Posts filed under ‘DNS and Bind’
How do I flush or delete incorrect records from my recursive server cache?
Sometimes a recursive server may have incorrect records in its cache. These may be as a result of an error made by a zone administrator, or as a result of a deliberately engineered cache poisoning attack.
To identify the faulty records, by dumping and inspecting cache:
rndc dumpdb -all
grep problem.domain /var/named/data/cache_dump.db
(The location of the cache_dump.db may be varied based on the bind configuration)
Or you may be able to identify which records are incorrect by querying your server directly.
dig +norec <ip address of nameserver> <name> <type>
How to solve the problem?
rndc flushname name
- Use the name of a domain if there are problems with the NS or MX records associated with it.
- Use the server name, if there are problems with the addresses associated with that server name (for example a nameserver, a webserver or a mailserver).
Flush the cache for a specific name as well as all records below that name
rndc flushtree name
- This will clear the cache, but it will not clear any names out of ADB, so may not be sufficient for some needs.
If you are not sure where the problem lies, or there are too many records to delete them individually, then you might prefer to:Flush the entire named cache
rndc flush && rndc reload
How to troubleshoot DNS Issues with Wireshark
Hi Folks
Until recently I was a big fan Microsoft Message Analyzer. Unfortunately , Microsoft deprecated the product.So I decided to switch to Wireshark. I will not be going through the basic operations of wireshark as there are plenty of good video tutorials on the Internet.
In this article , I will focus on how to capture DNS packets on a BIND server and filter the packets for known queries and the response codes.
Step1: Start the capture on the BIND server
Step2: After running sample queries , Press CTRL & C to end the capture and transfer the .pcap file to the wireshark.
Once you open the .pcap file in the Wireshark , you can use the below filters to display the required data.
** To filter based on the queried domain name **
dns.qry.name == “hotmail.com”
** To filter MX queries **
dns.qry.type == 15
** To filter SERVFAIL response **
dns.flags.rcode == 2
You could use ! to exclude a filter in the search for example to exclude dns.qry.type == 15
!dns.qry.type == 15
For detailed list of DNS Response Codes & other DNS parameters refer the below URL’s.
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Good Luck.
Sub Domain Delegation using Bind
Hi All
When you are administrating the Bind you may come across to host a sub domain delegated to another DNS server from a different provider.These requests are usually from the Web Hosting Provider which helps them to modify the required records on their own using their Name Server.
In this scenario open the zone file in for eg:- test.com and add the following lines ( Adding Sub domain “sample.test.com”)
;Sub Doman delegation for the domain sample.test.com
$ORIGIN sample.test.com.
@ NS ns1.webhost.com. (Other DNS Severs , you could add multiple lines of DNS servers)
NS ns2.webhost.com.
Regards
How to force the DNS Propogation by changing the TTL Values
Hi
I am writing this tip for DNS Administrators who wants to speed up porpogation changes by playing with TTL (Time to live) values For Eg:-
Assuming that you are changing the IP Address of http://www.test.com by default the Bind (Linux based DNS Server) the TTL Value is set for 7200 which is 2 hours as a global parameter.which will control the expiry time / refressh interval for your DNS records in other DNS servers cache .
Therefore if you want to change the TTL value only for the http://www.test.com as 5 minutes you could edit the ZONE file as follows
$ORIGIN test.com
www 300 A 1.1.1.1(Replace it with your Actual IP Address)
(here 300 denotes 5 Minutes )and restart the named services.
Same concept is applicable for the Windows based DNS Servers as well//
Hope you like it.. 