[Bind-users] Limited visibility
Remko Lodder
do you see the packets outgoing on the remote machine
do you see anything at all in your logs?
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: bind-user...@lists.elvandar.org
[mailto:bind-user...@lists.elvandar.org]Namens Geoff Austin
Verzonden: zondag 25 januari 2004 10:28
Aan: comp-protoc...@isc.org
Onderwerp: [Bind-users] Limited visibility
Hi,
I recently set up a couple of dns servers for my domain and had the parent
domain point at them.
They work fine from my side (looking out) and they work fine for some of the
people trying to resolve machines in my domain. However, there are several
people who cannot resolve addresses in my domain.
I have run www.dnsreport.com against the domain and it seems happy.
I'm running bind 9.2.2-p3 on fedora
The domain name is w-sys.co.uk
The ip address of the primary DNS server is 82.68.177.91
The ip address of the secondary DNS server is 82.68.177.92
Examples of DNS servers that cannot resolve are:
ns1.bt.net
ns1.ip-plus.net
Examples that can:
212.23.2.11
212.23.6.35
If any body can give me some pointers it would be much appreciated.
Thanks,
Geoff Austin
_______________________________________________
Bind-users mailing list
Bind-...@lists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/bind-users
HuMPie
servers)
Best Regards,
HuMPie @ Grunn.Org
---------------------
Disclamer:
All you do with the suggestion in this mail is you responsibillity even
if your system will crash :)
Remko Lodder
since you DARE to ask something you dont
understand, thats good, dont feel like an idiot
ok ;)
you can use tcpdump -n -i $iface dst port 53
for hardcore dumping packages (perhaps use -X as well)
or you can add this to your named.conf
category queries { "default_syslog"; };
in the section logging
this works for bind9
if you use bind8 you can also use ndc querylog on
to get the same
cheers
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: Geoff Austin [mailto:ge...@w-sys.co.uk]
Verzonden: woensdag 28 januari 2004 20:24
Aan: Remko Lodder
CC: comp-protoc...@isc.org
Onderwerp: RE: [Bind-users] Limited visibility
On Tue, 2004-01-27 at 19:44, Remko Lodder wrote:
> do you see any incoming packets from them?
> do you see the packets outgoing on the remote machine
>
> do you see anything at all in your logs?
>
> --
>
Now I'm going to sound like an idiot, but here goes...
How would I see incoming and outgoing packets? Do I need to use
something like Ethereal?
The only log file I can find with dns messages in is /var/log/messages.
This has startup and shutdown messages in and message pairs like:
Jan 28 07:36:09 dns named[13745]: client 82.68.177.94#34976:
updating zone 'w-sys.co.uk/IN': update failed: 'RRset exists (value
dependent)' prerequisite not satisfied (NXRRSET)
Jan 28 07:36:09 dns named[13745]: client 82.68.177.94#34650: update
'w-sys.co.uk/IN' denied
Do I need to look somewhere else, or perhaps switch on some level of
debug?
Remko Lodder
i do that myself as well.
my attempts below:
elvandar# dig www.w-sys.co.uk
; <<>> DiG 9.2.2 <<>> www.w-sys.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27330
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.w-sys.co.uk. IN A
;; ANSWER SECTION:
www.w-sys.co.uk. 10 IN CNAME mail.w-sys.co.uk.
mail.w-sys.co.uk. 5777 IN A 82.68.177.92
;; AUTHORITY SECTION:
w-sys.co.uk. 4858 IN NS dns.w-sys.co.uk.
w-sys.co.uk. 4858 IN NS mail.w-sys.co.uk.
;; Query time: 57 msec
;; SERVER: 10.0.2.121#53(10.0.2.121)
;; WHEN: Wed Jan 28 21:53:37 2004
;; MSG SIZE rcvd: 100
elvandar# nslookup www.w-sys.co.uk dns.w-sys.co.uk
Server: dns.w-sys.co.uk
Address: 82.68.177.91#53
www.w-sys.co.uk canonical name = mail.w-sys.co.uk.
Name: mail.w-sys.co.uk
Address: 82.68.177.92
elvandar# nslookup www.w-sys.co.uk mail.w-sys.co.uk
Server: mail.w-sys.co.uk
Address: 82.68.177.92#53
www.w-sys.co.uk canonical name = mail.w-sys.co.uk.
Name: mail.w-sys.co.uk
Address: 82.68.177.92
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: Geoff Austin [mailto:ge...@w-sys.co.uk]
Verzonden: woensdag 28 januari 2004 21:51
Aan: Remko Lodder
CC: comp-protoc...@isc.org
Onderwerp: RE: [Bind-users] Limited visibility
Thanks Remko ;)
So the answer is:
There are no queries logged and no packets in
when I use "dig @ns1.bt.net www.w-sys.co.uk".
Since I am running the query from my domain, I do see a lookup of
ns1.bt.net, but that comes from me rather than bt.
I get the following output from dig:
[gaustin@lwks gaustin]$ dig @ns1.bt.net www.w-sys.co.uk
; <<>> DiG 9.2.2-P3 <<>> @ns1.bt.net www.w-sys.co.uk
;; global options: printcmd
;; connection timed out; no servers could be reached
Looks like it cannot find the name server...
Remko Lodder
since you DARE to ask something you dont
understand, thats good, dont feel like an idiot
ok ;)
you can use tcpdump -n -i $iface dst port 53
for hardcore dumping packages (perhaps use -X as well)
or you can add this to your named.conf
category queries { "default_syslog"; };
in the section logging
this works for bind9
if you use bind8 you can also use ndc querylog on
to get the same
cheers
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: Geoff Austin [mailto:ge...@w-sys.co.uk]
Verzonden: woensdag 28 januari 2004 20:24
Aan: Remko Lodder
CC: comp-protoc...@isc.org
Onderwerp: RE: [Bind-users] Limited visibility
Geoff Austin
So the answer is:
There are no queries logged and no packets in
when I use "dig @ns1.bt.net www.w-sys.co.uk".
Since I am running the query from my domain, I do see a lookup of
ns1.bt.net, but that comes from me rather than bt.
I get the following output from dig:
[gaustin@lwks gaustin]$ dig @ns1.bt.net www.w-sys.co.uk
; <<>> DiG 9.2.2-P3 <<>> @ns1.bt.net www.w-sys.co.uk
;; global options: printcmd
;; connection timed out; no servers could be reached
Looks like it cannot find the name server...
On Wed, 2004-01-28 at 19:30, Remko Lodder wrote:
Geoff Austin
> And did you have a correct root.cache file (stores all the root dns
> servers)
>
I have a named.hint file that points to a named.ca file that contains
root server NS and A records. Last update Nov 5 2002 according to the
comments in the header, but delivered by Redhat so I'm guessing it can't
be that much out of date.
Geoff Austin
Remko Lodder
my attempts below:
elvandar# dig www.w-sys.co.uk
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: Geoff Austin [mailto:ge...@w-sys.co.uk]
Verzonden: woensdag 28 januari 2004 21:51
Aan: Remko Lodder
CC: comp-protoc...@isc.org
Onderwerp: RE: [Bind-users] Limited visibility
Ed Schmollinger
new copy here:
ftp://ftp.rs.internic.net/domain/named.root
It is not vital that you update your root hints file now now right now.
named should be able to bootstrap so long as there is at least one
correct entry in there.
--
Ed Schmollinger - schm...@frozencrow.org
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAGoNDuUf1YjPlx/ARAmNHAJwMP489UukKAkR2/NXFW24EXtYPaACfacqo
bVTHOby/7eNMnwG67dQIE5Q=
=KDCW
-----END PGP SIGNATURE-----