|
|
Resources: Find a resource who is experienced with DNS
BIND/iX! If you're entering into this without DNS BIND/iX experience,
you're off to a difficult start. Problems with this product are
generally caused by poor configuration, so it's critical to have a
DNS BIND literate engineering resource available for problem
classification and management.
Check the Obvious: Those with experience in DNS BIND
troubleshooting will have built up a number of quick "sanity checks"
that they use. Often, these will result in a quick resolution without
having to progress onto the next stages. If you don't have the
experience (and can't find someone that does... recommended) or find
that you're still unable to find the answer, you'll need to progress
to the next steps.
Detailed Problem Description: Historical information is
very valuable... is this a new DNS BIND installation, or has the site
suddenly started to experience problems? No matter what the history,
you will need to find out and document the exact symptoms being
experienced.
It Used to Work: Find out if the DNS Administrator is aware of
any configuration or network topology changes that could be tied to
the recent DNS BIND problems. Make a note of anything they can
suggest. Generally, these problems are caused by an incorrect
configuration change, or some change in network topology, resulting
in lost connectivity to systems required by the DNS environment (no
route to a required system, an internal or external nameserver is
down, system name/IP address change, poor configuration, and so
forth.
New Configuration: In 99% of DNS BIND problems, the cause is
poor configuration. Unfortunately, DNS is not an easy service for the
novice to configure. There are many pitfalls waiting to trip a user.
In a new configuration situation, you'll find the following steps
will probably be needed.
Topology Information: Obtain and document a detailed
description of the DNS topology used in this environment, Information
on all the involved systems will be needed. It's important to be able
to picture how all the systems connect to one another and the
inter-dependencies any have with one another. If possible, an ASCII
diagram of the topology is very often worth the effort (labeling each
node with its system and DNS information, see
Figure 8-1 "Labeling Nodes").
Figure 8-1 Labeling Nodes
Configuration Gathering: Once you have a good understanding
of the history, symptoms, and topology, it's time start examining the
DNS configuration at the site. Relying on assumptions does not work
with DNS BIND troubleshooting.
This information is needed from each system.
From ALL Systems:
Review the following files:
/etc/resolve.conf
/etc/nsswitch.conf (If present)
results for all lan interfaces
Run the following commands:
nettool.net.sys "conf;summ;gui"
linkcontrol@,S
netcontrol <NIname>;STATUS for each appropriate NI
From Nameservers:
All the information detailed above in
"From ALL Systems"
/etc/named.conf (Or the customers equivalent)
The system's db files
Look in the /etc/named.conf file and the directory directive
will tell you where to look for these. They are prefixed with db or
zone, so may look like these examples:
db.cache, db.root, db.127.0.0,. db.cup, etc.
Configuration Validation: Once the configuration
information is gathered, it's time to sit down and wade through it
all, looking for problems. By now you should have a good idea of how
this DNS BIND topology fits together. Consider the symptoms, the
history, the topology, and verify the levels of configuration that
might be responsible for these problems.
Experience is the best tool, but there is one very good resource
available that will help in troubleshooting DNS BIND:
DNS & BIND is a book written by Paul Albitz and Cricket
Lui. The 2nd edition has recently been published, with some useful
additions for the newer, post 4.8.3, versions of BIND (4.9.3 is
covered in some detail). Published by O'Reilly & Associated, Inc.
[2nd Edition ISBN: 1-56592-236-0]
Troubleshooting Tools: The following tools can be useful in
troubleshooting DNS BIND problems:
- nslookup
(Available on all systems)
- ping
(Available on all systems)
Further information on the use of these tools can be found in the
book DNS & BIND, as well as in the system man
pages.
|