From owner-freebsd-net@FreeBSD.ORG Sat Feb 18 06:24:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDE1D16A420 for ; Sat, 18 Feb 2006 06:24:32 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 4AAB243D45 for ; Sat, 18 Feb 2006 06:24:32 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 27351 invoked by uid 399); 18 Feb 2006 06:24:31 -0000 Received: from localhost (HELO ?192.168.1.100?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 18 Feb 2006 06:24:31 -0000 Message-ID: <43F6BD9D.9080500@FreeBSD.org> Date: Fri, 17 Feb 2006 22:24:29 -0800 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5 (X11/20060112) MIME-Version: 1.0 To: tpeixoto@widesoft.com.br References: <59893.200.230.201.250.1140195150.squirrel@www.widemail.com.br> In-Reply-To: <59893.200.230.201.250.1140195150.squirrel@www.widemail.com.br> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: bind9 + host command issue in FreeBSD-5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Feb 2006 06:24:32 -0000 tpeixoto@widesoft.com.br wrote: > Hello all! > > I am not sure if this is the right place to discuss this issue For future reference, the bind-users list at ISC is probably a better forum, but this is as good as any. :) > but I am > experiencing strange behaviour with bind9 + host command with some domains > that bind are _not_ authoritative I assume you mean domains for which you are not authoritative, in other words, domains you have no control over. > as the following example: > > # uname -a > FreeBSD server2.mydomain.com.br 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed > Feb 1 22:18:04 BRST 2006 > root@server2.mydomain.com.br:/usr/src/sys/i386/compile/SERVER2 i386 > > # named -v > BIND 9.3.1 When 5.5-RELEASE comes out (or better yet, 6.1-RELEASE) you should seriously consider upgrading. If you are doing anything mission critical that depends on DNS, BIND 9.3.2 is going to be an improvement for you. > # host cauexcnt001smtp.unibanco.com.br. > cauexcnt001smtp.unibanco.com.br has address 200.174.81.116 > Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL) The second line is caused because there is no AAAA record for that hostname, and by default host always queries for one. You can see that things are fine with the hostname itself by using 'host -t a', or by using dig as you did below. FYI, if you need to do any kind of serious DNS debugging, dig is always the best tool to use. The host command is best for simple lookups when you just need the answer. > That's the problem! host command replies with SERVFAIL. This also causes > sendmail to raise "host name lookup failure" and not deliver the messages. sendmail does not use the host command. The most likely cause for this failure is that the A record for cauexcnt001smtp.unibanco.com.br has a 0 second TTL, which is not only stupid, it's extremely unfriendly. It's also possible that your system has IPv6 support enabled, but you don't have IPv6 connectivity, and/or your sendmail is configured to use (or prefer) IPv6 addresses. Also, if you have any input into the operation of this zone, suggest that they increase the TTL, and add an MX record for that hostname (even if it points to itself). > The strange thing is that nslookup and dig work correctly: The reason that the other versions you tried don't show that error is that they do not have the same "aggressive" search for AAAA records that BIND 9.3.x does. Whether this is a good thing or not, and what should be printed if there is no record is up for debate. That would be a topic for the bind-users list. Doug -- This .signature sanitized for your protection