Date: Sat, 08 Sep 2001 11:13:04 -0500 From: Len Conrad <LConrad@Go2France.com> To: <freebsd-isp@freebsd.org> Subject: Re: Some problems with DNS server.. Message-ID: <5.1.0.14.0.20010908110243.0285ab68@mail.Go2France.com> In-Reply-To: <007101c1387f$dff71ac0$0200a8c0@lv> References: <5.1.0.14.0.20010908101920.02fe7740@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>nslookup -q=a www.astranet.lv ns1.astranet.lv
>*** Can't find server name for address 62.85.45.34: Non-existent host/domain
>*** Default servers are not available
> nslookup -q=ptr 34.45.85.62.in-addr.arpa. ns1.astranet.lv
>*** Can't find server name for address 62.85.45.34: Non-existent host/domain
>*** Default servers are not available
I said: use dig, not nslookup
>You see, the main problem is, that our nameserver doesn't responds properly,
>as far as i'm concerned.
use dig, your concerns, if any remain with dig, will be better founded
>Ok, I'm not the authority for 45.85.62 zone yet with my ns1.astranet.lv.
>ns3.delfi.lv is supposed to be a secondary for that zone, as soon as i
>finish my configuration. But I am the authority for astranet.lv domain, so
>this must be ok, but it isn't.
nslookup stupidly requires the queried NS to have PTR record.
forward and reverse authority are totally independent.
; <<>> DiG 8.3 <<>> astranet.lv any
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3
;; QUERY SECTION:
;; astranet.lv, type = ANY, class = IN
;; ANSWER SECTION:
astranet.lv. 30M IN NS ns1.astranet.lv.
astranet.lv. 30M IN NS ns2.astranet.lv.
astranet.lv. 1d23h21m48s IN SOA ns1.astranet.lv.
hostmaster.astranet.lv.astranet.lv. (
2001090800 ; serial
1D ; refresh
2H ; retry
5w6d16h ; expiry
2D ) ; minimum
(note: the last field in SOA is now negative TTL, no longer zone default TTL)
astranet.lv. 2d23h21m48s IN MX 9 mail.astranet.lv.
;; AUTHORITY SECTION:
astranet.lv. 30M IN NS ns1.astranet.lv.
astranet.lv. 30M IN NS ns2.astranet.lv.
;; ADDITIONAL SECTION:
ns1.astranet.lv. 30M IN A 62.85.45.34
ns2.astranet.lv. 30M IN A 62.85.45.35
mail.astranet.lv. 2d23h2m58s IN A 62.85.45.36
;; Total query time: 197 msec
;; FROM: Lists.Opt-In4Email.com to SERVER: default -- 209.25.194.212
;; WHEN: Sat Sep 8 12:04:02 2001
;; MSG SIZE sent: 29 rcvd: 221
Since your NS has not been delegated reverse zone authority from delfi and
there is no PTR for your ipīs, nslookup fails.
>Anyway, dig DOES a greater output where everythings allright..
>I still can't get it. So, maybe there is a problem with /etc/resolv.conf?
nope
> or
>with /etc/namedb/named.conf?
nope, but have you turned on logging to see what errors you have and what
queries bind is seeing?
> /etc/namedb/named.root?
nope
> /etc/namedb/zone file?
stay with dig. Hereīs a zone analysis
Errors
----------------------------------------------------------------------
o Non-authoritative data received from the server "ns2.astranet.lv."
The server "ns2.astranet.lv." is listed as being authoritative
for the domain, but it does not contain authoritative data for it.
o Only one of your name servers has autoritative data for the zone.
The server "ns1.astranet.lv." is the only server that has
authoritaive data for the zone. If this server becomes
unavailable, your domain will become inacessible.
o The hostmaster address "hostmaster.astranet.lv@astranet.lv" does
not exist.
None of the mail servers for "astranet.lv." recognized the
hostmaster address "hostmaster.astranet.lv@astranet.lv"
Warnings
----------------------------------------------------------------------
o The name server "ns1.astranet.lv." does not permit zone transfers
The name server "ns1.astranet.lv." has been configured to reject
unauthorized zone transfers and the application will not be able
to use data from this server while analyzing the zone.
o Zone transfer from authoritative servers not possible
It was not possible to perform a zone transfer from any of the
authoritative name servers for the zone. This will limit the
range of tests performed for the zone.
o The TTL field in the SOA record contains an unusually high value
The value 259200 of the TTL field in the SOA record is unusually
high. The value for this field should be within the range 3600 -
172800.
o The TTL value 259200, in the A record "ns2.astranet.lv." is rather
high
The TTL value 259200, used in the A record "ns2.astranet.lv.", is
unusually high. The TTL value should be within the range 3600 -
172800.
o The TTL value 259200, in the A record "ns1.astranet.lv." is rather
high
The TTL value 259200, used in the A record "ns1.astranet.lv.", is
unusually high. The TTL value should be within the range 3600 -
172800.
o The TTL value 259200, in the A record "mail.astranet.lv." is rather
high
The TTL value 259200, used in the A record "mail.astranet.lv.",
is unusually high. The TTL value should be within the range 3600
- 172800.
o The TTL value 259200, in the NS record "astranet.lv." is rather high
The TTL value 259200, used in the NS record "astranet.lv.", is
unusually high. The TTL value should be within the range 3600 -
172800.
o The TTL value 259200, in the MX record "astranet.lv." is rather high
The TTL value 259200, used in the MX record "astranet.lv.", is
unusually high. The TTL value should be within the range 3600 -
172800.
o There is only one MX record in the zone
The zone contains only one MX record. This will cause mail
delivery problems if the primary mail server becomes unavailable.
For safety purposes, there should be two or more mail servers for
every zone, the extra mail servers being used as backup
(secondary) servers for the primary server.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010908110243.0285ab68>