Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Resolver Error 0 (no error)

322 views
Skip to first unread message

Bob

unread,
Oct 9, 2003, 12:52:56 PM10/9/03
to
I'm installing a new Solaris DNS server running Bind 9.2.2. This
system is in a DMZ and the firewall is NAT translating to a public IP
address.

At first glance it appears to properly resolve the zones that it is
authoritative for and it is retreiving the proper addresses for
external systems.

But there is one test that is giving me an odd result and I'm just not
sure what's going on. When I specify another nameserver on the
command line for nslookup, I get a no-error error, and then get a
(correct) response from the *local* nameserver instead of the
specified one.

> nslookup www.cisco.com ns1.cisco.com
*** Can't find server address for 'ns1.cisco.com': Resolver Error 0
(no error)

Server: ns.mydomain.com
Address: 10.10.10.12

Non-authoritative answer:
Name: www.cisco.com
Address: 198.133.219.25

Dig appears to work fine with a specified nameserver (dig
@ns1.cisco.com www.cisco.com). Is this just a bug with nslookup?

I just tried this too:
> host www.cisco.com ns1.cisco.com
host: Couldn't find server 'ns1.cisco.com': host/servname not known

But if I dig or nslookup ns1.cisco.com, it does resolve
(128.107.241.185).

Any ideas?
Thanks,

Bobby Johnson
bobby.john...@esecurityinc.com

Pete Ehlke

unread,
Oct 9, 2003, 2:29:32 PM10/9/03
to
On Thu, Oct 09, 2003 at 09:52:56AM -0700, Bob wrote:
> I'm installing a new Solaris DNS server running Bind 9.2.2. This
> system is in a DMZ and the firewall is NAT translating to a public IP
> address.
>
> At first glance it appears to properly resolve the zones that it is
> authoritative for and it is retreiving the proper addresses for
> external systems.
>
> But there is one test that is giving me an odd result and I'm just not
> sure what's going on. When I specify another nameserver on the
> command line for nslookup, I get a no-error error, and then get a
> (correct) response from the *local* nameserver instead of the
> specified one.
>
> > nslookup www.cisco.com ns1.cisco.com
> *** Can't find server address for 'ns1.cisco.com': Resolver Error 0
> (no error)
>
This is a coincidence of the server that you chose :)

Cisco had a DNS configuration problem over the past couple of days that
manifested itself as some of their servers reporting that ns1.cisco.com
had an address in RFC 1918 space. Cascading errors in rsolvinf cisco.com
namespace were... interesting.

-Pete

Bobby Johnson

unread,
Oct 9, 2003, 3:04:48 PM10/9/03
to
I wish that were my problem, but I get the same error with other servers as
well...
> nslookup www.dell.com ns-east.cerf.net
*** Can't find server address for 'ns-east.cerf.net': Resolver Error 0 (no
error)

Server: ns.mydomain.com
Address: 10.10.10.12

Non-authoritative answer:
Name: www.ins.dell.com
Address: 143.166.224.230
Aliases: www.dell.com


I just noticed the error that dig displays....
> dig @ns-east.cerf.net www.dell.com

; <<>> DiG 8.3 <<>> @ns-east.cerf.net www.dell.com
; Bad server: ns-east.cerf.net -- using default server and timer opts
; (1 server found)
[snip]

The answer gets provided by my server instead of the ns-east.cerf.net
nameserver.

I can successfully resolve ns-east.cerf.net (nslookup and/or dig)...

> nslookup ns-east.cerf.net
Server: ns.mydomain.com
Address: 10.10.10.12

Non-authoritative answer:
Name: ns-east.cerf.net
Address: 207.252.96.3


Thanks for your time,
--
Bobby Johnson
e-Security, Inc.
Enterprise Security Management
bobby....@esecurityinc.com
www.esecurityinc.com

Barry Margolin

unread,
Oct 10, 2003, 10:10:25 AM10/10/03
to
In article <bm4npi$1ahm$1...@sf1.isc.org>,

Bobby Johnson <Bobby....@esecurityinc.com> wrote:
>I wish that were my problem, but I get the same error with other servers as
>well...
>> nslookup www.dell.com ns-east.cerf.net
>*** Can't find server address for 'ns-east.cerf.net': Resolver Error 0 (no
>error)
>
>Server: ns.mydomain.com
>Address: 10.10.10.12
>
>Non-authoritative answer:
>Name: www.ins.dell.com
>Address: 143.166.224.230
>Aliases: www.dell.com
>
>
>I just noticed the error that dig displays....
>> dig @ns-east.cerf.net www.dell.com
>
>; <<>> DiG 8.3 <<>> @ns-east.cerf.net www.dell.com
>; Bad server: ns-east.cerf.net -- using default server and timer opts
>; (1 server found)
>[snip]

Check you /etc/nsswitch.conf -- maybe you're configured to use another
resolving mechanism, and it's failing.

--
Barry Margolin, barry.m...@level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Bob

unread,
Oct 13, 2003, 2:31:21 PM10/13/03
to
Barry Margolin <barry.m...@level3.com> wrote in message news:<bm6f9s$30a1$1...@sf1.isc.org>...

[snip]
>
> Check you /etc/nsswitch.conf -- maybe you're configured to use another
> resolving mechanism, and it's failing.

It never even occured to me to bother with nsswitch.conf. That cleared it all up.

I owe you a beer Barry!

Bobby

0 new messages