Dubugging question
Bill Moseley
moseley at hank.org
Wed Aug 2 14:29:25 UTC 2000
I was trying to send mail to ci.cerritos.ca.us, and my DNS was failing to
lookup the MX. I was failing to connect to either listed name server (one
had !H in a traceroute, and the other was just not responding).
First, look up the names of their DNS servers:
lii at mardy:~ > dig ci.cerritos.ca.us ns
;; ANSWER SECTION:
ci.cerritos.ca.us. 14m11s IN NS noc.cerf.net.
ci.cerritos.ca.us. 14m11s IN NS ns2.ci.cerritos.ca.us.
Now try to get info from them:
> dig ci.cerritos.ca.us @noc.cerf.net mx
;; res_nsend to server noc.cerf.net 192.153.156.22: Connection timed out
> dig ci.cerritos.ca.us @ns2.ci.cerritos.ca.us mx
; <<>> DiG 8.2 <<>> ci.cerritos.ca.us @ns2.ci.cerritos.ca.us mx
;; res_nsend to server ns2.ci.cerritos.ca.us 192.6.4.2: Connection timed out
Now the interesting thing was that mail was going to another domain that is
hosted by ci.cerritos.ca.us - infopeople.org:
> dig infopeople.org ns
;; ANSWER SECTION:
infopeople.org. 23h58m34s IN NS NOC.CERF.NET.
infopeople.org. 23h58m34s IN NS SMTP.CI.CERRITOS.CA.US.
Ok now go back and try smtp.ci.cerritos.ca.us for ci.cerritos.ca.us and I
get "aa" flag back, but note the NS RRs.
> dig ci.cerritos.ca.us mx @smtp.ci.cerritos.ca.us
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUERY SECTION:
;; ci.cerritos.ca.us, type = MX, class = IN
;; ANSWER SECTION:
ci.cerritos.ca.us. 1H IN MX 10 mail.ci.cerritos.ca.us.
;; AUTHORITY SECTION:
ci.cerritos.ca.us. 1H IN NS ns2.ci.cerritos.ca.us.
ci.cerritos.ca.us. 1H IN NS noc.cerf.net.
So SMTP is authoritative but not listed as a NS. Is this considered a
stealth slave? What's the point of running like this since
SMTP.ci.cerritos.ca.us is advertised in other zones?
(And if they have such bad connectivitity with ns2 and noc why only use one
hour for their ttls?)
Thanks,
Bill Moseley
mailto:moseley at hank.org
More information about the bind-users
mailing list