Date: Mon, 23 Apr 2007 18:40:20 -0400 From: "Howard Leadmon" <howard@leadmon.net> To: <freebsd-stable@freebsd.org> Subject: FreeBSD DNS Resolver Issues? Message-ID: <005101c785f8$62b04010$081872cf@Leadmon.local>
next in thread | raw e-mail | index | archive | help
OK, now I am a bit stumped, so wanted to post here in hopes someone might
have an idea. First off the FBSD machine in question is an x86 server running
6.2-STABLE from a supped from a few weeks ago, so is fairly current.
I use said machine to handle all of my eMail and things in general seem to
work great, though I have this one mystery.
I we try and send mail to anyuser@wtplaw.com the mail will just set in the
queue forever, until it's returned as a failure. Talking with the admins at
wtplaw they are swearing their configs are correct, and it's something on our
side. Looking at the mailq, I see:
l3NEqolY011124 28697 Mon Apr 23 10:52 <users@leadmon.net>
(Deferred: Name server: mail.wtplaw.com.: host name lookup
fa)
<pbagnell@wtplaw.com>
So as it's quick an easy I used dig and did a lookup:
$ host wtplaw.com
wtplaw.com has address 69.20.43.246
wtplaw.com mail is handled by 10 mail.wtplaw.com.
Then on mail.wtplaw.com:
$ host mail.wtplaw.com
mail.wtplaw.com has address 65.111.69.228
mail.wtplaw.com has address 66.166.181.163
Host mail.wtplaw.com not found: 2(SERVFAIL)
;; connection timed out; no servers could be reached
As you can see I am getting a failure, which I know will make sendmail blow a
gasket over the issue. Oh and use I have the WorkAroundBrokenAAAA set in my
configs.
Here is where it gets interesting, and confuses me. I also have a Sun SPARC
server running Solaris-10, so figured I would try the same on it. Note that
both servers use the same DNS servers for resolution, plus I also tried the
above specifying the actual listed nameservers for wtplaw.com and got the same
results.
OK, so let's try the above on my Solaris-10 server:
$ host wtplaw.com
wtplaw.com has address 69.20.43.246
wtplaw.com mail is handled by 10 mail.wtplaw.com.
and:
$ host mail.wtplaw.com
mail.wtplaw.com has address 65.111.69.228
mail.wtplaw.com has address 66.166.181.163
Note I am getting no failure messages from my Solaris machine. So I even
turned on -v verbose option.
Here is from the FreeBSD machine:
$ host -v mail.wtplaw.com
Trying "mail.wtplaw.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27765
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.wtplaw.com. IN A
;; ANSWER SECTION:
mail.wtplaw.com. 3 IN A 65.111.69.228
mail.wtplaw.com. 3 IN A 66.166.181.163
;; AUTHORITY SECTION:
mail.wtplaw.com. 85342 IN NS lp2.wtplaw.com.
mail.wtplaw.com. 85342 IN NS lp1.wtplaw.com.
;; ADDITIONAL SECTION:
lp2.wtplaw.com. 85864 IN A 66.166.181.172
Received 117 bytes from 207.114.24.13#53 in 22 ms
Trying "mail.wtplaw.com"
Host mail.wtplaw.com not found: 2(SERVFAIL)
Received 33 bytes from 207.114.24.13#53 in 80 ms
Trying "mail.wtplaw.com"
;; connection timed out; no servers could be reached
Note the failures. I am have to honestly say I am not totally sure what it's
trying to do at the end there, maybe someone can explain that one to me.
Here is the Solaris-10 machine making the same query:
$ host -v mail.wtplaw.com
Trying "mail.wtplaw.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 549
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.wtplaw.com. IN A
;; ANSWER SECTION:
mail.wtplaw.com. 3 IN A 65.111.69.228
mail.wtplaw.com. 3 IN A 66.166.181.163
;; AUTHORITY SECTION:
mail.wtplaw.com. 85225 IN NS lp1.wtplaw.com.
mail.wtplaw.com. 85225 IN NS lp2.wtplaw.com.
;; ADDITIONAL SECTION:
lp2.wtplaw.com. 85747 IN A 66.166.181.172
Received 117 bytes from 207.114.24.13#53 in 40 ms
Again, the query seemed fine, no troubles.
As stated earlier, talking to the sysadmin of the wtplaw.com site, they are
swearing there is nothing wrong, they are responding to queries as they should
be, and that we have a configuration problem on our end. If this is true, I'd
sure love to know what it is, so I can fix it, and if not I'd love to know
what to tell them is wrong with their DNS so I can get it corrected. As right
now I am bouncing mail from a few clients to this user, and I can't seem to
find any resolution to this issue.
When I realized that Solaris seems happy with their DNS, but FBSD is not, it
just made this even more of a mystery. If anyone can help shed any light on
this it would sure be appreciated..
---
-Howard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005101c785f8$62b04010$081872cf>