Troubleshot erronous BIND9 DNS Address entry

0

I setup a BIND9 DNS server in the LAN as a backend to Samba4 service. The network address of my LAN is 192.168.2.0/24 and I statically specify the IP address of DNS server as 192.168.2.144.

Unfortunately, there is another MIC on my DNS server (in fact, the DNS server is a virtual box, the extra MIC is the virtual bridge). They are in different network, the network address of the virtual bridge is 192.168.122.0/24.

I bind a domain name dc.foo.bar to the static address 192.168.2.144 in /etc/named.conf. However, when I query the DNS information with host -t A dc.foo.bar, two entries are returned, one is 192.168.2.144 while the other is 192.168.122.1.

I don't want dc.foo.bar binds to 192.168.122.1, neither do I know how it is added into the DNS service. How could I trouble shot the problem and remove the erronous DNS address entry?

UPDATE

I paste the result from dig for reference

[root@dc ~]# dig A dc.foo.bar

; <<>> DiG 9.8.2rc2 <<>> A dc.foo.bar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dc.foo.bar.        IN  A

;; ANSWER SECTION:
dc.foo.bar. 900 IN  A   192.168.122.1
dc.foo.bar. 900 IN  A   192.168.2.144

;; Query time: 1 msec
;; SERVER: 192.168.2.144#53(192.168.2.144)
;; WHEN: Sun Aug 11 22:12:03 2013
;; MSG SIZE  rcvd: 72

UPDATE AGAIN

I double check the samba log and bind configure. I'm quite sure the problem is introduced by samba. In samba configure file, there is a parameter interfaces in global section. Initially, I left it defaults and I find the address 192.168.122.1 is resolved by the internal bind from samba log. I then specified it interfaces = eth0, i.e. only the physical NIC should be resolved. Now from the samba log, 192.168.122.1 is not loaded ever. However, dig still returns both address for dc.foo.bar. So the problem may be a deprecated entry in ldb database. Any idea about it so I can reconstruct the ldb database?

Thank you in advacne!

Summer_More_More_Tea

Posted 2013-08-11T13:24:09.407

Reputation: 893

Can you post a copy of your zone file ? It looks like it is handing out 2 addresses. – davidgo – 2013-08-11T19:06:40.000

@davidgo Thank you for your concern. I think the problem may result from a deprecated entry in ldb databases in sambe. I've updated my question. – Summer_More_More_Tea – 2013-08-12T15:06:24.557

Answers

0

The problem is because I didn't specify interfaces parameter in global section of smb.conf. It seems that Samba will automatically generate entry for each NIC. I re-provision the domain (since I've no idea how to update the ldb database) and the problem is solved.

Summer_More_More_Tea

Posted 2013-08-11T13:24:09.407

Reputation: 893

1

You can try debugging using utility dig, it will show which resolver it queries to and what answer it gets. dig A dc.foo.bar.

Jani Karlsson

Posted 2013-08-11T13:24:09.407

Reputation: 101

Thank you for your fast response. Both IP appears in ANSWSER SECTION that I cannot distinguish. Any more suggestion? :) – Summer_More_More_Tea – 2013-08-11T14:13:19.880

Can you paste the full result to here or pastebin? – Jani Karlsson – 2013-08-11T14:14:05.700

I'm sorry, unfortunately, pastebin.com is blocked in my country that I cannot get access to :( Updated my question. – Summer_More_More_Tea – 2013-08-11T14:28:34.880

So is the bind server listening on 192.168.2.144 port 53/udp or something else? If its bind you should find your answer from 192.168.2.144's /var/log/messages or such. grep bind /var/log/messages. Otherwise you can look samba's logs for messages about DNS updates. – Jani Karlsson – 2013-08-11T14:51:23.737

Have you setup bind-integration with Samba4 as specified in: http://wiki.samba.org/index.php/DNS ? If not, most likely your zone-settings are wrong or some process is updating DNS but it would require keys to do it and options in smb.conf for it to work.

– Jani Karlsson – 2013-08-11T16:49:50.477

Thank you for your time :). Yes, I read the bind-integeration wiki. And inspired by your comments, I double check the samba log and bind configure. I'm quite sure the problem is introduced by samba. In samba configure file, there is a parameter interfaces in global section. Initially, I left it defaults and I find the address 192.168.122.1 is resolved by the internal bind. I then specified it interfaces = eth0, i.e. only the physical NIC is resolved. Now from the samba log, 192.168.122.1 is not loaded ever. However, dig still returns both address for dc.foo.bar. – Summer_More_More_Tea – 2013-08-12T15:03:30.807

I think 192.168.122.1 may be a deprecated entry in the already existed ldb database. Any sugguestion about it so I can reconstruct the databases? Thank you very much. – Summer_More_More_Tea – 2013-08-12T15:04:55.190

Asked: 2013-08-11T13:24:09.407

Viewed: 130 times

Active: 2013-08-13T17:18:16.777