Re: Multi Homing My DNS primary and secondary.

Ian Killer · ‎10-24-2000

We migrating our DNS primary and secondary as the current systems are being decomissioned. To prevent having to update all hosts with new NS IP addresses in the future we have allocated an address to the pri-dns and sec-dns hostnames and assigned their corresponding IP addresses as the second IP address on the same interface.
On a different host we updated resolv.conf with the new hames and removed the old names, but nslookup can not resolve pri-dns or sec-dns as nameservers. The IP addresses of the nameservers are pingable.

There's a monkey in my sock drawer.

Ian_4 · ‎10-24-2000

I guess that the the pri-dns and sec-dns names are used (have been added) in the /etc/hosts files of your system? And therefore when you query DNS (on the system that you have changed the resolv.conf) for and of the pri-dns and sec-dns if can not find them, still, they are pingable by IP address only.

- What you can do, is to have the names that you have configured in pri-dns and sec-dns (assuming they are in the hosts file) copied over to the new system. - Or simply have them added properly to DNS this will save you lots of problems in the future.
- Note that you have to make the nsswitch to look for hosts, then DNS this will force the lookup (nslookup) to query /etc/hosts first then DNS.

Ian

Lasse Knudsen · ‎10-24-2000

Hi,

Have you made PTR records for the "second" IP-addresses. The first thing nslookup does is to do a query for the IP-address of the name server it is contacting. This might be why it is failing.

In a world without fences - who needs Gates ?

Ian Killer · ‎10-24-2000

Allan, the PTR records are there also.

There's a monkey in my sock drawer.

Ian Killer · ‎10-24-2000

Ian, files is first in nsswitch, and pri-dns & sec-dns are in the hosts file. I told you it was a curly one. :-)

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-24-2000

OK then - tell me what is your output of "nslookup - "

In a world without fences - who needs Gates ?

Ian Killer · ‎10-24-2000

Allan,
$nslookup -
Specified server is not available.
The configured name services and switch policy will be used.
*** Can't find server name for address : Timed out
*** Can't find server name for address : Timed out
Using /etc/hosts
>
Remember here that nslookup will successfully reverse lookup the pri-dns and sec dns when our original nameserver's hostname or ip is specified as the default server.

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-24-2000

Are you sure that named is running (and listening on your DNS servers)

Try:

netstat -an | grep ^udp | grep 53

In a world without fences - who needs Gates ?

Ian Killer · ‎10-24-2000

Yes Allan. pri-dns and sec-dns are different hostnames (that resolve to diferent IP's) to our production primary and secondary nameservers (say unix01 and unix02).

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-24-2000

OK but I would like you to determine whether it is listening on port 53 on *all* your ip-addresse (hence the suggested command line)

Are you btw. running Bind 4 or Bind 8 ?

In a world without fences - who needs Gates ?

Ian Killer · ‎10-24-2000

What is the 53? The grep doesn't return anything but there are only about 20 udp sockets.

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-24-2000

Bingo !!

No process is listening on port 53 (this is the port used for DNS)

If everything was running you should have an output like mine:

udp 0 0 172.27.112.54.53 *.*
udp 0 0 127.0.0.1.53 *.*

If you do not get any result it means that your 'named' process is not running properly. (is it - check using ps -ef) and also check /var/adm/syslog/syslog.log (might need to stop/start named using /sbin/init.d/named stop; /sbin/init.d/named stop)

Are your NAMED set to '1' in /etc/rc.config.d/namesvrs

Also what is your output of "what /usr/sbin/named" for determining Bind 4 or 8 ?

In a world without fences - who needs Gates ?

Ian_4 · ‎10-24-2000

Run nslookup with the debug level 2 option (nslookup ?d2) and query the IP address and hostname, verify if the lookup is done properly. Try moving the resolv.conf away for testing, will the names get resolved properly if pri-dns and sec-dns are in the hosts file.

Ian

Ian Killer · ‎10-24-2000

OK both nameservers (unix01 and 02) are listenning on 53 and the sockets are open. The grep returned nothing on the test machine (unix03), but are defined correctly in /etc/services.

There's a monkey in my sock drawer.

Ian Killer · ‎10-24-2000

named is running fine on all nameservers.
4.9.7 is the version of bind.

There's a monkey in my sock drawer.

Ian Killer · ‎10-24-2000

Ian, With files first in nsswitch pri-dns resolves successfully and identifies itself as unix01 (which can be deceiving), but this means we have to maintain the hosts files in a 60 node domain.

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-24-2000

You say that they are running fine - but if no process is listening on port 53 I would state that they dont.

Also consider upgrading to Bind 8 (better in all aspects) - Only available for HP-UX 11.00 but very easy to compile yourself if you are running 10.20.

Sorry - I'm off for today.

In a world without fences - who needs Gates ?

Ian Killer · ‎10-24-2000

Allan the negative response for the grep of 53 ports was on the box we are using to test the nameserver. It is not a nameserver itself it just has the configuration of what all nodes will look like after the migration of the nameservers. Therefore nothing needs to listen on 53. On unix01 and 02 which are nameservers the 53 ports are wide awake.

Bind 8: Possible.

I'm gonna take this to the response center. Thanks guys for your time and help.

PS. I just heard a rumour that HP won't support the multi-homing on the same interface for DNS. To the Resp. Ctr. I go.
Cheers.

There's a monkey in my sock drawer.

Ian Killer · ‎10-24-2000

Ian, I discovered that our compatriates in cleveland had achieved what I am aiming for. It turns out they have modified their policies to use files before dns on their servers and that it doesn't mean maintaining host files over our 60 nodes here in europe. I apologise for my misunderstanding and want to let you know that we are implementing your suggestion. If you want to throw another reply into my topic I'll assign an appropriate score. Cheers.

There's a monkey in my sock drawer.

Ian_4 · ‎10-24-2000

Ian, Thanks for the update.

Ian.

Lasse Knudsen · ‎10-24-2000

About the romour - Bind 8 definetely *can* listen on several interfaces (actually you can tell it which to listen on and which to dont).

It might be that Bind 4 has got a problem with multiple interfaces - you should have port 53 listening on *all* your addresses - it might not be doing that.

You said that "nslookup - " failed which still tells me that the nameserver is not functioning as it should "nslookup -" disables normal switch policy (nsswitch.conf settings).

My final suggestion to you is to get Bind 8.

In a world without fences - who needs Gates ?

Ian Killer · ‎10-25-2000

Allen..
How do you creat the new socket for the new ip address?
How do you configure named to listen to the new socket?

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-25-2000

Since you ask this question I would imagine that you have found out that it does not listen on all your interfaces. Maybe it is a limitation of Bind 4 (Hence the roumour about HP not supporting multihomed DNS)

I see no particular options to Bind 4 as far as this is concerned - I would have imagined that it *did* listen to all interfaces, but it might not be so.

I am running Bind 8 here (my own compilation though) and it works great - also on multihomed hosts. Maybe you should give it a go - it's a different syntax (little more complex because greater complexity of Bind itself) of the config file but otherwise it is the same thing. http://www.isc.org

In a world without fences - who needs Gates ?

Ian Killer · ‎10-25-2000

Allan, named is listening on two interfaces. We've bound a second IP address to the one interface and want named to listen to it too.
Any chance?

There's a monkey in my sock drawer.

Lasse Knudsen · ‎10-25-2000

If it is not doing it by default I do not see any possibility to make it.

I figure you have an index number combined with the second address like "ifconfig lan0:1
"

I do not know how Bind 4 determines the list of interfaces. I suspect restarting it will not make it "see" the indexed interface. It might not be so fond of "sub-indexed" interfaces:

I just verified this on one of my hosts with Bind 8 - no problem - c'mon Ian make the step and go for Bind 8 - evidence is here:

listening on [172.27.112.28].53 (lan8:1)
listening on [192.0.1.25].53 (lan3)
listening on [172.27.112.25].53 (lan8)
listening on [127.0.0.1].53 (lo0)

In a world without fences - who needs Gates ?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Multi Homing My DNS primary and secondary.

Multi Homing My DNS primary and secondary.