[Techtalk] bind question

Chris Wilson chris+linuxchix at aptivate.org
Fri Jan 29 08:27:05 UTC 2010 

Hi Maria,

On Fri, 29 Jan 2010, Maria McKinley wrote:

> I have bind set up with two "views". One is for the outside world, and 
> one is for our internal use. The ip addresses are different depending on 
> which side of the firewall you are. Internally, we can talk to local 
> machines without using the domain name, ie. 'ping sarah' contacts the 
> machine, sarah.shadlen.org. While trying to setup some software, I 
> noticed that when I ping this way, the answer is rather inconsistent:
> 
> herbie:~# ping sarah
> PING sarah.shadlen.org (10.208.108.18) 56(84) bytes of data.
> 64 bytes from 10.208.108.18: icmp_seq=1 ttl=64 time=0.926 ms
> 64 bytes from 10.208.108.18: icmp_seq=2 ttl=64 time=0.201 ms
> 
> mingus:~# ping sarah
> PING sarah.shadlen.org (10.208.108.18) 56(84) bytes of data.
> 64 bytes from sarah.local (10.208.108.18): icmp_seq=1 ttl=64 time=0.155 ms
> 64 bytes from sarah.local (10.208.108.18): icmp_seq=2 ttl=64 time=0.154 ms
> 64 bytes from sarah.local (10.208.108.18): icmp_seq=3 ttl=64 time=0.188 ms

The probably means that mingus can get a reply from the DNS server, but 
herbie can't, or mingus has a reverse entry in /etc/hosts but herbie 
doesn't.

> herbie:~# ping sarah
> PING sarah.shadlen.org (10.208.108.18) 56(84) bytes of data.
> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=1 ttl=64 time=0.220
> ms
> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=2 ttl=64 time=0.196
> ms
> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=3 ttl=64 time=0.175
> ms
> 64 bytes from sarah.shadlen.org (10.208.108.18): icmp_seq=4 ttl=64 time=0.200
> ms

But now it works from herbie? Did something change? Perhaps the reverse 
DNS reply arrived late at herbie and was not ready in time for the first 
ping?

> Sometimes it does not give a hostname, sometimes it gives hostname.local 
> and sometimes it gives the fully qualified domain name (fqdn). Turns out 
> that this is important for some software I am running, which wants to 
> get the fqdn back. I figured out that I can get the fqdn back if I put 
> and entry for the machine I am pinging to in /etc/hosts of the machine I 
> am pinging from, but it seems like I should be able to do this in bind 
> somehow. I now notice that pinging from outside the firewall also gives 
> just the ip for my machines, but I can ping university machines and get 
> back the fqd. So, I'm sure it must be my bind config, but not sure what. 
> Any bind experts?

If reverse mapping is really important to you, don't use split horizon. 
You will never get 100% reliable results. Use an internal hostname to map 
to an internal IP, and use the "search" option in /etc/resolv.conf to 
search the internal domain instead of the external one.

E.g.

internal# ping sarah
pinging sarah.int.shadlen.org (10.208.108.18)...

internal# ping sarah.shadlen.org
pinging sarah.shadlen.org (1.2.3.4)...

external# ping sarah
unknown host sarah

external# ping sarah.shadlen.org
pinging sarah.shadlen.org (1.2.3.4)...

Cheers, Chris.
-- 
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES

Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.

More information about the Techtalk mailing list