From owner-freebsd-net  Thu Feb 28 11:54:30 2002
Delivered-To: freebsd-net@freebsd.org
Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.109])
	by hub.freebsd.org (Postfix) with ESMTP id 7644637B402
	for <freebsd-net@FreeBSD.ORG>; Thu, 28 Feb 2002 11:54:20 -0800 (PST)
Received: from pooh.int (pooh.int [10.0.1.2])
	by kanga.honeypot.net (8.11.6/8.11.6) with ESMTP id g1SJs5a91258
	for <freebsd-net@FreeBSD.ORG>; Thu, 28 Feb 2002 13:54:05 -0600 (CST)
	(envelope-from kirk@strauser.com)
Received: (from kirk@localhost)
	by pooh.int (8.11.6/8.11.6) id g1SJs5E73278;
	Thu, 28 Feb 2002 13:54:05 -0600 (CST)
	(envelope-from kirk@strauser.com)
To: freebsd-net@FreeBSD.ORG
Subject: My DNS is giving wrong answers (sometimes)
From: Kirk Strauser <kirk@strauser.com>
Date: 28 Feb 2002 13:52:50 -0600
Message-ID: <87u1s1tmct.fsf@pooh.int>
Lines: 108
X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Ack!  I just migrated my primary DNS from one machine (ds10.honeypot.net) to
another (kanga.honeypot.net), both running FreeBSD 4.5-STABLE.  I'm trying
to serve the honeypot.net domain.  Here is the entry from named.conf:

  zone "honeypot.net" {
          type master;
          file "db/db.honeypot.net";
  };

and this is the contents of db/db.honeypot.net:

  $TTL 86400

  $ORIGIN net.
  honeypot IN     SOA     ns2.honeypot.net. root.kanga.honeypot.net. (
                  2002022803 10800 3600 604800 86400 )
                  IN      NS      ns1.honeypot.net.
                  IN      NS      ns2.honeypot.net.
                  IN      A       12.28.57.99
                  IN      MX       0 mail.honeypot.net.
                  IN      MX      10 ds10.dialnet.net.

  $ORIGIN honeypot.net.
  ns1             IN      A       12.28.57.99
  ns2             IN      A       208.162.254.109
  psmg            IN      A       12.28.57.99
  www             IN      A       12.28.57.99
  stats           IN      A       12.28.57.99
  subwiki         IN      A       208.162.254.109
  kanga           IN      A       208.162.254.109
  pooh            IN      CNAME   kanga.honeypot.net.
  tigger          IN      CNAME   kanga.honeypot.net.
  mail            IN      A       208.162.254.109
  ds10            IN      A       12.28.57.99
  zope            IN      A       208.162.254.109

On of my users notified me that he was now getting the wrong answer when he
queried for ds10.honeypot.net.  Being skeptical, I tried a query from kanga:

  root@kanga:/etc/namedb/db# dig @kanga.honeypot.net ds10.honeypot.net

  ; <<>> DiG 8.3 <<>> @kanga.honeypot.net ds10.honeypot.net 
  ; (1 server found)
  ;; res options: init recurs defnam dnsrch
  ;; got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
  ;; QUERY SECTION:
  ;;	ds10.honeypot.net, type = A, class = IN

  ;; ANSWER SECTION:
  ds10.honeypot.net.	1D IN A		12.28.57.99

  ;; AUTHORITY SECTION:
  honeypot.net.		1D IN NS	ns1.honeypot.net.
  honeypot.net.		1D IN NS	ns2.honeypot.net.

  ;; ADDITIONAL SECTION:
  ns1.honeypot.net.	1D IN A		12.28.57.99
  ns2.honeypot.net.	1D IN A		208.162.254.109

  ;; Total query time: 4 msec
  ;; FROM: kanga.int to SERVER: kanga.honeypot.net  208.162.254.109
  ;; WHEN: Thu Feb 28 13:44:12 2002
  ;; MSG SIZE  sent: 35  rcvd: 119

The anwers were correct, as far as I can tell, so I didn't think too much
about it.  However, my user insisted that he was still getting wrong
answers.  I ssh'ed into a remote machine and was surprised to get:

  strauser@csc ~$ dig @kanga.honeypot.net ds10.honeypot.net

  ; <<>> DiG 8.3 <<>> @kanga.honeypot.net ds10.honeypot.net 
  ; (1 server found)
  ;; res options: init recurs defnam dnsrch
  ;; got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
  ;; QUERY SECTION:
  ;;	ds10.honeypot.net, type = A, class = IN

  ;; ANSWER SECTION:
  ds10.honeypot.net.	0S IN A		208.162.254.109
  
  ;; AUTHORITY SECTION:
  honeypot.net.		0S IN NS	ns1.honeypot.net.
  honeypot.net.		0S IN NS	ns2.honeypot.net.
  
  ;; ADDITIONAL SECTION:
  ns1.honeypot.net.	0S IN A		208.162.254.109
  ns2.honeypot.net.	0S IN A		208.162.254.109

  ;; Total query time: 112 msec
  ;; FROM: csc.smsu.edu to SERVER: kanga.honeypot.net  208.162.254.109
  ;; WHEN: Thu Feb 28 13:43:56 2002
  ;; MSG SIZE  sent: 35  rcvd: 119

Basically, if I query $host.honeypot.net, and $host is defined, then I
always get the answer of kanga.honeypot.net's own IP.  I don't *think* it
would matter, but I'm on a permanent DSL connection with a static IP, and my
LAN (and kanga.honeypot.net itself) is numbered in the 10/8 netblock.  My
Cisco 678 router is handling NAT, with dynamic mapped outbound connections,
and a small set of static mapped inbound rules (DNS, SMTP, HTTP, etc.).

Any suggestions?  This is a Really Bad Thing, and I have no idea what's
causing the problem.  Please take pity on a desperate sysadmin!
-- 
Kirk Strauser

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message