queries

queries

Post by John Hasca » Wed, 14 Dec 2005 18:39:40



You didn't really provide enough details to be sure, but if the client
is a Unix/Linux-type look at /etc/resolv.conf, in particular lines
like:

domain com
or
search ... com ...

and
options ndots:N

where N is some number. Doing "man resolv.conf" should be of some
assistance in determining what you really want there.

If it is a Windows machine, there is probably some similar control panel.


John
 
 
 

queries

Post by Eric Benoi » Wed, 14 Dec 2005 23:22:13

Greetings, I set up an internal DNS with BIND 9.3.1
Everything seemed to be working great until I went to a couple of
different clients and the lookups ...well they didn't really fail, but
the client couldn't resolve to my internal hosts ...could it be the
clients? I am using a class c network and allowed queries from
192.168.1.0/24.

I do nslookup from the client and everything works things resolve, but
the browser adds .com??

I know this is prolly simple, just stuck.

 
 
 

queries

Post by Eric Benoi » Thu, 15 Dec 2005 02:47:45

sorry about that, I am new :)

I am using a debian 3.1 sarge ppc build running BIND 9.3.1. as my DNS
server.

All the clients on my class C network have it's IP
address(192.168.1.16(sting)) listed as the first DNS server. The client
computers are a mixture of win98, winXP and linux. Some of the client
computers are able to get to Internal servers some are not. The client
computers that cannot get to our Internal servers via its hostname act
strangly, when I use nslookup (a microsoft tool) to lookup "secure" the
DNS appears to be working just fine.

example:

client computer A can get to http://secure through a browser
but
client computer B goes to http://www.yqcomputer.com/ instead of http://secure
like it is supposed to using a browser

"secure" is the name of a server listed on my DNS server as a master zone


Here is the entry for "secure":

$ttl 38400
secure. IN SOA secure. eric.hopevale.com. (
1115035962
10800
3600
604800
38400 )
secure. IN NS sting.
secure. 5D IN A 192.168.1.18
 
 
 

queries

Post by Mark Andre » Thu, 15 Dec 2005 06:21:45


Single label hostnames went away 20 years ago. Resolvers and
applications treat them as unqualified hostnames and try to
qualify them.

Mark
 
 
 

queries

Post by Mark Andre » Thu, 15 Dec 2005 06:48:49


You may also want to fix the delegation for hopevale.com.
I would remove the two wnyric.org servers and add the
fast.net servers. The later atleast allow anyone in
the world to query them.

hopevale.com. 64911 IN NS ns4.wnyric.org.
hopevale.com. 64911 IN NS ns1.fast.net.
hopevale.com. 64911 IN NS ns2.fast.net.
hopevale.com. 64911 IN NS ns3.fast.net.
hopevale.com. 64911 IN NS ns3.wnyric.org.

bsdi# tcpdump -n -i sis0 port 53 or icmp
tcpdump: listening on sis0
08:47:05.030927 220.237.98.197.1328 > 168.169.8.22.53: 64126 MX? hopevale.com. (30)
08:47:10.038943 220.237.98.197.1328 > 168.169.8.22.53: 64126 MX? hopevale.com. (30)
08:47:21.574084 220.237.98.197.4487 > 168.169.8.21.53: 13419 MX? hopevale.com. (30)
08:47:26.579327 220.237.98.197.4487 > 168.169.8.21.53: 13419 MX? hopevale.com. (30)
^C
1845 packets received by filter
0 packets dropped by kernel
bsdi#
Mark
 
 
 

queries

Post by Eric Benoi » Thu, 15 Dec 2005 22:09:14

So I should add an extra domain like secure.intranet and make intranet
the master then all my server names would be apart of the master?
 
 
 

queries

Post by Eric Benoi » Thu, 15 Dec 2005 22:24:55

Thanks for the heads up, I don't handle the external DNS, I should
probably know more about why(security risks?) that would be an issue
before I ask the people incharge of external DNS if I should change it.

Thank you again.
 
 
 

queries

Post by Eric Benoi » Thu, 15 Dec 2005 23:01:13

orked!! Thanks Mark.

Eric Benoit wrote:


 
 
 

queries

Post by Mark Andre » Fri, 16 Dec 2005 09:56:15


When you publish a delegation you are telling the world that
you are willing to answer queries for this zone on these
nameservers. If you are not willing to do this then don't
list the nameserver. Currently the only nameservers listed
in the parent zone don't answer queries from my address or my
IPS's nameservers (203.2.75.132, 198.142.0.51).

I suspect someone has said we don't need to answer queries
from APNIC. There is no one anywhere is ASIA or the Pacific
we would ever want to talk to. The fact that you are talking
to me (indirectly via a mailing list) show how wrong and short
sighted that reasoning to be.

hopevale.com. 172800 IN NS ns3.wnyric.org.
hopevale.com. 172800 IN NS ns4.wnyric.org.
;; Received 76 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 852 ms

Mark