#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    UK
    Posts
    5
    Rep Power
    0

    Unhappy Help with DNS errors


    Hi,

    I'm not new to DNS, but everything I know I have taught myself, so I know I have a few gaps.

    A few weeks ago I changed the NS records for hotelscene.co.uk to point to two in house servers running Redhat Linux and Bind 9.2.0.

    All was well until a few days later we started getting calls from one of our clients saying that they couldn't see our secure server (secure.hotelscene.co.uk) So I started to look in to this and couldn't find much, so I got in contact with their IT people and they replied with:

    "The problem is your end!" (See Attached file for their email to me. I have replaced any instance of their name with XXXX for DP reasons. )

    It's really got me as some of their offices can see our secure server and some can't, but they ALL can see the main site ("www.hotelscene.co.uk") and the hole of the world can see both (or at least the IT Dept here, using there home machines can and we haven't had any other clients ring up)

    I know it must be something that I have missed or is not configured right to work with this client.
    Can anyone tell me what I need to do to resolve this as I don't fully understand what they are on about in the email and it takes them SOO long to reply to me.

    Thanks,

    Matthew.
    Attached Files
  2. #2
  3. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173

    Their email is kind of amusing ;-)


    I also taught myself all I know about DNS, but I've read through whole RFC's, so that there wouldn't be many gaps. My gaps tend to be in the server implementations. (like: "You calling my dns servers lame? how dare you!" [me not knowing what lame servers are. ;-)]) But the master file format, record types, authoritative vs non-authoritative... all that is covered in RFC's.

    So, I understood the email. Three things you need to do - one especially icky problem, one minor problem.

    Big Problem: Incomplete zone files.

    You need to add an 'A' record for both the ns1 and ns2 hosts. You've got these two records, but as of right now they're just names. They can't be resolved to IP's.

    hotelscene.co.uk. IN NS ns1.hotelscene.co.uk.
    hotelscene.co.uk. IN NS ns2.hotelscene.co.uk.

    So add the following:

    ns1.hotelscene.co.uk. IN A 212.104.154.17
    ns2.hotelscene.co.uk. IN A 212.104.154.17

    The IP I used is the same that your IT guys used to retrieve the zone. So it's a valid IP, although I don't know the IP for the secondary server. Change as required.

    Medium Problem: Missing reverse lookup zone files.

    Right now you have the following:

    Request: hotelscene.co.uk
    Response: (A) 212.104.154.17

    It is an easy thing (once the name servers resolve) to resolve the domain to an IP. But what about resolving the IP to a domain? The IT people said that domain checking was failing cause it couldn't resolve the IP to a domain. So somebody needs to be able to send a specially formatted request to your server to resolve the IP to a domain. This is what the request name looks like:

    Request: 17.154.104.212.IN-ADDR.ARPA
    Response: (PTR) hotelscene.co.uk.

    So create a new zone that will handle the request above, and add a PTR record bearing the name the IP resolves to.

    Small Problem: Old DNS servers are still authoritative.

    What does that mean? They think they have up-to-date valid information on your zone, and this just isn't true. They're old, they shouldn't even be used to make requests for your zone! So take your zone out of them, and make sure that anything using those servers now use the new servers.
    Last edited by SilentRage; July 3rd, 2003 at 10:37 AM.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    UK
    Posts
    5
    Rep Power
    0
    Hi SilentRage,

    Thanks very much for your reply.

    After going to lunch and having a break from it all, the email started to make sence. However your reply put it all in place.

    I have now fixed the "Big Problem" and have created reverse lookup zone files to try and fix the "Medium Problem" (However the ISP that gives us our IP's has pointed them at their NS so that wont work until we move at the end of the month and I sweet talk our new ISP )

    As for the small problem, I've emailed them and left it to them.

    Thanks once again for your help.

    Matthew.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    UK
    Posts
    5
    Rep Power
    0
    Hi,

    There is one more quick question.

    Do I have to have:

    ns1.hotelscene.co.uk. IN A 212.104.132.90
    ns2.hotelscene.co.uk. IN A 212.104.154.17

    In every zone file for every domain that uses the Name Server?

    Thanks,

    Matthew.
  8. #5
  9. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    No, they only have to be in the hotelscene.co.uk zone cause requests for those 2 domains will also be resolved within that zone.

IMN logo majestic logo threadwatch logo seochat tools logo