[Techtalk] bind question

Maria McKinley maria at shadlen.org
Fri Jan 29 09:39:35 UTC 2010 

Chris Wilson wrote:
> Hi Maria,
> 
> On Fri, 29 Jan 2010, Maria McKinley wrote:
> 
>> I have bind set up with two "views". One is for the outside world, and 
>> one is for our internal use. The ip addresses are different depending on 
>> which side of the firewall you are. Internally, we can talk to local 
>> machines without using the domain name, ie. 'ping sarah' contacts the 
>> machine, sarah.shadlen.org. While trying to setup some software, I 
>> noticed that when I ping this way, the answer is rather inconsistent:
>>
>> herbie:~# ping sarah
>> PING sarah.shadlen.org (10.208.108.18) 56(84) bytes of data.
>> 64 bytes from 10.208.108.18: icmp_seq=1 ttl=64 time=0.926 ms
>> 64 bytes from 10.208.108.18: icmp_seq=2 ttl=64 time=0.201 ms
>>
>> mingus:~# ping sarah
>> PING sarah.shadlen.org (10.208.108.18) 56(84) bytes of data.
>> 64 bytes from sarah.local (10.208.108.18): icmp_seq=1 ttl=64 time=0.155 ms
>> 64 bytes from sarah.local (10.208.108.18): icmp_seq=2 ttl=64 time=0.154 ms
>> 64 bytes from sarah.local (10.208.108.18): icmp_seq=3 ttl=64 time=0.188 ms
> 
> The probably means that mingus can get a reply from the DNS server, but 
> herbie can't, or mingus has a reverse entry in /etc/hosts but herbie 
> doesn't.
> 

Hi Chris,

Thanks so much for your help.

Not sure what is different about the two machines. The /etc/hosts files 
for both were the same (ie. no entries other than the localhosts's). 
Interestingly, neither can get info from the dns server using dig when 
not using the domain name, ie. dig sarah doessn't get you the ip, but 
dig sarah.shadlen.org does. host works on both whether you use the 
domain or not. After I got the results above, I tried adding sarah to 
herbie's /etc/hosts, and that is when I got the results below. Sorry 
that wasn't very clear.


>> herbie:~# ping sarah
>> PING sarah.shadlen.org (10.208.108.18) 56(84) bytes of data.
>> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=1 ttl=64 time=0.220
>> ms
>> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=2 ttl=64 time=0.196
>> ms
>> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=3 ttl=64 time=0.175
>> ms
>> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=4 ttl=64 time=0.200
>> ms
> 
> But now it works from herbie? Did something change? Perhaps the reverse 
> DNS reply arrived late at herbie and was not ready in time for the first 
> ping?
> 
>> Sometimes it does not give a hostname, sometimes it gives hostname.local 
>> and sometimes it gives the fully qualified domain name (fqdn). Turns out 
>> that this is important for some software I am running, which wants to 
>> get the fqdn back. I figured out that I can get the fqdn back if I put 
>> and entry for the machine I am pinging to in /etc/hosts of the machine I 
>> am pinging from, but it seems like I should be able to do this in bind 
>> somehow. I now notice that pinging from outside the firewall also gives 
>> just the ip for my machines, but I can ping university machines and get 
>> back the fqd. So, I'm sure it must be my bind config, but not sure what. 
>> Any bind experts?
> 
> If reverse mapping is really important to you, don't use split horizon. 
> You will never get 100% reliable results. Use an internal hostname to map 
> to an internal IP, and use the "search" option in /etc/resolv.conf to 
> search the internal domain instead of the external one.
> 

Hmm, not sure how I feel about this strategy. It would mean changing a 
hell of a lot of configs on a whole lot of machines. Not to mention 
having to get a bunch of people use to the concept of using different 
hostnames depending on where they are. Have to think about that. Might 
prefer to remake the /etc/hosts file for all the machines that this is 
important for, although that is hardly ideal either...

cheers,
maria

More information about the Techtalk mailing list