nsstarhub1.pilship.com internet address = 203.116.44.8
> exit

However, when using v9.2.0, we do not get any response, even though we have entires for the MX records in our db file.

# nslookup
Default Name Server: piln03
Address: 172.30.100.43

> set type=MX
> ovr.pilship.com
Name Server: piln03
Address: 172.30.100.43

Trying DNS
timeout
timeout
> exit
#

Q1: Why is v9 not providing the MX info, from the db file, while v4 can ?

Q2: We are delegating ONLY the "A" records to the NS, while we are being authoritative for the "MX" records. Anything wrong with this approach?

Thanks for your expert comments.
Naseer.
0 Kudos
Reply
8 REPLIES 8
harry d brown jr
Honored Contributor

‎10-27-2004 12:16 AM

‎10-27-2004 12:16 AM

Re: Behaviour of BIND v4 vs. V9


Bind 9.2.X configuration setup is different than BIND 4.X, thus to answer your question you need to post the following files:

/etc/resolv.conf
/etc/nsswitch.conf
/etc/named.conf
/etc/rndc.conf

And all of the zone files in /etc/named.data (or where defined in /etc/named.conf).

live free or die
harry
Live Free or Die
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-27-2004 12:49 AM

‎10-27-2004 12:49 AM

Re: Behaviour of BIND v4 vs. V9

Also - it doesn't sound like your bind is running "timeout" indicates this...

on piln03:
ps -ef |grep named

Check errrors in:

/var/adm/named/named.log

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-27-2004 01:03 AM

‎10-27-2004 01:03 AM

Re: Behaviour of BIND v4 vs. V9

The database structure of DNS v 9.2 is not the same as DNS v4. You can't just copy the database over and expect the configuration file and run.

You have to somehow convert the data.

Here is a document that explains the format of the V 9.2 DNS database. It covers configuration issues. Its a Linux doc, but it works on HP-UX

http://www.ibiblio.org/pub/Linux/docs/HOWTO/DNS-HOWTO

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Syed Naseer_1
Occasional Advisor

‎10-27-2004 06:45 PM

‎10-27-2004 06:45 PM

Re: Behaviour of BIND v4 vs. V9

Gurus, Thanks for your comments.

Harry:
Attached are the files /etc/named.* in the tar bundle.
The /etc/rndc.conf doesn't exist. nsswitch.conf and resolv.conf haven't been touched during the upgrade, so i don't

expect them to make any difference. I do not have these files now, will upload them if you need.
Thanks for your time on this.

Geoff:
named is definately running at that time. I did do a "ps" as well as check the syslog file. No errors reported.

Steven:
I did convert the relevant files (named.boot and ALL the db files) as per the document which came with the upgrade

bundle for HPUX. I also used the "named-checkzone" script to check all the relevant db files for consistency.

My main question is:
Q2: We are delegating ONLY the "A" records to the NS, while we are being authoritative for the "MX" records. Anything

wrong with this approach?

Thanks for your time.
Naseer.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-28-2004 01:01 AM

‎10-28-2004 01:01 AM

Re: Behaviour of BIND v4 vs. V9

What do you get for dig:

dig MX ovr.pilship.com

I get this:

; <<>> DiG named 9.2.0 <<>> MX ovr.pilship.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6734
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 4

;; QUESTION SECTION:
;ovr.pilship.com. IN MX

;; ANSWER SECTION:
ovr.pilship.com. 86400 IN MX 10 pilnotes02.pil.com.sg.
ovr.pilship.com. 86400 IN MX 10 smtp02.sgp.pilship.com.

;; AUTHORITY SECTION:
pilship.com. 86400 IN NS dnssec2.singnet.com.sg.
pilship.com. 86400 IN NS pilship.com.cn.
pilship.com. 86400 IN NS pilnotes03.pil.com.sg.
pilship.com. 86400 IN NS secdns.cyberway.com.sg.
pilship.com. 86400 IN NS dnssec1.singnet.com.sg.

;; ADDITIONAL SECTION:
smtp02.sgp.pilship.com. 86400 IN A 203.125.187.232
secdns.cyberway.com.sg. 45578 IN A 203.116.1.94
dnssec1.singnet.com.sg. 32892 IN A 165.21.83.11
dnssec2.singnet.com.sg. 32892 IN A 195.13.10.226

;; Query time: 204 msec
;; SERVER: 156.44.162.157#53(156.44.162.157)
;; WHEN: Thu Oct 28 06:54:27 2004
;; MSG SIZE rcvd: 296



Also, in named.conf - I see no "forwarders"

Don't know if this will help, but I do this:

options {
directory "/etc/namedb";
forwarders {
X.X.X.1; X.X.X.2; Y.Y.Y.1; // first 2 are internet servers last 1 is for special.domain.com
};
forward only; // while in transition
};

logging {

channel all_channel {
file "/var/log/named/named.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
print-category yes;
print-severity yes;
print-time yes;
};
channel update_channel {
file "/var/log/named/update.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_channel {
file "/var/log/named/security.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
severity info; // setting this to warning stops logging all the "unapproved update from" messages
print-category yes;
print-severity yes;
print-time yes;
};
category queries { null; };
category update { update_channel; };
category security { security_channel; };
category default { all_channel; };

};


Forwarders can be your upstream ISP...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Syed Naseer_1
Occasional Advisor

‎10-28-2004 01:57 PM

‎10-28-2004 01:57 PM

Re: Behaviour of BIND v4 vs. V9

Hi Geoff,

I think your server might be connected to the internet, thats why you are getting the reply. However, my pre-condition is that my server is temporaily offline, and this what i get with dig:

# dig mx ovr.pilship.com

; <<>> DiG named 9.2.0 <<>> mx ovr.pilship.com
;; global options: printcmd
;; connection timed out; no servers could be reached
#
# dig +trace MX ovr.pilship.com

; <<>> DiG named 9.2.0 <<>> +trace MX ovr.pilship.com
;; global options: printcmd
. 99999999 IN NS NS.INTERNIC.NET.
. 99999999 IN NS AOS.ARL.ARMY.MIL.
. 99999999 IN NS NIC.NORDU.NET.
. 99999999 IN NS NS1.ISI.EDU.
. 99999999 IN NS TERP.UMD.EDU.
. 99999999 IN NS C.PSI.NET.
. 99999999 IN NS NS.ISC.ORG.
. 99999999 IN NS NS.NIC.DDN.MIL.
. 99999999 IN NS NS.NASA.GOV.
;; Received 233 bytes from 127.0.0.1#53(127.0.0.1) in 38 ms

dig: Couldn't find server 'NS.INTERNIC.NET' (h_errno=1)
#

The customer does not want to have "forward only" option.

Thanks,
Naseer.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-29-2004 02:01 AM

‎10-29-2004 02:01 AM

Re: Behaviour of BIND v4 vs. V9

Okay - no forwarders...

In order fo this to work, your DNS server should be the first one listed in /etc/resolv.conf as well as at the top:
domain ovr.pilship.com

Looks like nsswitch may be okay, but check anyways, I usually set it to (for clustered systems):

hosts: files [NOTFOUND=CONTINUE] dns

For stand alone, reverse dns and files...


Now, for the zone file...

I prefer the $ORGIN syntax...

I tested this on my server:

$ORIGIN .
$TTL 3600
pilship.com SOA pilnotes03.pil.com.sg. root.pilnotes03.pil.com.sg. (
1
10800
3600
604800
86400 )
IN NS pilnotes03.pil.com.sg.
IN NS secdns.cyberway.com.sg.
IN NS pilship.com.cn.
IN NS dnssec1.singnet.com.sg.
IN NS dnssec2.singnet.com.sg.
IN MX 10 sha1.mydomain.com.
$ORIGIN pilship.com.
localhost IN A 127.0.0.1
nsstarhub IN A 203.116.44.13
nsstarhub1 IN A 203.116.44.8


skip...


;Delegate sub-zone :ovr.pilship.com
;
$ORIGIN ovr.pilship.com.
IN A 203.116.38.240
smtp02.sgp IN A 203.125.187.232
IN MX 10 sha1.mydomain.com.
IN MX 10 pilnotes02.pil.com.sg.
IN MX 10 smtp02.sgp.pilship.com.
IN NS nswebcsm.webcsm.com.
IN NS nsstarhub.pilship.com.
IN NS nswebcsm1.webcsm.com.
IN NS nsstarhub1.pilship.com.



And it worked fine...


Rgds...Geoff


Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Syed Naseer_1
Occasional Advisor

‎11-03-2004 04:17 PM

‎11-03-2004 04:17 PM

Re: Behaviour of BIND v4 vs. V9

Hi Geoff,

Thanks for spending your valuable time in trying to reproduce and resolve this problem.

When i implement the changes you suggested, this is what i get:

> set type=mx
> ovr.pilship.com
Name Server: localhost
Address: 127.0.0.1

Trying DNS
looking up FILES
*** No address information is available for "ovr.pilship.com"
>

Whereas, the result i need should look something like:
> set type=MX
> ovr.pilship.com
Name Server: piln03
Address: 172.30.100.43

Trying DNS
Non-authoritative answer:
ovr.pilship.com preference = 10, mail exchanger = pilnotes02.pil.com.sg
ovr.pilship.com preference = 10, mail exchanger = smtp02.sgp.pilship.com

Authoritative answers can be found from:
ovr.pilship.com nameserver = nswebcsm.webcsm.com
ovr.pilship.com nameserver = nsstarhub.pilship.com
ovr.pilship.com nameserver = nswebcsm1.webcsm.com
ovr.pilship.com nameserver = nsstarhub1.pilship.com
pilnotes02.pil.com.sg internet address = 203.116.44.4
smtp02.sgp.pilship.com internet address = 203.125.187.232
nswebcsm.webcsm.com internet address = 203.125.187.238
nsstarhub.pilship.com internet address = 203.116.44.13
nswebcsm1.webcsm.com internet address = 203.125.187.253
nsstarhub1.pilship.com internet address = 203.116.44.8
> exit

Thanks again for your help.
Rgds,
Naseer.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.