SYNOPSIS: DNS client troubleshooting procedures



DOCUMENT ID:  0907-02

SYNOPSIS:     DNS client troubleshooting procedures

OS RELEASE:   2.1, 2.4, 2.5

PRODUCT:      Solaris x86

KEYWORDS:     DNS client troubleshoot NIS+ or DNS network connectivity


SYMPTOMS:

Subtle malfunctions occur in local and remote network system
functionality.  Either NIS+ or DNS is misbehaving causing limited or no
connectivity. 


DESCRIPTION:

Discusses the interaction between NIS+ and DNS.  Troubleshooting
examples using "yp tools" and nslookup are given. 

Domain Name Services (DNS) client troubleshooting procedures.  Basic
network check out, nslookup as a diagnostic tool, subtlities of
malfunctions are discussed.  Solaris integrates DNS and Network
Information Service NIS+ hence credence must also be given to
/etc/nsswitch.conf. 


SOLUTION:

Basic network functionality should first be performed using the commands
ping, telnet, and ftp using the IP address of each the server. 
Minimally ping should be used.  The problem could be NIS+ or DNS.  A
determination if NIS+ is the culprit may be made by, a "ypmatch XX
hosts" command observing if a response comes from "XX", which will
indicate NIS+.  Nothing will print if "XX" is not part of NIS+.  An
alternate would be "ypcat hosts | grep XX". 

DNS client appears to only require properly creating /etc/resolv.conf
entries.  When things don't work out, debugging can be difficult.  The
/etc/resolv.conf file is just the tip of the iceberg.  Resist the
temptation to first update the file with domain and nameserver IP
addresses.  The position of a correctly functioning nameserver is taken
at this point.  DNS server data may be verified using a tool "nslookup"
functioning like a DNS client.  Deep diagnosis of the nameserver may be
made using "nstest". 

Notes on nslookup

Nslookup resides in /usr/sbin directory.  Enter exit or ^d to leave
nslookup.  A period should terminate each lookup request to prevent
searching.  Simple invocation from a shell prompt.  It recommended to
read the "man pages" as this is a very powerful tool.  Nslookup has not
been modified to use NIS as the server, if the /etc/resolv.conf is not
present a failure will occur. 

Usage notes

Nslookup tries to contact the default server upon invocation.

Two similar error messages may be displayed.  The lack of a
/etc/resolv.conf file will produce

*** Can't find server name for address 127.0.0.1:No response from
    server
*** Default servers are not available

After 1.5 minutes, you'll think things are hung up.  The default to look
within hence IP address 127.0.0.1. 


DNS client troubleshooting procedures page 2

Having a non server IP address in /etc/resolv.conf will produce:

*** Can't find server name for address IP address:No response from
    server
*** Default servers are not available

A healthy default name server will display:

Default Server: george.company.com
Address: IP address

>
At this point enter the names of several host names and observing
the message contents for host names with IP addresses. For
example:

> mary.
Server: george.company.com
Address: IP address

Name:   mary.george.company.comAddress: IP address of mary

>
Change to another name server by entering:
server new.server.name

Now try several other host names as performed above.

Other items which are sometimes forgotten

* Remember this is UNIX, case sensitivity is an issue.

* The "rcmd" family of commands rlogin, rcp, and rsh function before the
server was used but now fail (request a password).  It should be
recalled that these functions rely on the correct data in .rhosts and
/etc/host.equiv files.  In most instances only the unqualified host
names are entries.  The name server requires the qualification by use of
the addition of domain information. 

* A syntax error in the resolv.conf file may cause some portion of
contents to be ignored.  Running nslookup and using the "set all"
feature will display the actual action verses file contents. 

* Telnet fails when using short host names i.e.  "telnet xx" and works
ok when using fully qualified names i.e.  "telnet xx.domain".  The
nslookup "set all" feature may be used to observe the failure namely the
"srch" and "domain" items have no data. 

* NFS mounts fail after the name server is started.  The exports file
does not have domain qualified names.  Care must be taken in that not
all implementations of NFS use DNS.  The node name identity in the RPC
record may be the node name only without domain qualification.  The
fstab file may use fully domain qualified names. 

DNS client troubleshooting procedures page 3

* Mail can be sent out but no one can come in using ping, rlogin,
telnet, or ftp.  A missing subdomain delegation will cause this
situation.  The NIC or another DNS server has not been updated with your
data. 

NSTEST documentation

NSTEST allows disection of the nameserver from a client point of view. 
The user should become familiar the low level details of nameserver data
in order to completely understand the output of this program.  The
intent here is to make the user familiar with this utility. 

Command line options

 i    Ignore nameserve response has the truncation bit set,
      revert to default resolver behavior to retry using TCP.

 v    Include the options RES_USEVC and RES_STAYOPEN.
      RES_USEVC means use TCP for queries instead of UDP.
      RES_STAYOPEN leave the TCP connection open after queries.

 r    Turn off recursion for BIND queries

 d    Dump the packet.

      Operational detail
      Several one letter command options may be entered in
      response to the
      " >" query. The kill character will exit the program.

 Letter option definitions

 a   query          T_A            host address
 A   inverse query  T_A            host address
 b   query          T_MB           mailbox domain name
 B   inverse query  T_MG           mail group member
 c   query          T_CNAME        connonical name
 f   query          T_UINFO        user (finger) information
 g   query          T_GID          group ID
 h   query          T_HINFO        host information
 i   query          T_MINFO        mailbox information
 m   query          T_MX           mail routing information
 M   query          T_MAILB        transfer mailbox records
 p   query          T_PTR          domain name pointer
 r   query          T_MR           mail rename name
 s   query          T_SOA          start of authority zone
 T   query          T_TXT          text strings
 u   query          T_UID          user ID
 w   query          T_WKS          well known service
 x   query          T_AXFR         transfer zone of authority
 *   query          T_ANY          wildcard match
 z   list options with arguments


DNS client troubleshooting procedures page 4

References for addition information

        Albitz, Paul, Liu, Cricket, March 1993, DNS and BIND
        O'Reilly & Associates, ISBN 1-56592-010-4

        Stern, Hal, April 1992, NFS and NIS
        O'Reilly & Associates, ISBN 0-937175-75-1

        Craig, Hunt, August 1992, TCP/IP Administration
        O'Reilly & Associates, ISBN 0-937175-75-1

        June, 1993, SunOS 5.1 Administering NIS+ and DNS for X86
        SunSoft, Part Number 801-4648-10

        /usr/include/arpa/nameser.h

        source listings from ftp.uu.net


DATE APPROVED: 09/15/94