0

Here's an interesting problem:

~ $ host gitlab.myorg.com
gitlab.myorg.com is an alias for aln7git01.myorg.com.
aln7git01.myorg.com has address 172.30.9.197

~ $ host gitlab.myorg.com
gitlab.myorg.com has address 172.30.8.24
gitlab.myorg.com is an alias for aln7git01.myorg.com.

I ran those two commands seconds after one another.

The host command for aln7git01.myorg.com also behaves the same. Here's dig on aln7git01.myorg.com

~ $ dig A aln7git01.myorg.com

; <<>> DiG 9.8.3-P1 <<>> A aln7git01.myorg.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5438
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;aln7git01.myorg.com. IN    A

;; ANSWER SECTION: 
aln7git01.myorg.com. 3596 IN A  172.30.8.24

;; AUTHORITY SECTION:
myorg.com.  129 IN  NS  mtd-ns1.myorg.com.
myorg.com.  129 IN  NS  mtd-ns2.myorg.com.

;; ADDITIONAL SECTION:
mtd-ns1.myorg.com.  86400   IN  A   207.18.164.29
mtd-ns2.myorg.com.  86400   IN  A   207.18.164.30

;; Query time: 48 msec
;; SERVER: 64.102.6.247#53(64.102.6.247)
;; WHEN: Tue Jun  9 05:27:45 2015
;; MSG SIZE  rcvd: 148

~ $ dig A aln7git01.mtd.myorg.com

; <<>> DiG 9.8.3-P1 <<>> A aln7git01.mtd.myorg.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61048
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION
;aln7git01.mtd.myorg.com. IN    A

;; ANSWER SECTION:
aln7git01.mtd.myorg.com. 2727 IN A  172.30.9.197

;; AUTHORITY SECTION
mtd.myorg.com.  86400   IN  NS  mtd-ns1.myorg.com.
mtd.myorg.com.  86400   IN  NS  mtd-ns2.myorg.com.

;; ADDITIONAL SECTION:
mtd-ns1.myorg.com.  86400   IN  A   207.18.164.29
mtd-ns2.myorg.com.  86400   IN  A   207.18.164.30

;; Query time: 46 msec
;; SERVER: 64.102.6.247#53(64.102.6.247)
;; WHEN: Tue Jun  9 05:27:45 2015
;; MSG SIZE  rcvd: 148

The setup is like this:

1) A bind server with a zone file for myorg.com
2) Two A records with 172.30.8.24 for gitlab and aln7git01
3) Two name servers for myorg.com on two other hosts
Sam Hammamy
  • 189
  • 5
  • 17
  • dig `any` for gitlab shows CNAME and IP, but dig `any` for `aln7git01` shows two different IP's. Where could the problem be? – Sam Hammamy Jun 09 '15 at 10:08
  • The fact that you have multiple entries for a single host **is** the problem. -Probably. - Most likely. - Two `A`-records is a poor-man's loadbalancing approach and might be as intended, but having both `A` and `CNAME` records is sloppy work. – HBruijn Jun 09 '15 at 10:12
  • I removed the CNAME yesterday afternoon from the zone file, but it's still showing up. Any thoughts as to why? – Sam Hammamy Jun 09 '15 at 10:16
  • You might have forgotten to reload the zone, or didn't update the SOA serial number? – HBruijn Jun 09 '15 at 10:16
  • SOA serial number? – Sam Hammamy Jun 09 '15 at 10:19

1 Answers1

2

Part of your problem is in your debugging approach.

You're running your dig command with the A command-line option which requests only A-records. When you're getting odd results you want to use either no option or the any option so you don't restrict the output:

 dig any gitlab.myorg.com.

My assumption is that doing so will show that you have two DNS records, both an A and a CNAME record for gitlab.myorg.com.

That will result in a round-robin effect, with one request getting the A record and the next the CNAME record. The solution is then to remove the incorrect entry from your zone.

HBruijn
  • 77,029
  • 24
  • 135
  • 201