Self-Inflicted Stupidity
Smart Thoughts about Stupidity

Bind fun – can’t see the outside from in

  • by Jek
  • Apr 2nd, 2005
    • |
  • Software
    • |
  • 4 comments

    • I’ve been working around a Bind problem for sometime now. Bind is a name server program used to resolve hostnames to IP addresses. For example, before your browser could display this post, your machine contacted your name server that in turn contacted my machine running bind to find out the IP address for this site’s web server, since only the name server on my machine and its backup are authoritative for www.mrambler.com. Now this doesn’t always happen because name servers cache name resolutions for a specified period of time. If you just visited yesterday, then your name server would have likely just responded with the IP address it gave you yesterday rather than bother to lookup and query mine. (All of this is, of course, somewhat simplified.)

    Anyway, on to my trouble: I’ve only defined the mrambler.com zone in a public/external view. I also have an internal view to resolve hostnames for my internal network, none of which are in the mrambler.com domain. So when I try to look up mrambler.com from inside, I get a “can’t find mrambler.com: Server failed” error. Looking in the server log, I see “lame-servers: lame server resolving ‘mrambler.com’ (in ‘mrambler.com’?)”. Lame eh? A lame server is a server that should be authoritative for a domain but for some reason isn’t. So here’s what I think the problem is: My internal machine needs to resolve the mrambler.com name so it contacts my name server. My name server sees that it is receiving the request from an internal machine and thus allows the query. Now since that view doesn’t have mrambler.com as a zone, it performs a lookup. Now here’s the troublesome bit — that lookup is coming from my public IP address which is the same IP address that mrambler.com’s name server resolves to. So it is probably considered lame since a name server is requesting the name server of a domain that it is supposed to be authoritative for. (Got it?) Unfortunately I don’t know of a clean solution yet. I certainly don’t want to duplicate my zone files for both zones. Any ideas? Also, I welcome general name server questions.

    Jek posted this entry on Saturday, April 2nd, 2005 at 8:55 pm. Posted in the category Software You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    4 Responses to “Bind fun – can’t see the outside from in”

    1. #1 by huskysooner
      April 4th, 2005 at 7:42 am

      I probably don’t fully understand, but can’t you just hardwire in the mbrambler ip# in /etc/hosts?

    2. #2 by Jek
      April 4th, 2005 at 10:09 am

      Yep. That’s my work-around. The reason for the internal DNS view is so I don’t have to maintain /etc/hosts files on multiple machines (not that I have very many). FYI, even Windows NT/2000/XP has a hosts file in C:\WINDOWS\system32\drivers\etc.

    3. #3 by huskysooner
      April 4th, 2005 at 1:29 pm

      How about running NIS?

    4. #4 by Jek
      April 4th, 2005 at 8:38 pm

      Hmmm, I haven’t considered running NIS. I’m not sure how I would integrate that with our laptop running Windows. So I’ll pass since the real thing I am trying to avoid is creating dupicate zone stanzas in named.conf and possibly additional zone files for a couple of domains. Those few files in bind are probably less of a configuration hassel than getting NIS up and running along with maintenance. Ideally I could configure bind to work without duplicating those zones. Nice suggestion, as I wasn’t aware NIS also shared /etc/hosts until I looked it up based on your comment. Thanks.

    Leave a Reply

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Anti-spam image