Troubleshooting

When you start a DNS cache, the /var/log/syslog file contains lines similar to the following. Other types of DNS servers display similar messages.

$ cat /var/log/syslog

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

Apr

26

11

00

02

plum

named[9301]

starting BIND 9.3.4 -u bind found 1 CPU, using 1 worker thread loading configuration from '/etc/bind/named.conf'

listening on IPv6 interfaces, port 53

listening on IPv4 interface lo, 127.0.0.1#53

listening on IPv4 interface eth0, 192.168.0.10#53

command channel listening on 127.0.0.1#953

command channel listening on ::1#953

zone 0.in-addr.arpa/IN: loaded serial 1

zone 127.in-addr.arpa/IN: loaded serial 1

zone 255.in-addr.arpa/IN: loaded serial 1

zone localhost/IN: loaded serial 1

running

When you create or update DNS information, you can use dig or host to test whether the server works as planned. The most useful part of the output from dig is usually the answer section, which gives the nameserver's reply to your query:

$ dig example.com

;; ANSWER SECTION:

example.com. 72683 IN A 192.0.34.166

The preceding output shows that the example.com. domain has a single A record that points to 192.0.34.166. The TTL of this record, which tells you how long the record can be held in cache, is 72,683 seconds (slightly less than one day). You can also use dig to query other record types by using the -t option followed by the type of record you want to query for (-t works with host, too):

;; ANSWER SECTION:

ubuntu.com. 3600 IN MX 10 fiordland.ubuntu.com.

If you query for a domain that does not exist, dig returns the SOA record for the authority section of the highest-level domain in your query that does exist:

$ dig domaindoesnotexist.info

;; AUTHORITY SECTION:

info. 7200 IN SOA a9.info.afi1ias-nst.info. dns.afilias.info. ...

Because it tells you the last zone that was queried correctly, this information can be useful in tracing faults.

TSIGs If two servers using TSIGs (page 868) fail to communicate, confirm that the time is the same on both servers. The TSIG authentication mechanism is dependent on the current time. If the clocks on the two servers are not synchronized, TSIG will fail. Consider setting up NTP (page 1051) on the servers to prevent this problem.

Was this article helpful?

0 0

Post a comment