Do you allow queries both from the machine's IP address and from
127.0.0.1?

--
Joe Yao ***@cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Oops, where is my original post? (see below)
Yes. File exists, is readable by all and has this line in.
I think so. I have configuered:
ipchains -A input -i lo -j ACCEPT
ipchains -A output -i lo -j ACCEPT
And I can e.g. telnet to itself (127.0.0.1, IP, the machine's name).
However, I temporarily deleted ALL ipchains without success
(and without intruders, I hope :-)
All ipchains denied connections and all nameserver queries
are being logged, and there is no entry after 'ping notworking.host'.
The "unknown hosts" comes extremely fast.

I discovered that the names that are not working are all CNAMEs
(internal and external). Most CNAMEs work. All A-records work.
('work' means: I can do ftp/telnet/ping etc. with the name.)
Because we are running the squid-proxy on the server,
CNAME resolving is essential (for virt. www-servers).

Maybe this is a hint ....

Some other information on my config:
- /etc/host.conf has: order hosts bind
- /etc/hosts has:
127.0.0.1 localhost
172.16.13.1 saturn.wilkens-net.com saturn
- /etc/resolv.conf has:
search wilkens-net.com
nameserver 172.16.13.1
nameserver 172.16.13.12
- I dumped the internal DNS-database to a file and verified that
"notworking.internal.host" is in there. (kill -SIGINT named.pid)
- I restarted named (and one time the whole machine) without success.

And here is a complete example of an external host:
***@saturn:~ > dig www.hamburger-digitaldruck.de

; <<>> DiG 2.2 <<>> www.hamburger-digitaldruck.de
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS:
;; www.hamburger-digitaldruck.de, type = A, class = IN

;; ANSWERS:
www.hamburger-digitaldruck.de. 86400 CNAME drvhh-support1.drvhh.de.
drvhh-support1.drvhh.de. 86400 A 195.179.55.131

;; AUTHORITY RECORDS:
drvhh.de. 86400 NS drvhh-support.drvhh.de.
drvhh.de. 86400 NS dns-d.is-europe.net.

;; ADDITIONAL RECORDS:
drvhh-support.drvhh.de. 86400 A 195.179.55.130
dns-d.is-europe.net. 81335 A 195.180.210.3

;; Total query time: 1923 msec
;; FROM: saturn to SERVER: default -- 172.16.13.1
;; WHEN: Fri Oct 29 10:53:16 1999
;; MSG SIZE sent: 47 rcvd: 220

***@saturn:~ > ping www.hamburger-digitaldruck.de
ping: unknown host: www.hamburger-digitaldruck.de

Thanks for any ideas on this crazy thing.
Torsten Behle
FCB/Wilkens Hamburg

It is considered polite not to include the entire history of the
conversation, but only those parts to which one is answering.

--
Joe Yao ***@cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Yep. This file is OK.
/etc/named.boot also is quite plain. No special options.

I have an AMAZING example by now.
Pinging the SAME HOST on different CNAMEs give different results.
How about that (sorry for being verbous)?
It's weird. Even debuglevel 4 does not show any differences.
Dumping the database shows the same entries for both CNAMEs.

***@saturn:/etc > /sbin/init.d/named restart < ------------- Empty cache
***@saturn:/etc > ping nsdir1.wilkens-net.com < ------------- Doesn't work
ping: unknown host: nsdir1.wilkens-net.co
***@saturn:/etc > ping nsconfig.wilkens-net.com < ------------- Works!
PING nshafmailhost1.wilkens-net.com (172.16.13.5): 56 data bytes
64 bytes from 172.16.13.5: icmp_seq=0 ttl=128 time=8.141 ms
64 bytes from 172.16.13.5: icmp_seq=1 ttl=128 time=0.821 ms
--- nshafmailhost1.wilkens-net.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.821/4.481/8.141 ms

***@saturn:/etc > dig nsconfig.wilkens-net.com < ------------- Check entry

; <<>> DiG 2.2 <<>> nsconfig.wilkens-net.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS:
;; nsconfig.wilkens-net.com, type = A, class = IN

;; ANSWERS:
nsconfig.wilkens-net.com. 86400 CNAME nshafmailhost1.wilkens-net.com.
nshafmailhost1.wilkens-net.com. 86400 A 172.16.13.5

AUTHORITY, ADDITIONAL.... all the same

;; Total query time: 3 msec
;; FROM: saturn to SERVER: default -- 127.0.0.1
;; WHEN: Sat Oct 30 01:24:19 1999
;; MSG SIZE sent: 42 rcvd: 181

***@saturn:/etc > dig nsdir1.wilkens-net.com < ------------- Check other entry

; <<>> DiG 2.2 <<>> nsdir1.wilkens-net.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS:
;; nsdir1.wilkens-net.com, type = A, class = IN

;; ANSWERS:
nsdir1.wilkens-net.com. 86400 CNAME nshafmailhost1.wilkens-net.com.
nshafmailhost1.wilkens-net.com. 86400 A 172.16.13.5

AUTHORITY, ADDITIONAL.... all the same

;; Total query time: 3 msec
;; FROM: saturn to SERVER: default -- 127.0.0.1
;; WHEN: Sat Oct 30 01:24:26 1999
;; MSG SIZE sent: 40 rcvd: 179


I have a line

exit ns_init(), need maintenance immediately

in the named-starting debug-log.
However, I didn't find any flaws in the conf-files (even reducing
the named to a caching-only server gives this message).
AND the DNS works perfectly on 98% of all queries.
I really have to search for this kind of errors.

Thinking of installing Bind 8 with a minimal chance to
get this solved.... :-(

Torsten