DNS woes (not resolving internal domain)
Our OSX server is running internal dns (riverstoneibs.lan) for our domain and a split domain setup, resolving our external dns domain (riverstoneschool.org) so our mail server points to the local lan address, among other things.
External resolution (both for our domain incoming and for the web outgoing (via forwarders)) is working fine. Internal resolution results in an NXDOMAIN (domain not found) error for anything in the riverstoneschool.org zone. Looking at Server Admin, it shows DNS running and thezone is listed in the zones list, filled with all the appropriate entries. Just to be paranoid, I double-checked the named.conf file and tracked it through to the /var/named/zones/db.~ file that holds the actual data, and it's all there, too.
Resolution doesn't work on the server itself, nor on clients.
We've restarted the dns server (and the whole server, just in case) with no change in symptoms. I've looked in the DNS server logs (they're set to informational level), but don't see any items that give me clues.
Here are the results of querying using dig and nslookup, run on the server itself (I've changed the local subnet info as a security precaution). I've also quoted the publicView.conf.apple (with similar security changes) below.
Thanks in advance for any suggestions you may offer!
-Matthew (loosing hair by the hour today)
rs-server-ws:dns user$ dig mail.riverstoneschool.org
; <<>> DiG 9.4.3-P1 <<>> mail.riverstoneschool.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7975
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.riverstoneschool.org. IN A
;; AUTHORITY SECTION:
riverstoneschool.org. 10800 IN SOA rs-server-ws.riverstoneschool.org. admin.riverstoneschool.org. 2009100103 86400 3600 604800 345600
;; Query time: 1 msec
;; SERVER: 10.X.Y.10#53(10.X.Y.10)
;; WHEN: Thu Oct 1 10:06:31 2009
;; MSG SIZE rcvd: 121
rs-server-ws:dns user$ dig -x 10.X.Y.10
; <<>> DiG 9.4.3-P1 <<>> -x 10.X.Y.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15180
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;10.Y.X.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.Y.X.10.in-addr.arpa. 10800 IN PTR rs-server-ws.riverstoneibs.lan.
;; AUTHORITY SECTION:
Y.X.10.in-addr.arpa. 10800 IN NS ns-rs-server-ws.riverstoneibs.lan.
;; Query time: 0 msec
;; SERVER: 10.X.Y.10#53(10.X.Y.10)
;; WHEN: Thu Oct 1 10:07:06 2009
;; MSG SIZE rcvd: 116
rs-server-ws:dns user$ nslookup mail.riverstoneschool.org
Server: 10.X.Y.10
Address: 10.X.Y.10#53
** server can't find mail.riverstoneschool.org: NXDOMAIN
rs-server-ws:dns user$ cat /etc/dns/publicView.conf.apple
acl "com.apple.ServerAdmin.DNS.public" {localnets;10.X.Z.0/24;10.X.Y.0/24;};
//
// This is the view that is shown in Server Admin
// This is an automatically generated file.
// PLEASE DO NOT MANUALLY MODIFY THIS FILE!
// Please make your changes in the named.conf file
//
view "com.apple.ServerAdmin.DNS.public" {
//GUID=CC7BDB50-011F-482B-A044-7F64C80608C2;
allow-recursion {"com.apple.ServerAdmin.DNS.public";};
zone "riverstoneibs.lan." {
type master;
file "db.riverstoneibs.lan.";
allow-transfer {any;};
allow-update {none;};
};
zone "Y.X.10.in-addr.arpa." {
type master;
file "db.Y.X.10.in-addr.arpa.";
allow-transfer {any;};
allow-update {none;};
};
zone "0.0.10.in-addr.arpa." {
type master;
file "db.0.0.10.in-addr.arpa.";
allow-transfer {none;};
allow-update {none;};
};
zone "riverstoneschool.org." {
type master;
file "db.riverstoneschool.org.";
allow-transfer {any;};
allow-update {none;};
};
zone "228.71.64.in-addr.arpa." {
type master;
file "db.228.71.64.in-addr.arpa.";
allow-transfer {none;};
allow-update {none;};
};
zone "Z.X.10.in-addr.arpa." {
type master;
file "db.Z.X.10.in-addr.arpa.";
allow-transfer {none;};
allow-update {none;};
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
External resolution (both for our domain incoming and for the web outgoing (via forwarders)) is working fine. Internal resolution results in an NXDOMAIN (domain not found) error for anything in the riverstoneschool.org zone. Looking at Server Admin, it shows DNS running and thezone is listed in the zones list, filled with all the appropriate entries. Just to be paranoid, I double-checked the named.conf file and tracked it through to the /var/named/zones/db.~ file that holds the actual data, and it's all there, too.
Resolution doesn't work on the server itself, nor on clients.
We've restarted the dns server (and the whole server, just in case) with no change in symptoms. I've looked in the DNS server logs (they're set to informational level), but don't see any items that give me clues.
Here are the results of querying using dig and nslookup, run on the server itself (I've changed the local subnet info as a security precaution). I've also quoted the publicView.conf.apple (with similar security changes) below.
Thanks in advance for any suggestions you may offer!
-Matthew (loosing hair by the hour today)
rs-server-ws:dns user$ dig mail.riverstoneschool.org
; <<>> DiG 9.4.3-P1 <<>> mail.riverstoneschool.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7975
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.riverstoneschool.org. IN A
;; AUTHORITY SECTION:
riverstoneschool.org. 10800 IN SOA rs-server-ws.riverstoneschool.org. admin.riverstoneschool.org. 2009100103 86400 3600 604800 345600
;; Query time: 1 msec
;; SERVER: 10.X.Y.10#53(10.X.Y.10)
;; WHEN: Thu Oct 1 10:06:31 2009
;; MSG SIZE rcvd: 121
rs-server-ws:dns user$ dig -x 10.X.Y.10
; <<>> DiG 9.4.3-P1 <<>> -x 10.X.Y.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15180
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;10.Y.X.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.Y.X.10.in-addr.arpa. 10800 IN PTR rs-server-ws.riverstoneibs.lan.
;; AUTHORITY SECTION:
Y.X.10.in-addr.arpa. 10800 IN NS ns-rs-server-ws.riverstoneibs.lan.
;; Query time: 0 msec
;; SERVER: 10.X.Y.10#53(10.X.Y.10)
;; WHEN: Thu Oct 1 10:07:06 2009
;; MSG SIZE rcvd: 116
rs-server-ws:dns user$ nslookup mail.riverstoneschool.org
Server: 10.X.Y.10
Address: 10.X.Y.10#53
** server can't find mail.riverstoneschool.org: NXDOMAIN
rs-server-ws:dns user$ cat /etc/dns/publicView.conf.apple
acl "com.apple.ServerAdmin.DNS.public" {localnets;10.X.Z.0/24;10.X.Y.0/24;};
//
// This is the view that is shown in Server Admin
// This is an automatically generated file.
// PLEASE DO NOT MANUALLY MODIFY THIS FILE!
// Please make your changes in the named.conf file
//
view "com.apple.ServerAdmin.DNS.public" {
//GUID=CC7BDB50-011F-482B-A044-7F64C80608C2;
allow-recursion {"com.apple.ServerAdmin.DNS.public";};
zone "riverstoneibs.lan." {
type master;
file "db.riverstoneibs.lan.";
allow-transfer {any;};
allow-update {none;};
};
zone "Y.X.10.in-addr.arpa." {
type master;
file "db.Y.X.10.in-addr.arpa.";
allow-transfer {any;};
allow-update {none;};
};
zone "0.0.10.in-addr.arpa." {
type master;
file "db.0.0.10.in-addr.arpa.";
allow-transfer {none;};
allow-update {none;};
};
zone "riverstoneschool.org." {
type master;
file "db.riverstoneschool.org.";
allow-transfer {any;};
allow-update {none;};
};
zone "228.71.64.in-addr.arpa." {
type master;
file "db.228.71.64.in-addr.arpa.";
allow-transfer {none;};
allow-update {none;};
};
zone "Z.X.10.in-addr.arpa." {
type master;
file "db.Z.X.10.in-addr.arpa.";
allow-transfer {none;};
allow-update {none;};
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};
Xserve, Mac OS X (10.5.8)
