Re: ?????: DNS in LDAP

To: <debian-edu@lists.debian.org>
Subject: Re: ?????: DNS in LDAP
From: "Oded Naveh" <skilinux@gmail.com>
Date: Wed, 20 May 2009 00:12:06 +0300
Message-id: <[🔎] 29973C0D1E9D494FA3277559FC696B43@static00>
In-reply-to: <24652DF7404F44C5B7EDF4DDF592D2BB@static00>
References: <[🔎] 4A0AA139.6020503@bzz.no> <[🔎] C5BA4D8DCA6C4017B9D95533327F02CD@static00> <[🔎] 4A0ADACA.6040207@bzz.no> <24652DF7404F44C5B7EDF4DDF592D2BB@static00>

Just now realized I failed to send this message to the list :-o

On Wed, May 13, 2009 at 6:48 PM, Oded Naveh <skilinux@gmail.com> wrote:
>
> John S. Skogtvedt wrote:
> > # host -v tjener 10.0.2.2
> > Trying "tjener.intern"
> > Using domain server:
> > Name: 10.0.2.2
> > Address: 10.0.2.2#53
> > Aliases:
> >
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33604
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;tjener.intern.                 IN      A
> >
> > ;; ANSWER SECTION:
> > tjener.intern.          3600    IN      A       10.0.2.2
> >
> > Received 47 bytes from 10.0.2.2#53 in 1 ms
> > Trying "tjener.intern"
> > Host tjener.intern not found: 3(NXDOMAIN)
> > Received 106 bytes from 10.0.2.2#53 in 4 ms
> > Trying "tjener.intern"
> > Host tjener.intern not found: 3(NXDOMAIN)
> > Received 106 bytes from 10.0.2.2#53 in 3 ms
>
> Next guess:
> The nameserver only has an A record for tjener but misses AAAA and MX
> records.
> It may be tested by:
> # host -t [A|AAAA|MX] tjener
>
> I'm not sure whether -if true- it will affect functionality on our LAN.
> Maybe it's an pdns configuration issue, I still use bind here.

Now using pdns.

man host says:
"The -t option is used to select the query type.... When no
       query type is specified, host automatically selects an appropriate
       query type. By default it looks for A, AAAA, and MX records...."

We only have an A record which is returned:
> ;; ANSWER SECTION:
> tjener.intern.          3600    IN      A       10.0.2.2
the queries for the other records are passed to the recursor that answers with nonexistent domain for each.

Query for just an A record only return the found record:
# host -t A tjener
tjener.intern has address 10.0.2.2

Query without recursion also return just this:
# host -r tjener
tjener.intern has address 10.0.2.2

But -v reveals that the other records are simply not answered:
# host -vr tjener
Trying "tjener.intern"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47701
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 ->                        ^-------^
;; QUESTION SECTION:
;tjener.intern.                 IN      A

;; ANSWER SECTION:
tjener.intern.          3600    IN      A       10.0.2.2

Received 47 bytes from 127.0.0.1#53 in 6 ms
Trying "tjener.intern"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44964
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 ->                        ^-------^
;; QUESTION SECTION:
;tjener.intern.                 IN      AAAA
 ->                                     ^--^
;; AUTHORITY SECTION:
intern.                 3600    IN      SOA     ns.intern. root.intern. 1 1800 3600 86400 7200

Received 75 bytes from 127.0.0.1#53 in 5 ms
Trying "tjener.intern"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14658
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 ->                        ^-------^
;; QUESTION SECTION:
;tjener.intern.                 IN      MX
 ->                                    ^--^
;; AUTHORITY SECTION:
intern.                 3600    IN      SOA     ns.intern. root.intern. 1 1800 3600 86400 7200

Received 75 bytes from 127.0.0.1#53 in 3 ms

This however is the same as with bind9:
# host -v tjener
Trying "tjener.intern"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;tjener.intern.                 IN      A

;; ANSWER SECTION:
tjener.intern.          3600    IN      A       10.0.2.2

;; AUTHORITY SECTION:
intern.                 3600    IN      NS      domain.intern.

;; ADDITIONAL SECTION:
domain.intern.          3600    IN      A       10.0.2.2

Received 84 bytes from 127.0.0.1#53 in 10 ms
Trying "tjener.intern"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17039
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;tjener.intern.                 IN      AAAA

;; AUTHORITY SECTION:
intern.                 3600    IN      SOA     domain.intern. hostmaster.intern. 2008070500 28800 10800 2419200 3600

Received 85 bytes from 127.0.0.1#53 in 4 ms
Trying "tjener.intern"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9763
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;tjener.intern.                 IN      MX

;; AUTHORITY SECTION:
intern.                 3600    IN      SOA     domain.intern. hostmaster.intern. 2008070500 28800 10800 2419200 3600

Received 85 bytes from 127.0.0.1#53 in 2 ms

Like Andreas noted:
>
> Then I set:
> ##############################
> ###
> # allow-recursion-override Set this so that local data fully
> # overrides the recursor
> #
> allow-recursion-override=yes
>
> and now also
>
> host tjener works.
>
> But I think this may be only a hint not the solution.

I think it is a solution but I don't think there's really a problem.
I suppose it may be left as is, for NXDOMAIN reply seems to me as good as no answer, if not better.

Odd.

Reply to:

References:
- DNS in LDAP
  - From: "John S. Skogtvedt" <jss@bzz.no>
- ?????: DNS in LDAP
  - From: "Oded Naveh" <skilinux@gmail.com>
- Re: ?????: DNS in LDAP
  - From: "John S. Skogtvedt" <jss@bzz.no>

Prev by Date: RE: should iceweasel really be the default browser?
Next by Date: Re: Losing weight is EASY!
Previous by thread: Re: ?????: DNS in LDAP
Next by thread: Re: DNS in LDAP
Index(es):
- Date
- Thread