HPE Community
Operating System - Linux
1830168 Members
13961 Online
109999 Solutions
New Discussion

The contact is not consistent with primary nameserver

 
SOLVED
Go to solution
'chris'
Super Advisor

‎08-31-2006 09:55 PM

‎08-31-2006 09:55 PM

The contact is not consistent with primary nameserver

hi

I've setuped a master public dns server BIND 9 for some internet domains, but if I'm doing a test at nic, then I get the following errors:

Warnings
Test: The contact is not consistent with primary nameserver
==> ns.master.net./202.X.X.10
Test: The nameserver list doesn't match the given one
==> ns.master.net./202.X.X.10
Test: The master is not consistent with primary nameserver
==> ns.master.net./202.X.X.10


my dns config:


options {

directory "/var/cache/bind";

auth-nxdomain no; # conform to RFC1035

listen-on port 53 { 127.0.0.1; 202.X.X.10; };

notify yes;
};


zone "202.X.X.in-addr.arpa" {
type master;
file "/etc/bind/202.X.X.rev";
allow-transfer {
60.X.X.6;
60.X.X.4;
62.X.X.8;
};
};


zone "master.net" {
type master;
file "/etc/bind/master.net.hosts";
allow-transfer {
60.X.X.6;
60.X.X.4;
62.X.X.8;
};
};


zone "newdomain.net" {
type master;
file "/etc/bind/newdomain.net.hosts";
allow-transfer {
60.X.X.6;
60.X.X.4;
62.X.X.8;
};
};


these servers are slaves from my ISP:

60.X.X.6;
60.X.X.4;
62.X.X.8;

and they should be configured to allow transfer from my master.

knows some what's wrong and howto solve this problem ?
0 Kudos
Reply
11 REPLIES 11
Steven E. Protter
Exalted Contributor

‎09-01-2006 12:53 AM

‎09-01-2006 12:53 AM

Solution

Re: The contact is not consistent with primary nameserver

Shalom,

allow-transfer{202.X.X.10; 192.168.0.1;};

Note I'm not sure you can break this into to multiple lines.

named-checkconf

This will check your configuration.

named-checkzone

man -k named

This will give you a handy set of tools to check my answer and your syntax.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Ivan Ferreira
Honored Contributor

‎09-01-2006 01:34 AM

‎09-01-2006 01:34 AM

Re: The contact is not consistent with primary nameserver

Can you post the outpout of:

dig master.net SOA
dig master.net NS
dig ns.master.net
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
'chris'
Super Advisor

‎09-01-2006 05:52 AM

‎09-01-2006 05:52 AM

Re: The contact is not consistent with primary nameserver

# /usr/sbin/named-checkconf
#

# named-checkzone master.net /var/lib/named/etc/bind/master.net.hosts
zone master.net/IN: loaded serial 1156792972
OK

# dig master.net SOA

; <<>> DiG 9.2.4 <<>> master.net SOA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3506
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;master.net. IN SOA

;; ANSWER SECTION:
master.net. 38400 IN SOA ns.master.net. admin.master.net. 1156792972 10800 3600 604800 38400

;; AUTHORITY SECTION:
master.net. 38400 IN NS ns.master.net.

;; ADDITIONAL SECTION:
ns.master.net. 38400 IN A 202.X.X.10

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 1 19:38:16 2006
;; MSG SIZE rcvd: 106



# dig master.net NS

; <<>> DiG 9.2.4 <<>> master.net NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1957
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;master.net. IN NS

;; ANSWER SECTION:
master.net. 38400 IN NS ns.master.net.

;; ADDITIONAL SECTION:
ns.master.net. 38400 IN A 202.X.X.10

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 1 19:40:03 2006
;; MSG SIZE rcvd: 64



# dig ns.master.net

; <<>> DiG 9.2.4 <<>> ns.master.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43014
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns.master.net. IN A

;; ANSWER SECTION:
ns.master.net. 38400 IN A 202.X.X.10

;; AUTHORITY SECTION:
master.net. 38400 IN NS ns.master.net.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 1 19:40:36 2006
;; MSG SIZE rcvd: 64


0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-02-2006 05:36 PM

‎09-02-2006 05:36 PM

Re: The contact is not consistent with primary nameserver

Shalom,

Inconsistent communication could be due to networking errors.

If the results are constant you're looking at the wrong symptom or your post was misleading as far as what the actual problem is.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Vitaly Karasik_1
Honored Contributor

‎09-02-2006 06:41 PM

‎09-02-2006 06:41 PM

Re: The contact is not consistent with primary nameserver

can you send us NS records and A records for NSs for master.net?
Reply
'chris'
Super Advisor

‎09-03-2006 10:06 PM

‎09-03-2006 10:06 PM

Re: The contact is not consistent with primary nameserver

# cat /etc/bind/master.net.hosts

$ttl 38400
master.net. IN SOA ns.master.net. admin.master.net. (
1156792968
10800
3600
604800
38400 )
master.net. IN NS ns.master.net.
IN A 202.X.X.10
ns IN A 202.X.X.10
www IN A 202.X.X.10
IN MX 1 202.X.X.10


# cat /etc/bind/202.X.X.rev

$ttl 38400
X.X.202.in-addr.arpa. IN SOA ns.master.net. admin.master.net. (
1156792817
10800
3600
604800
38400 )
X.X.202.in-addr.arpa. IN NS ns.master.net.
10 IN PTR ns.master.net.
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎09-03-2006 11:59 PM

‎09-03-2006 11:59 PM

Re: The contact is not consistent with primary nameserver

As far as I understand, warnings you see is because you don't have your slaves NSs as NS records into your zone file.
Reply
'chris'
Super Advisor

‎09-04-2006 10:06 AM

‎09-04-2006 10:06 AM

Re: The contact is not consistent with primary nameserver

I changed to:

# cat /etc/bind/master.net.hosts

$ttl 38400
master.net. IN SOA ns.master.net. admin.master.net. (
1156792968
10800
3600
604800
38400 )
master.net. IN NS ns.master.net.
IN A 202.X.X.10
ns IN A 202.X.X.10
IN NS ns1.isp.net.
IN NS ns3.isp.net.
www IN A 202.X.X.10
IN MX 1 202.X.X.10


# cat /etc/bind/202.X.X.rev

$ttl 38400
X.X.202.in-addr.arpa. IN SOA ns.master.net. admin.master.net. (
1156792817
10800
3600
604800
38400 )
X.X.202.in-addr.arpa. IN NS ns.master.net.
IN NS ns1.isp.net.
IN NS ns3.isp.net.
10 IN PTR ns.master.net.


but still get this error message.
0 Kudos
Reply
'chris'
Super Advisor

‎09-04-2006 10:17 AM

‎09-04-2006 10:17 AM

Re: The contact is not consistent with primary nameserver

now I have:

# dig master.net NS

; <<>> DiG 9.2.4 <<>> master.net NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16013
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 5

;; QUESTION SECTION:
;master.net. IN NS

;; ANSWER SECTION:
master.net. 38400 IN NS ns.master.net.
master.net. 38400 IN NS ns1.isp.net.
master.net. 38400 IN NS ns3.isp.net.

;; ADDITIONAL SECTION:
ns.master.net. 38400 IN A 202.X.X.10
ns1.isp.net. 6406 IN A 60.X.X.6;
ns1.isp.net. 6405 IN AAAA 2001:8a8:22::a
ns3.isp.net. 6406 IN A 60.X.X.4;
ns3.isp.net. 42406 IN AAAA 2001:8a8:22::10

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 5 00:08:56 2006
;; MSG SIZE rcvd: 198


and cannot understand this:

ns1.isp.net. 6405 IN AAAA 2001:8a8:22::a

ns3.isp.net. 42406 IN AAAA 2001:8a8:22::10
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎09-04-2006 09:16 PM

‎09-04-2006 09:16 PM

Re: The contact is not consistent with primary nameserver

AAAA DNS records are for IPv6 addresses.

Can you send me URL of "a test at nic"? I'd like to check my domain against this test.
BTW, did you try to verify your domain against http://www.dnsreport.com/?
Reply
'chris'
Super Advisor

‎09-05-2006 04:05 AM

‎09-05-2006 04:05 AM

Re: The contact is not consistent with primary nameserver

thanks to ALL

this problem is solved now

there were wrong slave entries at my ISP

p.s
http://www.dnsreport.com/ it's a good check dns service

greetings
chris

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.