3514 - Troubleshooting a new authoritative zone in NIOS
Scenario
A new zone techblue.net has been added by someone on your team. However, users are reporting that they cannot resolve any names in techblue.net when querying against the member ibns1 (10.100.0.105) or ibns2 (10.200.0.105). Please identify any issues and correct them.
Estimate Completion Time
15 to 20 minutes
Credentials
Description | Username | Password | URL or IP |
---|---|---|---|
Grid Manager UI | admin | infoblox |
Requirements
Administrative access to the Grid
Course References
3011: DNS Troubleshooting Methodology
3014: NIOS DNS Zones Expert Topics
Lab Initiation
Access jump-desktop
Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:
Username: training
Password: infoblox
Initiate lab
To initiate the lab, double-click the Launch Lab icon on the Desktop.
Choose the lab number from the list and click OK.
After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.
Lab initiation will take a couple of minutes to finish.
Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.
Tasks
Task 1: Troubleshooting name resolution
Clients are unable to resolve the domain name www.techblue.net while querying against the internal DNS servers 10.100.0.105 and 10.200.0.105.
Solutions
Task 1 Solution: Troubleshooting name resolution
First, you should verify that the zone is configured in the Grid, and the entry for the name www.techblue.net also exists in the Grid. Navigate through Data Management → DNS → Zones, you can verify that both the authoritative zone techblue.net exists, so does the DNS record for www.techblue.net.
However, when using the command dig
you get this result from the jump-desktop:
training@jump-desktop:~ $ dig @10.100.0.105 www.techblue.net
;; communications error to 10.100.0.105#53: timed out
;; communications error to 10.100.0.105#53: timed out
;; communications error to 10.100.0.105#53: timed out
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @10.100.0.105 www.techblue.net
; (1 server found)
;; global options: +cmd
;; no servers could be reached
IP address 10.100.0.105 is reachable:
training@jump-desktop:~ $ ping 10.100.0.105
PING 10.100.0.105 (10.100.0.105) 56(84) bytes of data.
64 bytes from 10.100.0.105: icmp_seq=1 ttl=63 time=1.99 ms
64 bytes from 10.100.0.105: icmp_seq=2 ttl=63 time=0.493 ms
64 bytes from 10.100.0.105: icmp_seq=3 ttl=63 time=4.43 ms
64 bytes from 10.100.0.105: icmp_seq=4 ttl=63 time=0.818 ms
^C
--- 10.100.0.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3034ms
rtt min/avg/max/mdev = 0.493/1.933/4.430/1.545 ms
This points to an issue with the DNS service on ibns1 (10.100.0.105) . If you check the configuration, you can see that DNS service is not running.
Solution part 1: Enabling the DNS service
You may use dig
again to verify name resolution:
training@jump-desktop:~ $ dig @10.100.0.105 www.techblue.net
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @10.100.0.105 www.techblue.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
; COOKIE: 07e320880bc5c24bb7a8c305649052e47d5aa811719e79c7 (good)
;; QUESTION SECTION:
;www.techblue.net. IN A
;; AUTHORITY SECTION:
techblue.net. 900 IN SOA polaris.techblue.io. training-tech.infoblox.com. 26 10800 3600 2419200 900
;; Query time: 11 msec
;; SERVER: 10.100.0.105#53(10.100.0.105) (UDP)
;; WHEN: Mon Jun 19 13:06:44 UTC 2023
;; MSG SIZE rcvd: 154
This time you get an NXDOMAIN
response with RA
flag, which tells you that the server 10.100.0.105 is not authoritative for the zone techblue.net. If you check the config files for ibns1 and ibns2, you will see that techblue.net configuration is absent, which means that techblue.net zone has not been assigned to these DNS members. Thus, the next step is:
Solution part 2: Assigning zone techblue.net to members
Assign techblue.net zone to Grid DNS members ibns1 and ibns2 to correct DNS configuration .
Navigate to Data Management → DNS →Zones
Check the box next to techblue.net and click Edit
Switch to Name Servers tab
Select Use this set of name servers
Click + dropdown and select Grid Primary
In the Add Grid Primary wizard, click Select
Click on ibns1.techblue.net hyperlink
Click the Add button
Click + dropdown again and select Grid Secondary
In the Add Grid Secondary wizard, click Select
Click on ibns2.techblue.net hyperlink
Click the Add button.
Both Name Servers should now be present in the list.
Click Save and Close.
Restart service when prompted.