Date: Fri, 17 Feb 2006 22:24:29 -0800 From: Doug Barton <dougb@FreeBSD.org> To: tpeixoto@widesoft.com.br Cc: freebsd-net@freebsd.org Subject: Re: bind9 + host command issue in FreeBSD-5.4 Message-ID: <43F6BD9D.9080500@FreeBSD.org> In-Reply-To: <59893.200.230.201.250.1140195150.squirrel@www.widemail.com.br> References: <59893.200.230.201.250.1140195150.squirrel@www.widemail.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
tpeixoto@widesoft.com.br wrote:
> Hello all!
>
> I am not sure if this is the right place to discuss this issue
For future reference, the bind-users list at ISC is probably a better forum,
but this is as good as any. :)
> but I am
> experiencing strange behaviour with bind9 + host command with some domains
> that bind are _not_ authoritative
I assume you mean domains for which you are not authoritative, in other
words, domains you have no control over.
> as the following example:
>
> # uname -a
> FreeBSD server2.mydomain.com.br 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed
> Feb 1 22:18:04 BRST 2006
> root@server2.mydomain.com.br:/usr/src/sys/i386/compile/SERVER2 i386
>
> # named -v
> BIND 9.3.1
When 5.5-RELEASE comes out (or better yet, 6.1-RELEASE) you should seriously
consider upgrading. If you are doing anything mission critical that depends
on DNS, BIND 9.3.2 is going to be an improvement for you.
> # host cauexcnt001smtp.unibanco.com.br.
> cauexcnt001smtp.unibanco.com.br has address 200.174.81.116
> Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL)
The second line is caused because there is no AAAA record for that hostname,
and by default host always queries for one. You can see that things are fine
with the hostname itself by using 'host -t a', or by using dig as you did
below. FYI, if you need to do any kind of serious DNS debugging, dig is
always the best tool to use. The host command is best for simple lookups
when you just need the answer.
> That's the problem! host command replies with SERVFAIL. This also causes
> sendmail to raise "host name lookup failure" and not deliver the messages.
sendmail does not use the host command. The most likely cause for this
failure is that the A record for cauexcnt001smtp.unibanco.com.br has a 0
second TTL, which is not only stupid, it's extremely unfriendly. It's also
possible that your system has IPv6 support enabled, but you don't have IPv6
connectivity, and/or your sendmail is configured to use (or prefer) IPv6
addresses. Also, if you have any input into the operation of this zone,
suggest that they increase the TTL, and add an MX record for that hostname
(even if it points to itself).
> The strange thing is that nslookup and dig work correctly:
The reason that the other versions you tried don't show that error is that
they do not have the same "aggressive" search for AAAA records that BIND
9.3.x does. Whether this is a good thing or not, and what should be printed
if there is no record is up for debate. That would be a topic for the
bind-users list.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F6BD9D.9080500>