Date: Sun, 02 Dec 2001 07:33:25 -0600 From: Len Conrad <LConrad@Go2France.com> To: freebsd-net@FreeBSD.ORG Subject: Re: problem (hairy) with dns-server Message-ID: <5.1.0.14.0.20011202063643.03e87b98@mail.Go2France.com> In-Reply-To: <200112021206.fB2C6Y523027@mail15.bigmailbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>I have two dns-servers at 200.198.77.34 and 200.198.77.35, and when
>querying it with the nslookup and dnsquery everything appears as normal.
when do recursive query to either, I get an answer. you should not allow
recursive queries except from your trusted ip's, for BIND8
acl mynets {ip_list;};
options {
allow-recursion {mynets;} ;
fetch-glue no;
};
>a) when starting named, after a few seconds of the message *listening
>on..*, suddenly pops the following message:
>
>:=== begin
>
>named[2876]:sysquery:findns error (NXDOMAIN) on
>deviant-1.77.198.200.in-addr.arp
>named[2876]:sysquery:findns error (NXDOMAIN) on
>deviant-2.77.198.200.in-addr.arp
in-addr.arp? ".arpa" is the name of the reverse TLD parent
# dig -x 200.198.77.2
; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 2.77.198.200.in-addr.arpa, type = ANY, class = IN
;; AUTHORITY SECTION:
77.198.200.in-addr.arpa. 1D IN SOA ns.ipaccess.diveo.net.br.
hostmaster.ipaccess.diveo.net.br. (
2001021300 ; serial
1D ; refresh
1H ; retry
2W ; expiry
1D ) ; minimum
and
# dig @200.198.77.3 -x 200.198.77.2
; <<>> DiG 8.3 <<>> @200.198.77.3 -x
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 200.198.77.3: Operation timed out
your NS's haven't been delegated with reverse authority for your subnet
>(you can experiment using these dns-servers as your default ones,
I didn't do that, but they both do recursion fine with dig
> and sending a mail to test@dixtal.com.br), for the complete mail-error
> message.
works fine for me:
Dec 2 13:46:26 mgw1 postfix/smtp[17844]: 08D5116B13:
to=<test@dixtal.com.br>, relay=mx-sec.zazcorp.com.br[200.176.131.2],
delay=121, status=sent (250 2.0.0 fB2CkKrO013294 Message accepted for delivery)
DNS Expert
Detailed Report for dixtal.com.br
2001-12-02, 07:30, using the analysis setting "Thorough"
======================================================================
Information
----------------------------------------------------------------------
Serial number: 2001073101
Primary name server: srv5-poa.nutecnet.com.br.
Primary mail server: mail.dixtal.com.br.
Number of records: N/A
Errors
----------------------------------------------------------------------
o An NS record for "dixtal.com.br." refers to
"srv5-poa.nutecnet.com.br." which is a CNAME record
An NS record located in the zone "dixtal.com.br." refers to the
host "srv5-poa.nutecnet.com.br.". The record
"srv5-poa.nutecnet.com.br." is a CNAME record. NS records should
always refer to canonical host names.
o The name server "dns-web.zaz.com.br." is only listed in delegation
data
The server "dns-web.zaz.com.br." is listed as being authoritative
for the zone according to the delegation data, but there is no NS
record for that server in the zone data. Delegation data and zone
data should always match.
o The primary mail server "mail.dixtal.com.br." does not respond
The mail server "mail.dixtal.com.br.", which is a primary mail
server for "dixtal.com.br.", does not seem to be working.
Warnings
----------------------------------------------------------------------
o The zone contains more than one authoritative name server with the
same IP address
The name servers "srv5-poa.nutecnet.com.br." and
"dns-web.zaz.com.br.", which are authoritative for
"dixtal.com.br.", have the same IP address (200.176.131.9).
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011202063643.03e87b98>