Standalone DNS

I am trying to get my dns set up as a standalone DNS. I don't have any forwarders, parents, or children, just one zone.

Are there any specific configuration changes I need to make in named.conf or zone file to facilitate this?

nothing special. The tutorial in the sticky topic fits that scenario just fine.

I can telnet via ip with no trouble, that is why I assume the problem is connected to the dns.

A weird thing I have noticed is the Juniper routers get fast responses, yet they have no more configuration than the Extreme switches, just domain name and dns ip. Perhaps there is a timer I need to adjust.

Is there a way to debug the requests and responses from the client to the dns server? If I get debugs of a Juniper telnet and Extreme telnet I might get some useful information.

Thanks for the help!

Well you probably want to just query the server to see what kind of responses you get. Is it external? The moment I have a server IP and a domain to query, the moment I can start assessing what the problem is.

I did some tests using a sniffer and discovered the problem. I found out that the dns is not sending "server failure" responses to the Extreme switch when it sends just the hostname.

(The Extreme device first sends just the hostname to be resolved. If an error returns from the dns, it appends the domain name and sends the modified request and it works. I would just configure the switch to append the hostname initially, but there are no options to do that. So, since the linux dns does send the failure, the switch has to time out before sending the correct information)

I've been looking through the O'Reilly DNS BIND book, but it doesn't mention this problem. Is the server failure response a feature that needs to be turned on?

I have the decodes if you think they would help.

Thanks!

server failure should NEVER happen. It means there's something wrong with the server or config.

I thought the "server failure" response was a function of the dns to say "I don't understand this dns resolution request." in response to a bad request. Right now the linux dns is not doing this, however, the windows dns we are using right now does. I think the windows dns is doing what it should since there should be standard response if a bad request is sent.

The "server failure" packet is ONLY sent when the request is sent without the domain name (i.e. management)
DECODE:
OP=QUERY STAT=Server failure NAME=management

Once the above packet is sent to the Extreme switch, the server immediately responds with the correct resolution request shown below

If the hostname AND domain name are sent, the dns responds with the following packet (i.e. management.lab.reno)
DECODE:
OP=QUERY STAT=OK NAME=management.lab.reno

It seems to me that the "server failure" is a mechanism by dns to notify the requestor that it doesn't understand. The problem is, the linux dns doesn't do that. That is why there is a 1 minute delay, the switch is waiting for a response that it will never get. After the timeout (1 min) does it send a reply.

Do you know if the linux dns should send an error response if it recieves a request it doesn't understand?

There certainly is such an error and it is not SERVFAIL. FORMERR (format error) is the error you get if you send a request that the server doesn't understand, at least that's the case if the dns server was built in true support of the DNS standards. Don't make me bust out references to prove I'm not bs'ing.

BIND follows the standards. If your switches' dns server returns SERVFAIL on requests it doesn't understand then whoever did the programming work behind it needs to take lessons from me. Or, maybe you're talking about MS DNS, in which case Server Failure should still mean a misconfiguration. As far as I know, MS DNS does a fairly good job of buckling down and following the standards.

So let me help ya figure it out, I just need to get a handle of what the problem is in simple baby-talk words. Stuff like: "My IP is x.x.x.x and my domain is x.com and it doesn't work!" goes a long way with me.

And if you send a request that is "not found" then you get a "NXDOMAIN" error (Not Exist Domain).

I appologize if I have offended you. I really appreciate your help. (I know you don't have to help me)

The reason I haven't sent an IP or domain is because this dns is not connected to the Internet, only a lab, it isn't even connected to the company's internal network.

Attached is the decode I got when I ran the following commands on the switch. Using both linux and windows dns. (The switch has both name server and domain name configured)

ok, now I'm understanding you. I like charts and diagrams.

So, here's my analysis:

The linux DNS isn't responding which is the reason why you get long pauses.
The Microsoft DNS is responding which is why you get some kind of result quickly.

Had nothing to do with the what was returned.

So let's see, why would BIND not respond? Very tricky, ordinarily I would say cause of firewall or other network issues, but apparently it returns successful responses just fine. The only time I've seen BIND fail to return a response is when resolving a domain that is broken in an extreme way.

So ok buddy, time to break out named.conf. I want to see what you've got cooking. Don't paste it, *shudder*, just attach it to your next reply.

Attached is the named.conf file.

The "penren" is actually "reno".

You've got a syntax error in it:

ptions {
directory "/var/named";
query-source port 53;
};

ptions should be options. Don't see how the server ran with that config, though, maybe you didn't actually attach your named.conf but instead gave me some kind of sterilized version. I hope not.

I must have copied it over twice when I was copy/pasting to Word. Here it is without the error. My bad.