|
· Overview, Support, Keys |
- Only one ip address: I have reports that the BIND 8.2.2 p5 for NT listens on only one ip address. Where there are multiple ip addresses on an network interface and/or multiple network interfaces, BIND will only listen on the "lowest" ip address.
This is different behaviour from BIND 8 for Unix where named will listen on all ip addresses or respect the LISTEN-ON sub-statement.
There is no workaround.
btw, ISC told me in late May 2000 that this bug is holding up the release of BIND 8.2.3.
NEWS: 20 SEP 2000 After much effort by Nortel Networks and a couple of BIND/NT users, this single-ip bug could not be replicated. It worked for them. So apparently earlier reports were due to named.conf syntax errors, not a BIND bug, is what we think now.
NEWS: 27 SEP 2000 Oops, this bug is now verified as real, again, by several of you visiting here, and using correct listen-on syntax in named.conf. Sorry for the premature, false bug death.
- DNS query results in many A records returned to BIND/NT for one hostname. This is now a bug confirmed/duplicated by three or four us for the NT port of BIND 8.2.2 p5. When BIND queries for the A record for a hostname and receives dozens of A records, BIND8/NT will hang. BIND on my FreeBSD DNS machines does not hang.
BIND/NT can be restarted as an NT service without rebooting the machine.
If you have this problem, look in your etc/named.run log file to see the last one or two hostnames queried for A records. One of these hostname has mulitple A records.
NEWS: 16 SEP 2000 Nortel Networks has just this week worked on this bug and apparently fixed it, based on my and others' testing.
Multi-A-Rec.zip, 240 Kb With BIND 8.2.2 p5 installed, find and replace existing files with the two files in this zip file. Reboot NT.
With these files in place in our shop, this query:
dig @ms1.meiway.com freegirls.web1000.com a
... no longer hangs that NT/BIND machine.
With the above fix, the following temporary fixes are deprecated, of course. (You might find the BKA.bat has a useful technique anyway.)
Temporary fix 1: I have two batch files to be run on the BIND/NT machine. One batch file use the NT schedule service to run the other batch file every 5 minutes.
The other batch file, BKA.bat ("BIND Keep Alive") queries BIND and if no response is received, it stops/starts BIND. BIND Keep Alive batch files, 1.7 kb.
- New version: 2000/07/13.
- bka.bat: added an @echo line to mark in named.run log file where BKA restarted BIND. This will allow you locate in named.run the DNS queries just preceding the marker line as suspect queries that stopped BIND from responding.
The new line looks something like this, it may linewrap here:
@echo BKA restarted BIND>>c:\winnt\system32\dns\etc\named.run
- bka.bat: added BLAT to announce by email that BIND was restarted.
- at-bka.bat: added
/every:monday,tuesday,wednesday,thursday,friday,saturday,sunday
... to bka.bat (thanks to: Steve Malenfant).
Temporary fix 2: One of the discoverers of this bug created his own dummy zone file for an offending domain on his BIND/NT machine but with only one A record being returned, rather than 30 or 40 A records. To know which domain to build a dummy zone file for, turn on BIND logging to the named.run file and use the BIND-Keep-Alive setup above to mark in named.run where BKA.bat restarts BIND.
When you find suspect query in named.run, verify the multiple-A-record results by using dig or similar to run the DNS query:
dig somedomain.com A
if the results are 10 or more A records, then you know that somedomain.com is the offending domain.
Building a dummy zone file
1. On the NT machine running BIND8, copy one of your existing zone files to db.dummydom.com, where dummydom.com is the name of the domain that results in multiple A records being returned.
2. In named.conf file, copy/paste zone statement. Edit the new statement with dummydom.com name. Save named.conf.
3. In the db.dummmydom.com zone file, keep the SOA and NS records since they define your NS's authoritative for the dummyom.com zone.
4. Change the MX record(s) so that it matches real MX records(s) for dummydom.com.
5. Add a single A record for the hostname which actually has many A records in its real zone file. Please use a real ip address from the list of ip's for the hostname.
6. Remove all other records and save the zone file, leaving only your SOA and NS records, plus just one of dummydom.com's valid A records.
7. stop/start BIND. Your BIND master will now answer for dummydom.com with just one A record, and BIND/NT won't stop responding.
8. If you have any slave nameservers, edit their named.conf files to add a slave zone statement for dummydom.com.
How it works: Internet in general will never query your DNS's for dummydom.com, since your NS's are not listed as authoritative for dummydom.com. But when any of your clients who use your DNS's query for dummydom.com, your BIND8/NT will answer authoritatively with only one A record and BIND will not stop. Everybody's happy.
- New version: 2000/07/13.
- named startup errors look like this in named.run log file
(if you're using the named.conf's options {logging} statement ):
08-Jun-2000 08:37:12.000 unix control "%DESTRUN%/ndc" socket failed: Unknown error 08-Jun-2000 08:37:12.000 ctl_server: socket: Unknown errorThese errors are without conseqence and are caused by named making Unix system calls not available in NT.
- named startup errors will also appear in the NT Event Viewer applications. Similarly,
these errors are without conseqence.
- This message
Can't locate default TTL, using SOA instead
is caused by a minor bug. To shut down this message, add
$TTL 86400
to the top of every zone file.
- Report BIND bugs, be sure you have a bug, here: BIND-bugs@isc.org