Hello, and, as always, thanks for the brain boost.
The original question was :
----- Begin Included Message -----
Hello.
We are running DNS alongside NIS on a SunOS 4.1.x environment. For
months, I have been seeing messages like this on the consoles of the
name servers :
Dec 2 04:09:21 scla0 named[15800]: bubba.amat.com has CNAME and other data (illegal)
Dec 2 04:09:21 scla0 named[15800]: bubba.amat.com has CNAME and other data (illegal)
Dec 2 04:09:26 scla0 named[15800]: albert.mis.amat.com has CNAME and other data (illegal)
Dec 2 04:09:26 scla0 named[15800]: albert.mis.amat.com has CNAME and other data (illegal)
where bubba and albert are domain name servers for other subdomains in
the company. DNS works just fine; they can find me, I can find them.
Last I heard, CNAME records were a normal part of DNS records.
I upgraded named on several nameservers from the SUN release of bind to
bind-4.8.3. It fixed some other problems, but I still get these CNAME
errors. I don't see any notes on them in SunSolve, Albitz/Liu, or
various Web DNS/BIND resources.
Anybody know what this CNAME message is about and how to cure it? I
don't want to configure syslog.conf to ditch DNS error messages, there
might be something useful in there.
Thanks muchly.
----- End Included Message -----
The notables who answered were :
Casper Dik <casper@holland.Sun.COM>
Reto Lichtensteiger <rali@meitca.com>
fpardo@tisny.com (Frank Pardo)
"Trevor Paquette" <tpaquett@aec.ca>
cathy@mercury.stm.com (Cathy Hargrave)
Pritish Shah <pritish@iocenter.net>
Bob Hoffman <hoffman@cs.pitt.edu>
"Karl E. Vogel" <vogelke@c17mis.region2.wpafb.af.mil>
Bob Woodward <bobw@kramer.filmworks.com>
"L. Lopshire" <ayn@pacifier.com>
The succinct answer was :
----------------------------
You have hosts that have both a CNAME and another record.
That is illegal.
E.g.,
CNAME x.y.z a.b.c
IN x.y.z MX d.e.f
Casper
-------------------------------
The most analytical reply :
-------------------------------
This means that in your data file for amat.com, the name "bubba" has
other records associated with it besides the CNAME, e.g. A records, MX
records, etc. The rules are that there can be no other resource
records associated with a name that is a CNAME. If you must have such
records, they must be associated with the host that the CNAME points
to, but not with the CNAME itself. For example, here is a legal entry
from our named data file:
gomez IN A 136.142.79.193
IN MX 10 gomez.cs.pitt.edu.
IN MX 20 bert.cs.pitt.edu.
IN MX 30 ernie.cs.pitt.edu.
IN MX 40 blitz.cs.pitt.edu.
IN HINFO ALPHA OSF1
IN TXT "OWNER: Bob Hoffman"
IN TXT "LOCATION: ALUMN 301"
IN TXT "IEEE: 08:00:2b:e5:27:71"
mailhost IN CNAME gomez
An illegal entry might look like:
gomez IN A 136.142.79.193
IN MX 10 gomez.cs.pitt.edu.
IN MX 20 bert.cs.pitt.edu.
IN MX 30 ernie.cs.pitt.edu.
IN MX 40 blitz.cs.pitt.edu.
IN HINFO ALPHA OSF1
IN TXT "OWNER: Bob Hoffman"
IN TXT "LOCATION: ALUMN 301"
IN TXT "IEEE: 08:00:2b:e5:27:71"
mailhost IN CNAME gomez
IN MX 10 gomez.cs.pitt.edu.
IN MX 20 bert.cs.pitt.edu.
IN MX 30 ernie.cs.pitt.edu.
IN MX 40 blitz.cs.pitt.edu.
IN HINFO ALPHA OSF1
IN TXT "OWNER: Bob Hoffman"
IN TXT "LOCATION: ALUMN 301"
IN TXT "IEEE: 08:00:2b:e5:27:71"
I hope this helps.
---Bob.
-------------------------------
other useful hints :
-------------------------------
a cname record is used to specify an alias for a host. the
alias must be unique just as the host name must be unique for
each ip address. check your database records or your host
file for duplicate names or ip addresses. if you use h2n to
make your dns records, run it and see if it gives any error
messages. or you can do a database dump to see what is
really in the dns maps. see the o/reilly book for debugging.
cathy
-------------------------------
I'd recommend going to bind-4.9.5, available from
ftp://ftp.vix.com/pub/bind/release/4.9.5/bind-4.9.5-REL.tar.gz
-- Karl Vogel vogelke@c17.wpafb.af.mil 937-255-3688------------------------------- Another possibility : -------------------------------
This happened to me a while back, and the answer turned out to be a bad comment in the DNS map file. A comment is a line beginning with ';'. It doesn't start with '#', and it has to be on a line by itself, not at the end of a line containing genuine data.
good luck
-- Frank Pardo <fpardo@tisny.com>
------------------------------- And probably the most practical advice :
------------------------------- Change your dns or live with the whining.. "L. Lopshire" <ayn@pacifier.com> -------------------------------
Thanks to all!
John Reynolds Applied Materials i am over six feet 2901 Patrick Henry Dr. MS 5502 and go everywhere Santa Clara CA 95054 (408) 235-6352 -archy the cockroach reynolds@acetsw.amat.com
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:17 CDT