I have a lab set up with DNS running on a CentOS7 server (dns01.local.lab). The local.lab domain is defined in named.conf:
zone "local.lab" IN {
type master;
file "local.lab.zone";
allow-update { none; };
};
I also have a reverse zone but that doesn't matter for this question as far as I can tell.
The zone file looks like:
$TTL 86400
@ IN SOA dns01.local.lab. root.local.lab. (
1 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS dns01.local.lab.
@ IN A 192.168.122.100
@ IN A 192.168.122.1
dns01 IN A 192.168.122.100
virt-host IN A 192.168.122.1
If I use nslookup using just the hostname I get a resolved IP:
[root@dns01 ~]# nslookup dns01
Server: 192.168.122.100
Address: 192.168.122.100#53
Name: dns01.local.lab
Address: 192.168.122.100
However, if I use dig using just the hostname I do not get the expected response:
[root@dns01 ~]# dig dns01
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> dns01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9070
;; flags: qr rd ra ad; QUERY: 1, ANSWER 0; AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016020401 1800 900 604800 86400
;; Query time: 95 msec
;; SERVER: 192.168.122.100#53(192.168.122.100)
;; WHEN: Thu Feb 04 09:15:07 HST 2016
;; MSG SIZE rcvd: 109
I only get the expected response when I use the FQDN:
[root@dns01 ~]# dig dns01.local.lab
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> dns01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9070
;; flags: qr rd ra ad; QUERY: 1, ANSWER 1; AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01.local.lab. IN A
;; ANSWER SECTION:
dns01.local.lab. 86400 IN A 192.168.122.100
;; AUTHORITY SECTION:
local.lab. 86400 IN NS dns01.local.lab.
;; Query time: 8 msec
;; SERVER: 192.168.122.100#53(192.168.122.100)
;; WHEN: Thu Feb 04 09:22:15 HST 2016
;; MSG SIZE rcvd: 74
Reverse lookups with dig provide the expected answer. Likewise with nslookup.
I know that dig and nslookup use different resolver libraries, but from what I understand dig is considered the better way.
As the results above indicate, the correct named server is being queried. It's as if dig doesn't recognize that the server is the authority for hostname being queried.
named.conf:
options {
listen-on port 53 { 127.0.0.1; 192.168.122.100; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {localhost; 192.168.122.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "local.lab" IN {
type master;
file "local.lab.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "local.lab.revzone";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Best Answer
Does
dig +search dns01give you what you want? If so, it it possible that+nosearchsomehow got added to your~/.digrc?ETA: Or, if you're like me, maybe the dig fairies failed to come and add
+searchto your~/.digrc.