Named resolving old fqdn on AIX after change to new fqdn.
Hey All,
We have defined abc.this.that in:
/etc/named.conf
and corresponding files but after the change that we verified through dig -x this.that ptr all is resolving correctly. However in the /var/log/named/named.log file we still see entries for:
Where could this abc.this.that be pulled from? I expect to see only this.that entries and nothing else. Checked /etc/hosts and /etc/resolv.conf files on all clients but no luck. We running named on the AIX vlpar in a test environment.
I grepped all the named config files for any trace of abc.this.that and nothing. netcd is not running so not caching. Any ideas? This is AIX 7.1.
Thanks,
DH
Last edited by Don Cragun; 05-05-2015 at 03:03 AM..
Reason: Add CODE and ICODE tags.
This is contradictory. You say "we have defined abc.this.that in /etc/named.conf." You make statements like "we have verified through dig -x this.that ptr all is resolving correctly", but don't show any output. What exactly is the issue? Who is 10.0.0.54? Are the clients resolving correctly? What is in named.conf. What is in netsvc.conf on the clients.
Thanks very much for looking into this. Appreciated. The DNS server has:
Clients do not have anything defined in /etc/netsvc.conf. It did not make a diff in our scenario. When I do nslookup on a client like lab01.this.that it resolves correctly and I get the right IP.
When I type dig -x 10.0.0.54 ptr it correctly returns the name of client: lab01.this.that. So reverse lookups are also good. Yet the named.log file contains entries like these:
for the loopback device. Why is it still trying to go to abc.this.that on the loopback device?
Sorry I CAN'T get too detailed in exact names so lab01 and abc.this.that are host and domain name place holders for real ones.
I just noticed and see a bunch of messages like this:
so looks like it's 'caching' somewhere but not sure where since rndc is off.
The point is that it is keeping the old FQDN abc.this.that when I already changed it to this.that earlier (removing the abc).
It's ok if it's not enough information to let you guy's suggest anything then we'll just plug away at it on this end. No worries.
Thanks,
DH
---------- Post updated at 01:39 PM ---------- Previous update was at 01:30 PM ----------
Maybe I could ask the reverse scenario. If I changed an old domainname from abc.this.that to this.that, and it still somehow kept showing abc.this.that for the loopback device within the /var/log/named/named.log file, where could I go to look to change that?
Thanks,
DH
---------- Post updated at 01:50 PM ---------- Previous update was at 01:39 PM ----------
When running rndc dumpdb -all then trying to use strings <dump file> it showed nothing cached for abc.this.that at all.
Thanks,
DH
Last edited by Don Cragun; 05-05-2015 at 03:00 AM..
Reason: Add CODE and ICODE tags.
Add localhost to your bind configuration if you have no other choice.
your AIX LPAR tries to resolve localhost or loopback (127.0.0.1) address. Because /etc/hosts resolution is disabled by netsvc.conf, it tries to look up in DNS. In your /etc/resolv.conf probably something like:
Because loopback is not FQDN and probably is not resolvable, AIX tries to resolve it with domain attached.
Last edited by rbatte1; 05-05-2015 at 10:49 AM..
Reason: Converted to LIST=1 tags from plain text
1.) I dont' see a suitable option in the bind config for doing that. So hosts=local,bind ? I'm looking to have bind do most of the work so I dont' rely on local files though.
I'm trying to remove all traces of abc.this.that from the system. So in my /etc/resolv.conf I have 'domain this.that'. /etc/hosts seems to be read and works fine when I add entries there but again, that's customization that would need to be duplicated across many other hosts.
I also want to have one nameserver in the /etc/resolv.conf file. I tested by adding in other nameservers that I have a forwarders and that works of course but not on the forwarders line in my named.conf (That's another problem I have, the AIX DNS bind9 setup won't properly resolve against the forwarders I have listed including the one to the Windows 2012 DNS Server).
I'm trying to keep to one nameserver as I scale this up I want less to manage in the local files and more centrally managed within Bind.
Thanks,
DH
---------- Post updated at 09:36 AM ---------- Previous update was at 08:47 AM ----------
I should add that I can resolve against the Windows 2012 DNS directly like this:
but not in the forwarders line in the /etc/named.conf file. It's a second issue but might have some bearing on this problem here however. Also looks like abc.this.that is coming from the other hosts from some cached entries (ie maybe NIM or CIFS entries) that are hitting the AIX DNS box. I did a test by using a bogus domain such as xyz.this.that and that also appeared in the logs. But I just can't find where the abc.this.that is still defined on the other hosts. Reboot did not help.
Thanks,
DH
---------- Post updated at 10:01 AM ---------- Previous update was at 09:36 AM ----------
Hey All,
A bit more on the /etc/named.conf forwarders line:
10.X are internal Windows 2012 DNS server IP's.
123.X are external, but reachable, to this DNS server.
This DNS server is 10.0.0.20.
I can't get any logs to show up on why the forwarding is not fully working as well.
---------- Post updated at 10:49 AM ---------- Previous update was at 10:01 AM ----------
tcpdump showed no communication to the Windows 2012 DNS server on a forwarding call, even though I have it explicitly listed.
Is there a way to verify that forwarding is working? Maybe I'm missing packages?
1.) I dont' see a suitable option in the bind config for doing that. So hosts=local,bind ? I'm looking to have bind do most of the work so I dont' rely on local files though.
This is a laudable intention, but you should put that into a realistic perspective. Do you want the server to ask DNS for "some.host.somewhere"? Definitely! Do you want your server to ask DNS for "localhost"? Most probably not. Your DNS server would get swamped with unnecessary requests even if you manage to make that work.
So, put "local" before "bind" in the resolver configuration to allow for a minimum of name resolution independent of the DNS. Hosts to put in there are:
localhost
your NIM server if you have one
maybe the IP of your local server (optimizes network throughput)
if you have a HACMP cluster all the nodes and service IPs (recommended practice in IBM documentation)
All the rest can and should be resolved via BIND. Otherwise you run into the problems you experience right now. I believe agent.kgb has analyzed how it came to pass correctly.
Yes, tried that thank you, it worked like advertised but I need this going through bind. Yes it's nice if there is local redundancy but scaling this over many servers presents a management headeache if all in local files. I'll look at reversing it like you said but later and for now I'll keep it as hosts=bind,local till I work everything out with the DNS config. Thanks to your help and a bit more digging looks like I'm fine with how things are now except for one thing I posted here:
Help with parsing regex in tripwire:
the rule is" This test verifies that all exported file systems found in /etc/exports specify a fully qualified domain name containing "thecss.com" or a NIS netgroup.."
regex that does not work is :
... (1 Reply)
Hello,
Beginning with shell scipting, I'm trying to find in a csv file, the lines where the field related to hostname is displayed as an FQDN intead the hostname. (some lines are correct) and the to correct that inside the file:
Novell,11.0,UNIX Server,bscpsiws02,TxffnX1tX1HiDoyBerrzWA==... (2 Replies)
I'm working on a rather large script atm (it already takes 9 arguments). As such, I need to obtain both a server name and domain from the FQDN. From this, I want to both populate the hostname of the server, as well as the domain line in the /etc/resolv.conf file.
Obviously, this isn't working. I... (10 Replies)
I have some Solaris 10 machines that cannot send an email without @domain added. For instance, myusername@host.com will work, but just using myusername will not. I also have some Solaris 8 machines, but I can send emails with or without the @domain added. Does anyone know what is making sendmail on... (0 Replies)
How would I reverse a list of fqdn and comma delimited to 5 levels but keep a number at the end?
Input:
aa.bb.cc.dd.com,78
Output:
dd,cc,bb,aa,,78
thanks & regards (3 Replies)
Hi,
I want a shell command through which I can parse an FQDN (Fully Qualified Domain Name) and check whether it is correct or not?
The FQDN can accept alphanumeric, . and - only.
I tried grep -E "^|\-|." <file name>, but I am not able to get the correct result.:confused:
Please provide... (1 Reply)
Hello Folks,
Am facing an issue regarding sendmail. Sendmail is working on the server but it does not have an FQDN and the server is not connected to internet ie it does not have a public IP, it is in the intranet with 192.xxx.xxx.xx IP. How do we go about sending mail from this sendmail... (1 Reply)
I have a need to create a connection between an erlang node and my C program.
the name of an erlang node looks something like monitor@host1.ipc.co.za.
The piece of code I have to construct a node name looks like this:
char *hostname, *domainname, *nodename = "monitor", *thisfullnodename;
... (1 Reply)