DNS probs
Brad Knowles
brad.knowles at skynet.be
Mon Mar 5 09:41:16 UTC 2001
At 8:29 PM -0700 3/4/01, Jeremy Gardner wrote:
> I do have one question about this then.
>
> Depending on where mail is being sent from, some goes directly to
> pierna.quetico.net, some goes to argo.quetico.net (the backup mail server
> for my domain).
In all likelihood, that's because some of those servers were
unable to contact your primary mail server, and therefore they sent
the mail to your backup.
> How come some servers are referencing the incorrect entries
> in sleepy.giant.net, whereas other servers dont' seem to pick up any
> reference to sleepy.giant.net at all?
You haven't checked your delegations, or the way your domain is
set up on the avalon.net nameservers, have you?
Here's what a typical root nameserver think about your domain:
$ dig @a.gtld-servers.net. quetico.net. any
; <<>> DiG 8.1 <<>> @a.gtld-servers.net. quetico.net. any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; quetico.net, type = ANY, class = IN
;; ANSWER SECTION:
quetico.net. 2D IN NS DNS1.AVALON.NET.
quetico.net. 2D IN NS DNS2.AVALON.NET.
;; AUTHORITY SECTION:
quetico.net. 2D IN NS DNS1.AVALON.NET.
quetico.net. 2D IN NS DNS2.AVALON.NET.
;; ADDITIONAL SECTION:
DNS1.AVALON.NET. 2D IN A 204.71.106.8
DNS2.AVALON.NET. 2D IN A 204.71.106.2
;; Total query time: 73 msec
;; WHEN: Mon Mar 5 04:51:45 2001
;; MSG SIZE sent: 29 rcvd: 137
However, when you ask the avalon.net nameservers, they provide a
different answer:
$ dig @dns1.avalon.net. quetico.net. any
; <<>> DiG 8.1 <<>> @dns1.avalon.net. quetico.net. any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 5, ADDITIONAL: 7
;; QUERY SECTION:
;; quetico.net, type = ANY, class = IN
;; ANSWER SECTION:
quetico.net. 12H IN MX 10 pierna.quetico.net.
quetico.net. 12H IN MX 20 argo.quetico.net.
quetico.net. 12H IN NS dns1.avalon.net.
quetico.net. 12H IN NS dns2.avalon.net.
quetico.net. 12H IN NS dns3.avalon.net.
quetico.net. 12H IN NS dns4.avalon.net.
quetico.net. 12H IN NS sleepy.giant.net.
quetico.net. 12H IN A 198.76.15.10
quetico.net. 12H IN SOA pierna.quetico.net.
jeremy.quetico.net. (
2001030300 ; serial
3H ; refresh
1H ; retry
1W ; expiry
12H ) ; minimum
;; AUTHORITY SECTION:
quetico.net. 12H IN NS dns1.avalon.net.
quetico.net. 12H IN NS dns2.avalon.net.
quetico.net. 12H IN NS dns3.avalon.net.
quetico.net. 12H IN NS dns4.avalon.net.
quetico.net. 12H IN NS sleepy.giant.net.
;; ADDITIONAL SECTION:
pierna.quetico.net. 12H IN A 198.76.15.10
argo.quetico.net. 12H IN A 204.71.106.169
dns1.avalon.net. 12H IN A 204.71.106.8
dns2.avalon.net. 12H IN A 204.71.106.2
dns3.avalon.net. 12H IN A 205.140.160.8
dns4.avalon.net. 12H IN A 205.140.160.9
sleepy.giant.net. 12H IN A 204.71.106.3
;; Total query time: 182 msec
;; WHEN: Mon Mar 5 04:53:45 2001
;; MSG SIZE sent: 29 rcvd: 424
You need to go back to the folks who operate the avalon.net
nameservers and get them to fix the way they're serving your zone,
and you should also get the delegation from the root nameservers
fixed so as to at least match the list of nameservers provided by
avalon.net.
If you had run the DNS debugging tool "doc" on this zone, you
would have quickly found out these differences, and you would have
been able to start working on getting them fixed immediately.
You can find the latest official version of "doc" that I have at
<http://www.shub-internet.org/brad/dns/index.html>. I haven't yet
updated "doc" to work with BINDv9, but I hope to be able to do this
soon. I also hope to be able to fully integrate all the
functionality of "doc" into Dave Barr's program "dnswalk" (another
good DNS debugging tool, although it requires the ability to do a
zone transfer of your data), so that we can reduce by one the number
of DNS debugging tools you need to be aware of.
--
======================================================================
Brad Knowles, <brad.knowles at skynet.be>
More information about the bind-users
mailing list