Nsd do not resolve .in domains

dny · April 22, 2010, 1:36pm

hi,

i’m using nsd3 from debian lenny repo and all packages are up to date.

all function almost as i wish with exception for .IN domain names.

i have this in /etc/nsd3/root.zone :

$TTL 1D
@ IN SOA @ none. ( 120 1D 10 3W 1W );
IN NS @
IN A 1.2.3.4

IN A 1.2.3.4

so that it should give one single IP for any domain.
most domain works fine.
dig what.ever.domain @ 127.0.0.1 will returns the correct answer,
with one exception for .IN domain:

dig whatever.in @127.0.0.1

; <<>> DiG 9.5.1-P3 <<>> firm.in @127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63457
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;firm.in. IN A

;; AUTHORITY SECTION:
. 86400 IN SOA . none. 120 86400 10 1814400 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 22 20:35:25 2010
;; MSG SIZE rcvd: 63

what’s wrong?

tnx.

rgds.dennyhalim.com
kiddysurf.blogspot.com | indosearch.blogspot.com | polaris.blogspot.com | www.mypolaris.com | www.host-jet.com

… they look but do not see and hear but do not listen or understand. Mat 13:13
… but that which cometh out of the mouth, this defileth a man. Mat 15:11

Mohammad_H_Al_Shami · April 22, 2010, 1:46pm

Hey there,

What is the output of:

$dig +trace whatever.in @localhost

?

Shami

dny wrote:

Matthijs_Mekking · April 22, 2010, 1:55pm

Hi,

I am not sure what zones you have configured more or how your complete
root.zone file looks like, in order to make the other domains work.

One thing that is remarkable is the wildcard RR (*. IN A 1.2.3.4).
This matches all top level domains (note that wildcards only go one
level deep).

In order to get more insight of the stuff you are trying to do here, I
would need the nsd.conf and root.zone files.

Best regards,

Matthijs

dny wrote:

Roy_Arends · April 22, 2010, 2:28pm

They do?

Wouter · April 22, 2010, 2:33pm

Hi Roy,

Well, if there is another entry with .in, then the "*." wildcard does
not cover .in any longer.

Short statements can be hard to understand.

Best regards,
Wouter

Ondrej_Sury · April 22, 2010, 2:35pm

No, they don't, but there is implementation specific behaviour. If you have

www.udp53.cz IN A 192.0.2.1

*.udp53.cz. IN A 192.0.2.2

Then some will resolve

foobar.www.udp53.cz

and some will not.

Ondrej

Peter_Koch · April 22, 2010, 2:38pm

Well, if there is another entry with .in, then the "*." wildcard does
not cover .in any longer.

true; unfortunately the zone data appeared to be obfuscated. So we can just
guess that one of the "IN" entries might have been misplaced and so was
interpreted as owner name.

Short statements can be hard to understand.

Less short statements aren't necessarily less hard to understand

-Peter

Matthijs_Mekking · April 23, 2010, 7:57am

I'm sorry, I got confused with the source of synthesis, that is the
wildcard should *immediately descend* from the closest in closer.

- - In that case (assuming there is an entry with .in), if I query for
"whatever.domain.in." (type A, class IN), I need to have

*.in. IN A 1.2.3.4

in my zonefile.

- - If that assumption is wrong, then indeed the RR

*. IN A 1.2.3.4

should match it.

The complete contents of the root.zone file would help to see what's
really going on.

Best regards,

Matthijs

W.C.A. Wijngaards wrote:

Roy_Arends · April 23, 2010, 8:31am

hi,

i'm using nsd3 from debian lenny repo and all packages are up to date.

all function almost as i wish with exception for .IN domain names.

Could it be that somewhere class "IN" is interpreted as the top level domain "IN" ?

For instance:

i have this in /etc/nsd3/root.zone :
$TTL 1D
@ IN SOA @ none. ( 120 1D 10 3W 1W );
IN NS @
IN A 1.2.3.4
* IN A 1.2.3.4

If in the above root.zone the CLASS "IN" is specified with no indentation, (i.e. no whitespace before IN) it would be interpreted as the name IN.

Check the 4th line above and see if the line starts with a whitespace.

Roy

Ondrej_Sury · April 23, 2010, 9:39am

i have this in /etc/nsd3/root.zone :
$TTL 1D
@ IN SOA @ none. ( 120 1D 10 3W 1W );
IN NS @
IN A 1.2.3.4
* IN A 1.2.3.4

If in the above root.zone the CLASS "IN" is specified with no indentation, (i.e. no whitespace before IN) it would be interpreted as the name IN.

Or you can try:

< /etc/nsd3/root.zone ldns-read-zone -c > /etc/nsd3/canonical-root.zone

and check canonical-root.zone if it's correct and use it instead of
your root.zone file.

dny · April 29, 2010, 3:47am

sorry been away few days…

i’m setup domain parking which should give one single ip to whatever.domain.is
and it seems to me it works ok, until i registered .IN domain name.

so, i only have one .zone file. nothing else.

for all domain i had, it works ok.

afaik, only .IN domain failed.

dig asd.in @127.0.0.1

; <<>> DiG 9.5.1-P3 <<>> asd.in @127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16341
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;asd.in. IN A

;; AUTHORITY SECTION:
. 86400 IN SOA . none. 120 86400 10 1814400 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 29 10:43:36 2010
;; MSG SIZE rcvd: 62

rgds.dennyhalim.com
kiddysurf.blogspot.com | indosearch.blogspot.com | polaris.blogspot.com | www.mypolaris.com | www.host-jet.com

… they look but do not see and hear but do not listen or understand. Mat 13:13
… but that which cometh out of the mouth, this defileth a man. Mat 15:11

dny · May 1, 2010, 1:18pm

hi Roy,

sent you the file.
did you get it?

rgds.dennyhalim.com
kiddysurf.blogspot.com | indosearch.blogspot.com | polaris.blogspot.com | www.mypolaris.com | www.host-jet.com

… they look but do not see and hear but do not listen or understand. Mat 13:13
… but that which cometh out of the mouth, this defileth a man. Mat 15:11