Help w/specific site after upgrade
Danny Mayer
mayer at gis.net
Sat Jul 20 13:30:06 UTC 2002
At 03:38 PM 7/19/02, Dawn Lovell wrote:
>On Thu, 18 Jul 2002, Simon Waters wrote:
> >Serial number 22, any bets they "upgraded" to NT DNS when you
> >upgraded BIND, or is that cynical ;)
>
>Heh. Cynical, maybe, but not implausible. :-)
>
> >The delegated servers vary between the parent and child<tsck
> >tsck>, and the child zones authoritative name server is
> >unreachable (on colo.sonicwall.com which appears to be private
> >address space). This typically manifests as domains that resolve
> >first time but not again, and other intermittent problems.
> >
> >The delegation of both the global and colo subdomains appear to
> >be completely wrong, in that they both point directly or
> >indirectly to servers on private address space, and leak private
> >address replies to the global Internet <tsck>.
>
>This is the classic stupid question, but... how does the primary
>DNS information (MNAME) in the SOA get used by the resolver? In
>concert somehow with the NS RRs or as more of a comment?
The SOA record is not used by a resolver. It only gets used by other
nameservers for zone transfer information for slaves and dynamic update
to find the real master for updating the zone.
>I didn't know if we could pin the issue entirely on their end,
>since we are consistently able to resolve the global.sonicwall.com
>sites using our test 9.2.1 DNS. I've restarted, flushed, etc.,
>and it resolves. I thought maybe it was something like the
>9.2.1 box keeping the positive result cached longer since it
>sees so little traffic, but it always gets the info again after
>I flush the cache.
BIND 9 properly implements query restart.
Danny
> >Oh well looks like the mail address will resolve, even if
> >www.sonicwall.com is unreachable - so if your lucky the
> >postmaster might check it out.
>
>One of our sonicwall users had a contact in their IT department,
>so we've passed along this info. Hopefully we'll hear back
>something from either that or the postmaster.
>
> >Do you want to buy a firewall from a company that understands
> >DNS, because I might be able to help you there ;)
>
>That would be supposing anyone asked my opinion about firewall
>software/hardware. ;-)
>
>Thanks, again! I really appreciate your time.
>
>Dawn
More information about the bind-users
mailing list