OT: Silly Bind question
Mark D. Foster
mark at foster.cc
Sat Feb 2 22:00:23 PST 2008
DAve wrote:
> Excuse the OT question but I need a well rounded experienced group for
> this question. I have begun a migration from Bind to TinyDNS. TinyDNS is
> working flawlessly, beyond expectations. However I need to drag the old
> Bind servers behind until I can get several hundred pieces of client
> equipment and devices switched over to the new DNS servers. This because
> we are also changing the domain name of our authoritative servers.
>
> The problem, I have a client requesting SPF records. The TinyDNS servers
> are responding correctly but for the life of me I cannot get Bind to
> return a TXT record. I am baffled as to what I've done wrong.
>
> An example domain, pixelhammer.com querying the new servers.
> bash-2.05b$ dig @ns1.tls.net pixelhammer.com txt
>
> ; <<>> DiG 8.3 <<>> @ns1.tls.net pixelhammer.com txt
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; pixelhammer.com, type = TXT, class = IN
>
> ;; ANSWER SECTION:
> pixelhammer.com. 23h47m45s IN TXT "v=spf1 ip4:65.196.224.82
> ip4:65.196.224.83 ~all"
>
> ;; Total query time: 4 msec
> ;; FROM: avhost1.tls.net to SERVER: ns1.tls.net 65.124.104.29
> ;; WHEN: Sun Feb 3 00:10:36 2008
> ;; MSG SIZE sent: 33 rcvd: 93
>
> No problem there, but when I query the old bind servers, I get nuthin,
> nada, zip.
>
> bash-2.05b$ dig @ns1.totallogic.com pixelhammer.com txt
>
> ; <<>> DiG 8.3 <<>> @ns1.totallogic.com pixelhammer.com txt
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; pixelhammer.com, type = TXT, class = IN
>
> ;; AUTHORITY SECTION:
> pixelhammer.com. 1D IN SOA ns2.totallogic.com.
> hostmaster.tls.net. (
> 2008020219 ; serial
> 3H ; refresh
> 1H ; retry
> 1D ; expiry
> 1D ) ; minimum
>
>
> ;; Total query time: 3 msec
> ;; FROM: avhost1.tls.net to SERVER: ns1.totallogic.com 65.196.224.2
> ;; WHEN: Sun Feb 3 00:10:01 2008
> ;; MSG SIZE sent: 33 rcvd: 102
>
>
> Here are the contents of the zone file.
> ;Creating pixelhammer.com zone file
> $TTL 1D
> @ IN SOA ns2.totallogic.com. hostmaster.tls.net. (
> 2008020219 3H 1H 1D 1D )
>
> ; MX Recs
> IN MX 10 avhost.tls.net.
> IN MX 20 mailgate.tls.net.
>
> ; NS Recs
> IN NS ns1auth.tls.net.
> IN NS ns3auth.tls.net.
> IN NS ns2auth.tls.net.
>
> ; A Recs
> IN A 65.196.224.25
> www IN A 65.196.224.25
> ftp IN A 65.196.224.25
>
> ; TEXT Recs
> IN TXT "v=spf1 ip4:65.196.224.82 ip4:65.196.224.83 ~all"
>
> ; CNAME Recs
> mail IN CNAME mail.tls.net.
> smtp IN CNAME smtp.tls.net.
>
> ;END pixelhammer.com zone file
>
> I am stumped, what have I done wrong?
>
> Thanks,
>
> DAve
>
>
>
Looks to me like you need to remove the pixelhammer.com zone from your
old bind servers, as the delegation from the root points to
ns1auth.tls.net and ns2auth.tls.net both of which appear to have
authority for the zone AND the txt record you seek.
monk:~> dig +trace pixelhammer.com ns
; <<>> DiG 9.4.1-P1 <<>> +trace pixelhammer.com ns
;; global options: printcmd
. 65035 IN NS I.ROOT-SERVERS.NET.
. 65035 IN NS J.ROOT-SERVERS.NET.
. 65035 IN NS K.ROOT-SERVERS.NET.
. 65035 IN NS L.ROOT-SERVERS.NET.
. 65035 IN NS M.ROOT-SERVERS.NET.
. 65035 IN NS A.ROOT-SERVERS.NET.
. 65035 IN NS B.ROOT-SERVERS.NET.
. 65035 IN NS C.ROOT-SERVERS.NET.
. 65035 IN NS D.ROOT-SERVERS.NET.
. 65035 IN NS E.ROOT-SERVERS.NET.
. 65035 IN NS F.ROOT-SERVERS.NET.
. 65035 IN NS G.ROOT-SERVERS.NET.
. 65035 IN NS H.ROOT-SERVERS.NET.
;; Received 436 bytes from 192.168.1.11#53(192.168.1.11) in 3 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 493 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 488 ms
pixelhammer.com. 172800 IN NS ns1auth.tls.net.
pixelhammer.com. 172800 IN NS ns2auth.tls.net.
;; Received 116 bytes from 192.54.112.30#53(h.gtld-servers.net) in 179 ms
monk:~> host ns1auth.tls.net
ns1auth.tls.net has address 65.124.104.30
monk:~> host ns2auth.tls.net
ns2auth.tls.net has address 65.123.104.30
monk:~> dig @ns1auth.tls.net pixelhammer.com txt
; <<>> DiG 9.4.1-P1 <<>> @ns1auth.tls.net pixelhammer.com txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11218
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;pixelhammer.com. IN TXT
;; ANSWER SECTION:
pixelhammer.com. 86400 IN TXT "v=spf1
ip4:65.196.224.82 ip4:65.196.224.83 ~all"
;; AUTHORITY SECTION:
pixelhammer.com. 86400 IN NS ns1auth.tls.net.
pixelhammer.com. 86400 IN NS ns2auth.tls.net.
pixelhammer.com. 86400 IN NS ns3auth.tls.net.
;; ADDITIONAL SECTION:
ns1auth.tls.net. 86400 IN A 65.124.104.30
ns2auth.tls.net. 86400 IN A 65.123.104.30
ns3auth.tls.net. 86400 IN A 65.124.110.14
;; Query time: 84 msec
;; SERVER: 65.124.104.30#53(65.124.104.30)
;; WHEN: Sat Feb 2 21:39:41 2008
;; MSG SIZE rcvd: 214
--
Said one park ranger, 'There is considerable overlap between the
intelligence of the smartest bears and the dumbest tourists.'
Mark D. Foster, CISSP <mark at foster.cc> http://mark.foster.cc/
More information about the freebsd-questions
mailing list