#1
  1. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0

    tinydns not reading data.cdb file?


    I am running FreeBSD 4.4 with djbdns. everything seems to be working except the data.cdb file isn't being read. Does anyone have any ideas. If I need to give more info please let me know.

    I appreciate any help.

    -Eric
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Posts
    310
    Rep Power
    13
    >> If I need to give more info please let me know.

    Yes, please...
  4. #3
  5. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0
    Here is some of the content from : /service/tinydns/root/data

    Zdragonhearttangsoodo.com:ns.anchormariner.com.:hostmaster.dragonhearttangsoodo.com.:10455:7200:3600 :604800:3600:3600
    &dragonhearttangsoodo.com::ns.anchormariner.com.:86400
    @dragonhearttangsoodo.com::mail.dragonhearttangsoodo.com.:0:86400

    then I ran make from /service/tinydns/root/ and everything seems fine. But Shouldn't I be able to do a dig or some query and it(host specified in data file) resolve localy from whats in the data file?

    let me know what other info may be helpful.

    Thank you

    -Eric
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    you can only resolve locally if you have 127.0.0.1 configured as local nameserver (unix /etc/resolv.conf).
    do you have that?
  8. #5
  9. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0
    yes I do have 127.0.0.1 set in /etc/resolv.conf

    if you execute the following command you'll see what I mean.

    dig @66.224.24.190 dragonhearttangsoodo.com

    I would think that I should see what I specified in the data file, right?

    Thank you,

    -Eric
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    First off, you have quite a few problems here.

    1) You need to add the following to data file and rebuild it to data.cdb:

    +dragonhearttangsoodo.com:12.34.56.78

    or whatever IP it should be pointed to.

    2) You can't blindly create mail.dragonhearttangsoodo.com and use it as the MX. Not to mention when +mail.dragonhearttangsoodo.com:78.56.34.12 is also missing.

    3) What is your system FQDN? Why you need to run tinydns in the first place?

    4) How many static IP do you have?

    >> yes I do have 127.0.0.1 set in /etc/resolv.conf

    5) Are you running dnscache on 127.0.0.1?

    6) In your data file you don't need all those numbers.

    7) Tell us which IP the following FQDNs should be pointed to:

    dragonhearttangsoodo.com
    ns.anchormariner.com
    mail.dragonhearttangsoodo.com
    nsx.anchormariner.com

    >> you can only resolve locally if you have 127.0.0.1 configured as local nameserver

    djbdns is not BIND, therefore, it's totally different. In djbdns, you can NEVER put your authoritative nameserver's IP into /etc/resolv.conf. You put only your dnscache's IP.
    Last edited by freebsd; May 22nd, 2002 at 07:35 PM.
  12. #7
  13. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0
    >1) You need to add the following to data file and rebuild it to >data.cdb:
    >+dragonhearttangsoodo.com:12.34.56.78
    >or whatever IP it should be pointed to.

    I have added th following to the data.cdb file :
    +dragonhearttangsoodo.com:216.174.194.57

    >2) You can't blindly create mail.dragonhearttangsoodo.com and >use it as the MX. Not to mention when >+mail.dragonhearttangsoodo.com:78.56.34.12 is also missing.

    I added the following to the data.cdb file :
    @dragonhearttangsoodo.com:66.224.49.108:mail.dragonhearttangsoodo.com

    >3) What is your system FQDN?

    My systems FQDN is : anchormariner.com

    >Why you need to run tinydns in the first place?

    Well I currently have BIND running on another server and authoritative for a few domains and I want to try out djbdns on this server. If I get it running smooth and understand how its working then possibly switch from BIND to djbdns(secure).

    >4) How many static IP do you have?

    (1 static routable IP)
    This server is behind a router thats running NAT. I have 192.168.254.51 set up on my NIC but I can also set up an alias. I'm doing a 1 to 1 NAT with 66.224.24.190. All data to 66.224.24.190 is going to my server.

    >5) Are you running dnscache on 127.0.0.1?

    I have 127.0.0.1 set in /usr/local/dnscache/env/IP

    >6) In your data file you don't need all those numbers.
    Ok, thank you for the info.

    >7) Tell us which IP the following FQDNs should be pointed to:

    Well I have them set to the following in the data.cdb file :
    dragonhearttangsoodo.com -> 216.174.194.57
    ns.anchormariner.com -> 66.224.24.190
    mail.dragonhearttangsoodo.com -> 216.174.194.57
    nsx.anchormariner.com -> 66.224.24.190

    and this is for testing purposes(until I get it working). I want to see if I can query the server running djbdns from one of my other servers and have the host names resolve according to whats in the data.cdb file rather than what the server that the host is delegated to says. I hope this makes sense.

    >>> you can only resolve locally if you have 127.0.0.1 configured >>>as local nameserver
    >djbdns is not BIND, therefore, it's totally different. In djbdns, >you can NEVER put your authoritative nameserver's IP >into /etc/resolv.conf. You put only your dnscache's IP.

    I'm not having a problem resolving host names. I want the query to check my data.cdb file fist though when I try to resolve a host name.

    whew...I really appreciate all the help.

    Thanks again,
    -Eric
    Last edited by ericparker; May 23rd, 2002 at 06:00 AM.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    I haven't looked at your dragonhearttangsoodo.com yet, just anchormariner.com and found several problems that need to be fixed asap before configuring dragonhearttangsoodo.com.

    1) Let's see what the roots say about your SOA:
    $ dnsqr soa anchormariner.com
    6 anchormariner.com:
    85 bytes, 1+1+0+0 records, response, noerror
    query: 6 anchormariner.com
    answer: anchormariner.com 600 SOA ns.anchormariner.com hostmaster.anchormariner.com 2002050101 10800 3600 604800 600

    2) Let's ask the roots about your NS:
    $ dnsqr ns anchormariner.com
    2 anchormariner.com:
    70 bytes, 1+2+0+0 records, response, noerror
    query: 2 anchormariner.com
    answer: anchormariner.com 172800 NS ns.anchormariner.com
    answer: anchormariner.com 172800 NS nsx.anchormariner.com

    3) The roots say I should ask ns.anchormariner.com to test your configuration. Okay, let's ask ns.anchormariner.com:
    $ dnsq ns anchormariner.com ns.anchormariner.com
    2 anchormariner.com:
    112 bytes, 1+2+0+2 records, response, authoritative, weird ra, noerror
    query: 2 anchormariner.com
    answer: anchormariner.com 600 NS ns.anchormariner.com
    answer: anchormariner.com 600 NS ns.transyn.net
    additional: ns.transyn.net 86400 A 216.210.170.122
    additional: ns.anchormariner.com 600 A 66.224.49.108

    As you can see, your ns.transyn.net is a lame server because it's not listed at root, therefore it will never give authoritative answer to anchormariner.com.

    4) Okay, it's time to do what the roots say and ask your other one (nsx.anchormariner.com):
    $ dnsq ns anchormariner.com nsx.anchormariner.com
    ^C

    Oops, it's dead.
    Well I have them set to the following in the data.cdb file :
    dragonhearttangsoodo.com -> 216.174.194.57
    ns.anchormariner.com -> 66.224.24.190
    mail.dragonhearttangsoodo.com -> 216.174.194.57
    nsx.anchormariner.com -> 66.224.24.190
    Just to test your anchormariner.com I got something different:

    $ dnsip anchormariner.com
    66.182.15.193
    $ dnsip ns.anchormarier.com
    66.224.49.108
    $ dnsip nsx.anchormariner.com
    66.224.24.190

    Should ns.anchormariner.com points to 66.224.24.190 you then can't use it because nsx.anchormariner.com returns the same IP.

    >> I want to see if I can query the server running djbdns from one of my other servers

    You can just tell me which one to test and I'd more than happy to test it for you and post the result here.

    >> I'm not having a problem resolving host names

    I know. I was trying to explain to M.Hirsch about the difference between djbdns and BIND.

    You said you only have one static IP so which exact domain(s) do you want to host as primary/secondary, and which IP is doing primary/secondary for that domain? And which one with djbdns/BIND?
    Last edited by freebsd; May 23rd, 2002 at 06:57 AM.
  16. #9
  17. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0
    >1) Let's see what the roots say about your SOA:
    >$ dnsqr soa anchormariner.com
    My serevr running BIND @ 66.224.49.108(ns.anchormariner.com) is authoritative for all my domains right now until I get djbdns working. So I trying to test it using :
    (dig @server domain query-type
    dig @66.224.24.190 dragonhearttangsoodo.com a
    and I'm getting a response from the root name servers rather than from 66.224.24.190(server running djbdns) with bogus info in the data.cdb file(just so I can tell if the answer is coming from that server or the roots)

    >As you can see, your ns.transyn.net is a lame server because it's not listed at root, therefore it will never give authoritative answer to anchormariner.com.

    I fixed that issue :
    # dnsq ns anchormariner.com ns.anchormariner.com
    2 anchormariner.com:
    102 bytes, 1+2+0+2 records, response, authoritative, weird ra, noerror
    query: 2 anchormariner.com
    answer: anchormariner.com 600 NS ns.anchormariner.com
    answer: anchormariner.com 600 NS nsx.anchormariner.com
    additional: ns.anchormariner.com 600 A 66.224.49.108
    additional: nsx.anchormariner.com 600 A 66.224.24.190

    >You can just tell me which one to test and I'd more than happy to test it for you and post the result here.

    66.224.24.190 is running djbdns...thats the one I'm testing. Right now 66.224.49.108 is authoritative for the domains and running BIND.

    So please test 66.224.24.190.

    >I know. I was trying to explain to M.Hirsch about the difference between djbdns and BIND.

    OK...sorry

    >You said you only have one static IP so which exact domain(s) do you want to host as primary/secondary, and which IP is doing primary/secondary for that >domain? And which one with djbdns/BIND?

    I have one static IP in that network(I can have more). I think I answered the rest of the question above.

    Thank you ....once again!

    -Eric
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> just so I can tell if the answer is coming from that server or the roots

    You can use dnsq (much more reliable than dig and nslookup) and ask whatever server you want. In your case, you want to test nsx.anchormariner.com so do this:

    $ dnsq ns anchormariner.com nsx.anchormariner.com
    ^C

    I didn't get a response from nsx.

    You said 66.224.24.190 is your only IP so how exactly did you setup tinydns. Please show us the entire directory tree + files at /service/tinydns.

    BTW, in your /service/tinydns/root/data you need to have entry for anchormariner.com as well, not just dragonhearttangsoodo.com.

    Wait, I thought you only have one IP, then whose IP is 66.224.49.108?

    >> I fixed that issue :
    >> # dnsq ns anchormariner.com ns.anchormariner.com

    Yes. I already confirmed that on my end.

    Anyway, it's much harder to test djbdns with your current procedure, you either need to test it as primary or both primary/secondary be running djbdns.
    Let say you have just two domains anchormariner.com and dragonhearttangsoodo.com and you are trying to setup tinydns as the primary on ns.anchormariner.com then you'd need something like this on ns.anchormariner.com:

    /service/tinydns/env/IP -> 66.224.49.108
    /service/tinydns/env/ROOT-> /var/djb/tinydns/root (yes, /var/djb is my standard)
    /service/tinydns/root/Makefile:
    Code:
    remote: data.cdb
            /usr/local/bin/rsync -e ssh -az data.cdb root@66.224.24.190:/service/tinydns/root/data.cdb
    
    data.cdb: data
            /usr/local/bin/tinydns-data
    If you don't like password prompt, use key auth instead. If you don't like to use root, create another user and on nsx find a way to copy that data.cdb to the right place. These extra steps are left for your own exercise.
    /service/tinydns/root/data:
    Code:
    Zanchormariner.com:ns.anchormariner.com:hostmaster.anchormariner.com
    &anchormariner.com::ns.anchormariner.com
    &anchormariner.com::nsx.anchormariner.com
    +ns.anchormariner.com:66.224.49.108
    +nsx.anchormariner.com:66.224.24.190
    +www.anchormariner.com:66.224.49.108
    +anchormariner.com:66.182.15.193
    # you can't use mail.anchormariner.com therefore the following lines are commented out
    #+mail.anchormariner.com:66.224.49.108
    #@anchormariner.com::mail.anchormariner.com.:0
    @anchormariner.com::ns.anchormariner.com.:0
    Zdragonhearttangsoodo.com:ns.anchormariner.com:hostmaster.dragonhearttangsoodo.com
    &dragonhearttangsoodo.com::ns.anchormariner.com
    &dragonhearttangsoodo.com::nsx.anchormariner.com
    +dragonhearttangsoodo.com:66.224.49.108
    +www.dragonhearttangsoodo.com:66.224.49.108
    # you also can't use mail.dragonhearttangsoodo.com
    @dragonhearttangsoodo.com::ns.anchormariner.com.:0
    Now say nsx.anchormariner.com (secondary) is also running tinydns, then...
    /service/tinydns/env/IP -> 66.224.24.190
    /service/tinydns/env/root -> /var/djb/tinydns/root
    service/tinydns/root/data:
    Code:
    # Do not edit this file
    # data.cdb is to be copied from ns.anchormariner.com
    9
    With such setup, everytime you alter and rebuild your data.cdb on ns, it will rsync over ssh to nsx. If nsx is running BIND you need a script for that ONLY if you want to sync your data.cdb to nsx immediately, check http://www.lifewithdjbdns.org. If you also run axfrdns then nsx (running BIND) will ask ns for data.cdb based on the Refresh interval and covert data.cdb to BIND's zone format.
    You can say, you only need to run axfrdns if your slave is running BIND or you need to serve dns queries over TCP when a DNS packet over UDP exceeds 512 bytes (rarely happen).
    Last edited by freebsd; May 23rd, 2002 at 08:00 PM.
  20. #11
  21. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0
    >You can use dnsq (much more reliable than dig and nslookup) and ask whatever server you want. In your case, you want to test >nsx.anchormariner.com so do this:

    >$ dnsq ns anchormariner.com nsx.anchormariner.com
    >^C

    >I didn't get a response from nsx.

    it seems thats my problem. Its working fine as a caching nameserver but not as an authoritative nameserver?

    >You said 66.224.24.190 is your only IP so how exactly did you setup tinydns. Please show us the entire directory tree + files >at /service/tinydns.

    I have 66.224.24.190 set up in tinydns and 127.0.0.1 in dnscache.

    # ls /service/tinydns
    env log root run supervise

    # ls -l /service/tinydns
    lrwxr-xr-x 1 root wheel 12 May 20 14:15 /service/tinydns -> /etc/tinydns

    # more /etc/tinydns/env/IP
    66.224.24.190

    # more /etc/tinydns/env/ROOT
    /etc/tinydns/root

    # more /etc/tinydns/root/Makefile
    data.cdb: data
    /usr/local/bin/tinydns-data

    >Wait, I thought you only have one IP, then whose IP is 66.224.49.108?

    66.224.49.108 is my other server I have in another network running BIND and is authoritative for my domains until I can get nsx.anchormariner.com(66.224.24.190) to act as an authoritative nameserver rather than just a caching nameserver.

    >Anyway, it's much harder to test djbdns with your current procedure, you either need to test it as primary or both >primary/secondary be running djbdns.
    Let say you have just two domains anchormariner.com and dragonhearttangsoodo.com and you are trying to setup tinydns as the >primary on ns.anchormariner.com then you'd need something like this on ns.anchormariner.com:

    I am trying to get this server to reply as an authoritative server for my domains when directly queried, before I delegate my domains to nsx.anchormariner.com as the primary nameserver. I hope I'm doing this right I just want to leave my other serevr up right now so its answering queries.

    Thanks again for your help!!!!! This is just my testing server.

    -Eric
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> I am trying to get this server to reply as an authoritative server for my domains when directly queried

    Your nsx is still dead. Are you sure nsx has direct connection to the Internet or is it behind a hardware router using NAT and assigning non-routable IP (192.168.0.x) to it?
    If it's behind a router, the non-standard setup, read here

    >> until I can get nsx.anchormariner.com(66.224.24.190) to act as an authoritative nameserver rather than just a caching nameserver

    djbdns is not BIND. You can't run dnscache and tinydns on the same IP. Therefore, nsx can be either one, but not both. Your nsx doesn't seeem to know its own IP address, therefore it's refusing to give DNS reply at the moment.
  24. #13
  25. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Posts
    27
    Rep Power
    0
    I really appreciate all your help!!! I reset the tinydns IP to the private 192.168.254.X and everything seems to be working now :
    (although I did have it set to that before. I guess something has changed[I hate not knowing what])

    nsx# dnsq ns dragonhearttangsoodo.com nsx.anchormariner.com
    2 dragonhearttangsoodo.com:
    123 bytes, 1+2+0+2 records, response, authoritative, noerror
    query: 2 dragonhearttangsoodo.com
    answer: dragonhearttangsoodo.com 259200 NS ns.anchormariner.com
    answer: dragonhearttangsoodo.com 259200 NS nsx.anchormariner.com
    additional: ns.anchormariner.com 86400 A 66.224.49.108
    additional: nsx.anchormariner.com 86400 A 66.224.24.193

    Now I need to go through and make sure I know exactly whats going on. Again thank you for your help.

    -Eric

IMN logo majestic logo threadwatch logo seochat tools logo