Results 1 to 5 of 5

Thread: dig only works with +domain

  1. #1
    Junior Member
    Join Date
    Dec 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default dig only works with +domain

    Hi all,
    Strange problem...
    I've been setting up a new DNS server (internal only) and believe it is working properly. However....
    When I try to use dig it hangs unless I use dig +domain.
    I've tried adding search and domain statements to /etc/resolv.conf but same results.
    nslookup and host work fine.
    OS is RHEL5.5
    any ideas ?

    Code:
    dnsserver$ host vbox1
    vbox1.subdomain.mydomain.local has address 192.168.1.101
    dnsserver$ nslookup vbox1
    Server:         127.0.0.1
    Address:        127.0.0.1#53
    
    Name:   vbox1.subdomain.mydomain.local
    Address: 192.168.1.101
    
    dnsserver$ dig vbox1
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> vbox1
    ;; global options:  printcmd
    ;; connection timed out; no servers could be reached
    
    dnsserver$ dig vbox1 +domain=subdomain.mydomain.local
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> vbox1 +domain=subdomain.mydomain.local
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;vbox1.subdomain.mydomain.local.     IN      A
    
    ;; ANSWER SECTION:
    vbox1.subdomain.mydomain.local. 604800 IN    A       192.168.1.101
    
    ;; AUTHORITY SECTION:
    subdomain.mydomain.local.    604800  IN      NS      dnsserver.subdomain.mydomain.local.
    
    ;; ADDITIONAL SECTION:
    dnsserver.subdomain.mydomain.local. 604800 IN  A       192.168.1.1
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Thu Dec  9 12:36:56 2010
    ;; MSG SIZE  rcvd: 97
    
    [sysdep@krypton ~]$ cat /etc/resolv.conf
    search subdomain.mydomain.local
    nameserver 127.0.0.1
    nameserver 192.168.1.1
    
    dnsserver$ dnsdomainname
    dnsserver$ domainname
    (none)
    dnsserver$ cat /etc/sysconfig/network
    NETWORKING=yes
    NETWORKING_IPV6=no
    HOSTNAME=dnsserver.subdomain.mydomain.local
    GATEWAY=192.168.1.251

  2. #2
    Senior Member monk's Avatar
    Join Date
    Jan 2005
    Location
    Tibet
    Posts
    643
    Thanks
    5
    Thanked 43 Times in 38 Posts
    Rep Power
    15

    Default

    dig always connects to root server to fetch the information. Since your domain is not registered in the root server you are not going to find the answer to your question. Use host command which follows /etc/resolv.conf.
    May the force with you!

  3. #3
    Junior Member
    Join Date
    Dec 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Quote Originally Posted by monk View Post
    dig always connects to root server to fetch the information. Since your domain is not registered in the root server you are not going to find the answer to your question. Use host command which follows /etc/resolv.conf.
    hmmm.... I thought that dig used the servers listed in /etc/resolv.conf as stated in the man page for dig ( or I misunderstood the following lines from man dig ):

    ....Unless it is told to query a specific name server, dig will try each of the
    servers listed in /etc/resolv.conf.
    When no command line arguments or options are given, dig will perform an NS
    query for "." (the root).
    anyhoo....
    I added the "recursion no;" option to named.conf and dig responds now, but does not give an answer section, only a authority section. Guess that's ok...right ??

    My named.conf :
    Code:
    options {
            directory "/var/named";
            dump-file "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
    
            listen-on { 192.168.1.1; };
            listen-on { 127.0.0.1; };
            listen-on-v6 { none; };
            //forwarders { 172.0.1.100; 172.0.1.101; };
            dnssec-enable yes;
            recursion no;
            //allow-notify { 192.168.1.1; 192.168.1.2; };
            version "My DNS Server";
            auth-nxdomain no;
            // query-source address * port 53;
    };
    
    logging {
           channel default_debug {
                file "/var/named/data/named.run";
                severity dynamic;
           };
    };
    
    zone "." IN {
            type hint;
            file "named.root";
    };
    
    zone "localdomain." IN {
            type master;
            file "localdomain.zone";
            allow-update { none; };
    };
    
    zone "localhost." IN {
            type master;
            file "localhost.zone";
            allow-update { none; };
    };
    
    zone "0.0.127.in-addr.arpa." IN {
            type master;
            file "named.local";
            allow-update { none; };
    };
    
    zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
            type master;
            file "named.ip6.local";
            allow-update { none; };
    };
    
    zone "255.in-addr.arpa." IN {
            type master;
            file "named.broadcast";
            allow-update { none; };
    };
    
    zone "0.in-addr.arpa." IN {
            type master;
            file "named.zero";
            allow-update { none; };
    };
    
    zone "subdomain.mydomain.local." IN {
            type master;
            file "subdomain.mydomain.local.db";
            allow-transfer { 172.0.1.100; 172.0.1.101; localhost; };
            allow-query { any; };
            allow-update { none; };
    };
    
    include "/etc/rndc.key";
    And a my zone file:
    Code:
    $TTL 7D
    @       IN      SOA     dnsserver.subdomain.mydomain.local. root.dnsserver.subdomain.mydomain.local. (
                            2010120809      ; DNS serial number based on date
                            2H              ; DNS Refresh in seconds
                            1H              ; DNS Retry in seconds
                            8D              ; DNS Expire
                            12H             ; DNS Minimum in seconds
    )
    ; Name Servers
    @       IN      NS      dnsserver.subdomain.mydomain.local.
    dnsserver IN      A       192.168.1.1
    dnsserver2 IN      A       192.168.1.2
    vbox1  IN      A       192.168.1.101

  4. #4
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,500
    Thanks
    17
    Thanked 789 Times in 507 Posts
    Rep Power
    10

    Default

    DNS requests can either be recursive or non-recursive. Recursive dns used for centralized caching on the DNS server so that rest of the LAN can get faster access to dns. I suggest you only offer recursion to trusted clients using acl or zones.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  5. #5
    Member
    Join Date
    Dec 2010
    Location
    Batala,India
    Posts
    45
    Thanks
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Default if you are trying to resolve subdomain.mydomain.local. FQDN

    Quote Originally Posted by art View Post
    ...........

    anyhoo....
    I added the "recursion no;" option to named.conf and dig responds now, but does not give an answer section, only a authority section. Guess that's ok...right ??

    .................. ....................

    @ IN SOA dnsserver.subdomain.mydomain.local. root.dnsserver.subdomain.mydomain.local. (
    2010120809 ; DNS serial number based on date
    2H ; DNS Refresh in seconds
    1H ; DNS Retry in seconds
    8D ; DNS Expire
    12H ; DNS Minimum in seconds
    )
    ; Name Servers
    @ IN NS dnsserver.subdomain.mydomain.local.
    dnsserver IN A 192.168.1.1
    dnsserver2 IN A 192.168.1.2
    vbox1 IN A 192.168.1.101[/CODE]
    if you are trying to resolve subdomain.mydomain.local. FQDN ... it won't answer ... bcoz there is no RR mapping this FQDN to IP addr ( i.e. A rr for subdomain.mydomain.local. ) and therefore there is no ANSWER SECTION in dig query output [ same scenario can be simulated if you query COM. or NET. or any TLD domain ] ... and DNS server does indeed responds that with authoritative DNS server for Queried domain ( subdomain.mydomain.local ) in AUTHORITY SECTION ( dnsserver.subdomain.mydomain.local ).

    and regarding that dig vbox1 ... would be simulating same soon and reply back ...
    Last edited by harmandeep; 29th January 2011 at 05:55 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 28th February 2011, 08:33 PM
  2. Replies: 4
    Last Post: 21st September 2010, 05:16 PM
  3. Heartbeat - How IP Aliasing works
    By ananth_ak in forum High Availability Cluster
    Replies: 2
    Last Post: 16th September 2010, 08:28 PM
  4. Config Parameter Expansion - How does it works?
    By raj in forum Shell scripting
    Replies: 3
    Last Post: 8th July 2009, 11:11 AM
  5. how autosys works with crontab in unix
    By minalsilimkar in forum Solaris/OpenSolaris
    Replies: 0
    Last Post: 19th January 2009, 07:31 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •