"sysquery" error

Larry Sheldon lsheldon at creighton.edu
Wed Dec 13 22:25:19 UTC 2000 

Jim Reid <jim at rfc1035.com> said (in part)

[my error and comments about it deleted]

> Well, that may have been one explanation for the error. However some
> of the other creighton.edu name servers still have an NS record for
> the zone pointing at bluebird1.creighton.edu. They think that this
> non-existent name is a name server for creighton.edu. In fact your
> name servers are currently advertising three different serial numbers
> for this zone. Here's the list:

Some of those don't point to the real "primary" so they are usually a half-
hour or so behind the rest of them--leftovers from a past overload problem
on the real primary--I probably ought to go clean that up--I'd forgotten
about it.

[list deleted]

> Providing 15 NS records for your zone is way over the top. There are
> just 13 NS records for the internet root zone, which is much, much
> more in demand than your zone ever will be. It probably doesn't do you
> a lot of good to list so many name servers.

I've been both ways about that and don't really know what the "right"
answer is, and I always welcome comments.

My most recent "think" about it is that by listing them all I at worst do
no harm and might in fact spread the work around--but I may not know enough
about the innards of these critters to even be wrong.

As far as the "public" list is concerned, I think I only have four listed,
the primary here, two secondaries at Qwest-was-USWest (used to be our ISP and
still has a lot of Creighton folk among their dial-up accounts (and they wanted
to have two--and keep them) and one at GreatPlains who is upstream of
us a ways and is sort of one of several ISP's (that's complicated and not
relevant here, I think.

> [By all means have 15 or
> more local name servers for your zone(s) if you like, but you don't
> have to supply NS records for every single one of them.] What's worse
> is that all of the advertised name servers for creighton.edu are on
> the same net, an obvious single point of failure. Please read RFC2182:
> Selection and Operation of Secondary DNS Servers.

If I understand this stuff at all--that isn't quite right--depending on what
you mean by "advertized".  I have not looked for a couple of weeks, but I think
the registration at NSI shows the four I mentioned above which puts one
here, one in Denver, one somewhere else in Omaha (dunno where, actually.  Not
even sure it is here--might be in Minneappolis), and one is in (I think) 
Manhattan.

>  You've also ignored
> the NS records that are in the .edu zone for your delegation. These
> should be present in the zone file for creighton.edu. The parent
> zone's NS records should be a subset of the ones put in the zone
> file of the delegated zone.

That worries me because that is the way I thought it was--I'll double check
that in a bit.

>     Larry> The question now is--how would I know that from the error
>     Larry> message--I found it by desk-checking everything I did
>     Larry> (should have done)--a brute-force kind of thing.
> 
> Your question is a hard one to answer. I don't think anyone here can
> tell you how you would know anything. Could you tell me how I would
> know the capital of Turkmenistan? :-) 

I'd look it up in one of several books at my disposal.

None of them mention "sysquery".

> The error message is saying your name server was told that
> bluebird1.creighton.edu was a name server for some zone. ie an NS
> record exists for it somewhere. But when your server tried to lookup
> that name to get its address, an NXDOMAIN - no such host/domain -
> error was returned.

That matches what I found serendipitously.  Does "sysquery" or "findns error"
always mean that?

> As for figuring out the error message, you could have checked the list
> archives at www.isc.org. Questions about findns errors crop up every

My bad--I didn't think to check there and should have.

> week or so. There's also an a-z of common BIND error messages on
> Cricket Liu's web site. Details of that are posted here often. The URL
> is:
> 	http://www.acmebw.com/askmrdns/bind-messages.htm.

Ha!  I'll bet that is the one.  But I was poking there the other day about
what ever the idiot question of the day was then and that site seems to be
collapsing since they sold out.  But I should have looked.

> A Frequently Asked Questions (FAQ) list is available at:
> 	http://www.nominum.com/resources/faqs/bind-faq.html
> though the question about findns errors hasn't been asked often enough
> yet to make that list.

Thanks for the help.


--
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
.                                                                       .
- L. F. (Larry) Sheldon, Jr.                                            -
. Unix Systems and Network Administration                               .
- Creighton University Computer Center-Old Gym                          -
. 2500 California Plaza                                                 .
- Omaha, Nebraska, U.S.A.  68178       Two identifying characteristics  -
. lsheldon at creighton.edu                  of System Administrators:     .
- 402 280-2254 (work)                Infallibility, and the ability to  -
. 402 681-4726 (cellular)               learn from their mistakes.      .
- 402 332-4622 (residence)                                              -
. http://www.creighton.edu/~lsheldon    Adapted from Stephen Pinker     .
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-

More information about the bind-users mailing list