[TriLUG] DNS Woes

[Scott Morris]

> What do I need to look for in the logs?  I've currently got it on
> logging level 1 with querylog.  Or, if you have an idea, what do I do
> to fix it.

try this in your named.conf to log to sec.log. seperates the queries from
the good information. makes it more readable...

logging {
        channel seclog {
                file "logs/sec.log" versions 9 size 10m; #change as needed
                print-time yes;  print-category yes;

}

        category db { seclog; };
        category notify { seclog; };
        category xfer-out { seclog; };
        category default { seclog; };
        category packet { seclog; };
        category eventlib { seclog; };
        category panic { seclog; };
        category security { seclog; };
        category insist { seclog; };
        category response-checks { seclog; };
        category load { seclog; };
        category os { seclog; };
        category maintenance { seclog; };

}

these are bind8 args but most still work on bind9.

you'll see interesting stuff like: 
12-Oct-2001 15:48:01.350 default:
check_hints: no A records for something.com cl ass 1 in hints

then make sure your named.ca or root.hints is in the right place and such.
its the little things that can kill ya...

> 
> Things I think it might be from my research in the NT problems... (the
> NT server had this problem as well... though it would only lose the
> ability to look up names that weren't already in the cache.)  does the
> phrase "cache-poisoning" mean anything?  and if so, how do I fix it?
> 

This is something i ran into. my slave nameserver suddenly couldn't
resolve anything. on a unix box you need to do an ndc restart. a kill -HUP
won't fix the cache.



-- 
Scott Morris
scmorris at ifndef.com
Any similarities to reality are purely coincidental.
Get my PGP public key: http://www.sackheads.org/~scmorris/publickey.asc