FW: "no data known" vrs "host not found"

James Griffin agriffin at cpcug.org
Tue Mar 26 22:40:26 UTC 2002 

admjcd wrote:
> 
> The DNS servers are Bind 9 I think. Can I tell from nslookup from a windows command prompt?
> 
Yes, use the following:

$ nslookup
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> server sparta.athena.inc       <-  PUT THE NAME OF YOUR SERVER HERE
Default server: sparta.athena.inc
Address: 192.168.1.8#53
> set type=txt
> set class=chaos
> version.bind.
Server:         sparta.athena.inc
Address:        192.168.1.8#53

version.bind    text = "9.2.1rc1"
>

The version of 'doc' that I used asked for version.bind of the name
servers.  Here is what was reported (note that the reported version can
be anything the hostmaster wants it to be):

dsn1.dot.gov.		qddns 3.0  -> BIND 8.2.2-P5/7 depending upon Build level
dns2.dot.gov.		qddns 3.0
rns.dot.gov.		qddns 3.0
nsdc.ba-dsg.net.	8.2.5-rel
auth120.ns.uu.net.	refused

Visit http://www.isc.org/products/BIND/bind-security.html for comments
about 8.2.2-P[5-7].

> Yes, its sendmail and this is from a message header:  (8.8.8/1.1.22.3/21May99-0417PM) that says the version right?
> 

Assuming that the $v/$Z macros are not redefined, this is not good.  The
8.8.8 version was released in Oct. 1997 and there have been many
security, anti-spam, and other imporvements since then.  I have not
looked at all of the DNS/MX/CNAME related changes, but it is possible
that there are fixes/changes related to the original problem.  For
example:

        If TryNullMXList is True and there is a temporary DNS failure
                looking up the hostname, requeue the message for a later
                attempt.  Problem noted by Ari Heikkinen of Pohjois-Savo
                Polytechnic.
        If a resolver ANY query is larger than the UDP packet size, the
                resolver will fall back to TCP.  However, some
                misconfigured firewalls black 53/TCP so the ANY lookup
                fails whereas an MX or A record might succeed. 
Therefore,
                don't fail on ANY queries.

Visit http://www.sendmail.org/faq/section2.html#2.7 and the following
parpgraph (2.8).

> There are Two DNS servers with one set up as a backup. I am actually the mail person and run our Exchange servers but our DNS peolple handle the sendmail server. They do not like that I am pressing this issue, but the customers call me when the mail fails.

They may not like my observations, but they need to apply maintenance to
both the DNS and the sendmail services. 

Regards,
Jim

P.S. Apologies to Berry for not deleting your email address.  Sorry.
> 
> Also I did some research on "negative Caching" and found this :
> 
[snip this and 'doc' summaries]

More information about the bind-users mailing list