urgent dig or nslookup my MX

Simon Waters Simon at wretched.demon.co.uk
Fri Jan 3 18:55:02 UTC 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nilesh Naik wrote:
| Hi thanks
|
|    we are not having all the server at the end of the
| one single link , we are having around 6 links all
| from different providers and different location ,
| redundent electricity suppy , red routers everything

Extract of "dig worldgate.co.in ns" gives;

;; ANSWER SECTION:
worldgate.co.in.        86184   IN      NS      ns1.worldgate.co.in.
worldgate.co.in.        86184   IN      NS      ns2.worldgate.co.in.

;; ADDITIONAL SECTION:
ns1.worldgate.co.in.    86184   IN      A       203.109.64.23
ns2.worldgate.co.in.    86184   IN      A       203.109.64.24

Correctly behaving BIND 9 servers see only 2 good servers which
look to be on adjacent IP addresses in the same routing block,
and connectivity issues with this block and your domain is toast.

You delegation is messy as "doc" indicates. I would change the
delegation from co.in servers to point to nsX.wordgate.co.in,
making it "inbaliwick", but it is probably quicker and good
enough to change the zone to use the name used by the co.in
delegation. In nothing else consistency here will make life so
much easier for troubleshooting.

I run BIND 9.2.2rc1 on Redhat, but 9.2.1 was fine, I wouldn't
run BIND 8, nor older versions of 9.

I don't understand what your time out issues are, and rather
than a detailed debug start with what query precisely you are
issuing and how, the failure or error message in full, and if
relevant the named.conf file from the server in question.

Whilst failure to answer 1 or 2 times in a 100 is not great, it
should not affect the availability of your zone, as you have two
servers, and a failure of one to answer should be dealt with by
a query to the other, if the failures occur on both servers you
still have a service failure rates of less than 1 in 2500,
assuming the failure is due to uncorrelated events.

Thus this really shouldn't be the cause of any significant
service issue.

I wouldn't run recursion and authoritative answers on the same
server, and I'd also prefer not to run a mail server on an
authoritative DNS server. I'd speak with your worldgate
colleagues elsewhere in the globe and get an off network
secondary - doesn't seem as if worldgate is short on DNS servers
- - indeed a little rationalisation might be just the thing.

~ Simon, needing more input to make a specific diagnosis

Doc output extract.....

Authoritative domain (worldgate.co.in.) servers agree on NS for
worldgate.co.in.
~  === match NS list from parent (co.in.) servers
NS list summary for worldgate.co.in. from authoritative servers
~  == ns1.worldgate.co.in. ns2.worldgate.co.in.
ERROR: ns1.worldgatein.com. claims to be authoritative, but does
not appear in
NS list from authoritative servers
ERROR: ns2.worldgatein.com. claims to be authoritative, but does
not appear in
NS list from authoritative servers
Checking 1 potential addresses for hosts at worldgate.co.in.
~  == 203.109.64.23
in-addr PTR record found for 203.109.64.23
Summary:
~   ERRORS found for worldgate.co.in. (count: 3)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+FdyCGFXfHI9FVgYRAoabAKDV+wSuxqA4r63gDySfnPqD6/nhqACgwgGX
DTNhQp4Up6nUOHIm8cRa/nw=
=qe+m
-----END PGP SIGNATURE-----

More information about the bind-users mailing list