"sysquery" error

Jim Reid jim at rfc1035.com
Wed Dec 13 21:59:33 UTC 2000 

>>>>> "Larry" == Larry Sheldon <lsheldon at creighton.edu> writes:

    >> I am getting the following error message every few seconds on
    >> my primary for "creighton.edu".
    >> 
    >> The exact error message is:
    >> 
    >> Dec 13 14:03:08 cuname named[25928]: sysquery: findns error (NXDOMAIN) on bluebird1.creighton.edu?

    Larry> I think I now know what was causing it--
    Larry> my 134.147.in-addr.arpa zone still listed
    Larry> "bluebird1.creighton.edu" as a NS--should have been changed
    Larry> to show the delegation.

Well, that may have been one explanation for the error. However some
of the other creighton.edu name servers still have an NS record for
the zone pointing at bluebird1.creighton.edu. They think that this
non-existent name is a name server for creighton.edu. In fact your
name servers are currently advertising three different serial numbers
for this zone. Here's the list:

parrot.creighton.edu.		2000220946
penguin.creighton.edu.		2000220945
pigeon.creighton.edu.		2000220946
robin1.creighton.edu.		2000220946
bluejay.creighton.edu.		2000220946
bluebird.creighton.edu.		2000220946
bluebird1.ad.creighton.edu.	2000220946
cuname.creighton.edu.		2000220946
dove.creighton.edu.		2000220946
eagle.creighton.edu.		2000220946
finch.creighton.edu.		2000220943
gross.creighton.edu.		2000220946
lark.creighton.edu.		2000220946
mailjay.creighton.edu.		2000220946
marian.creighton.edu.		Operation timed out

Providing 15 NS records for your zone is way over the top. There are
just 13 NS records for the internet root zone, which is much, much
more in demand than your zone ever will be. It probably doesn't do you
a lot of good to list so many name servers. [By all means have 15 or
more local name servers for your zone(s) if you like, but you don't
have to supply NS records for every single one of them.] What's worse
is that all of the advertised name servers for creighton.edu are on
the same net, an obvious single point of failure. Please read RFC2182:
Selection and Operation of Secondary DNS Servers. You've also ignored
the NS records that are in the .edu zone for your delegation. These
should be present in the zone file for creighton.edu. The parent
zone's NS records should be a subset of the ones put in the zone
file of the delegated zone.

    Larry> The question now is--how would I know that from the error
    Larry> message--I found it by desk-checking everything I did
    Larry> (should have done)--a brute-force kind of thing.

Your question is a hard one to answer. I don't think anyone here can
tell you how you would know anything. Could you tell me how I would
know the capital of Turkmenistan? :-) 

The error message is saying your name server was told that
bluebird1.creighton.edu was a name server for some zone. ie an NS
record exists for it somewhere. But when your server tried to lookup
that name to get its address, an NXDOMAIN - no such host/domain -
error was returned.

As for figuring out the error message, you could have checked the list
archives at www.isc.org. Questions about findns errors crop up every
week or so. There's also an a-z of common BIND error messages on
Cricket Liu's web site. Details of that are posted here often. The URL
is:
	http://www.acmebw.com/askmrdns/bind-messages.htm.
A Frequently Asked Questions (FAQ) list is available at:
	http://www.nominum.com/resources/faqs/bind-faq.html
though the question about findns errors hasn't been asked often enough
yet to make that list.

More information about the bind-users mailing list