Sunday, September 3, 2017

linux - Bind DNS responding with two A records for single host when it hasn't been setup to

For some reason that isn't clear my Bind 9 DNS server is responding with two A records for a single host fs01.example.com and fs01.sub.example.com. The IP addresses that it responds with are both valid but they're in two separate zones and I wouldn't expect a response for the subdomain when using the FQDN of the other. A packet capture of this is:




13:32:16.238361 IP node01.example.com.37814 > ns01.example.com.domain: 62148+ A? fs01.example.com. (35)
13:32:16.239019 IP ns01.example.com.domain > node01.example.com.37814: 62148* 2/1/1 A 10.0.0.50, A 10.254.0.50 (101)
13:32:16.239761 IP node01.example.com.58143 > ns01.example.com.domain: 39089+ PTR? 50.0.0.10.in-addr.arpa. (40)
13:32:16.240311 IP ns01.example.com.domain > node01.example.com.58143: 39089* 1/1/1 PTR fs01.example.com. (105)
13:32:16.245396 IP node01.example.com.56891 > ns01.example.com.domain: 55066+ PTR? 2.0.0.10.in-addr.arpa. (39)
13:32:16.246039 IP ns01.example.com.domain > node01.example.com.56891: 55066* 1/1/1 PTR ns01.example.com. (99)
13:32:19.138920 IP node01.example.com.45142 > ns01.example.com.domain: 27577+ A? fs01.example.com. (35)
13:32:19.140020 IP ns01.example.com.domain > node01.example.com.45142: 27577* 2/1/1 A 10.254.0.50, A 10.0.0.50 (101)
13:32:22.141217 IP node01.example.com.59979 > ns01.example.com.domain: 1231+ PTR? 90.0.254.10.in-addr.arpa. (42)

13:32:22.142254 IP ns01.example.com.domain > node01.example.com.59979: 1231 NXDomain* 0/1/0 (105)


This shows two responses with both A records for a single host, but the forward zone file for 0.0.10.in-addr.arpa has just the one for 10.0.0.50. The record for 10.254.0.50 is in a different file for the subdomain.



I've tried to flush the entries using rndc flushname fs01.example.com but that doesn't do anything as far as I can tell. I'm not sure where to go with this now.



Edit: Add command output showing all instances of server in zone files.



Here's every occurrence of the server in question in my zone files:




$ find /etc/bind -type f | xargs grep fs01

/etc/bind/zone.d/db.example.com:fs01            A   10.0.0.50
/etc/bind/zone.d/db.0.0.10:50           PTR fs01.example.com.
Binary file /etc/bind/zone.d/db.example.com.jnl matches
/etc/bind/zone.d/db.0.254.10:50     PTR fs01.sub.example.com.
/etc/bind/zone.d/db.sub.example.com:fs01        A   10.254.0.50
Binary file /etc/bind/core matches
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...