found host? host not found?
Michael Kjorling
michael at kjorling.com
Mon Dec 10 10:21:10 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Dec 10 2001 18:48 +0900, koji watanabe wrote:
> Hi!
>
> amateur question...
>
> We have a sparc-solaris8 box in named (8.1.2) and sendmail
> (8.9.3).
Upgrade. BIND 8.1.2 has several root exploits.
Also sendmail is at 8.12 by now, but that is nowhere near as critical
an upgrade as your BIND installation. Check
http://www.isc.org/products/BIND/bind-security.html
> Although we have to send e-mail to "name at domain.dom" everyday as
> a batch job,
> occasionally we find it haven't done.
>
> We know the other party's MX record that we want to send to,
> that is "exchanger.domain.dom."
>
> The other party's zone record is ,
>
> =============================================================
> $ORIGIN dom.
> domain IN SOA exchange.domain.dom. postmaster...
> IN NS exchanger.domain.dom.
> IN MX 10 exchanger.domain.dom.
>
> $ORIGIN domain.dom.
>
> exchanger IN A 192.168.10.10
> ==============================================================
>
> we want to send e-mail to "EXCHANGER.DOMAIN.DOM".
>
> according to sendmail log:
>
> =============================================================
> Nov 27 15:06:38 g-fw sendmail[16736]: [ID 801593 mail.info]
> BAA16730: to=<name at domain.dom>, delay=00:00:00,
> xdelay=00:00:00, mailer=smtp, relay=exchanger.domain.dom.,
> stat=Host unknown (Name server: exchanger.domain.dom.
> : host not found)
> =============================================================
>
> The quesion is ,
>
> Sendmail did not know that "domain.dom" 's MX is
> "EXCHANGER.DOMAIN.DOM" as long as he made inquire to nameserver.
> Because this is available only in nameserver, he has no hosts
> entry in local.
>
> But sendmail has judged "host not found" to the answer he got.
> why sendmail couldn't get IP address
>
> What happened?
>
> That means he was acquire "EXCHANGER.DOMAIN.DOM" as MX,
> but he can't getA record of that?
There is no "dom" TLD. According to dig:
; <<>> DiG 9.2.0 <<>> @a.root-servers.net. dom. ns +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55693
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;dom. IN NS
;; AUTHORITY SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET. nstld.verisign-grs.com. 2001120901 1800 900 604800 86400
;; Query time: 180 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net.)
;; WHEN: Mon Dec 10 11:18:38 2001
;; MSG SIZE rcvd: 96
If you obfuscated your log entries, zone file, host names and e-mail
address, and the problem is intermittent: check all delegated name
servers. There is no way anyone can help you with that unless you tell
us what your system sees.
Michael Kjörling
- --
Michael Kjörling -- Programmer/Network administrator ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE8FIybKqN7/Ypw4z4RAhWNAJ9npar63NOknM/xduWP8OuJPtFguwCg2lZF
sP9iG0BT+Mwl4hbfUYl4wp4=
=kDe1
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list