max-ncache-ttl
England, Robert
england at northamerica.exchange.agere.com
Fri Nov 9 21:22:49 UTC 2001
The mailq shows host name lookup failures. Some of the domains are valid but
no MX record.
How can I tell?
Below are cache dumps from different times. The first two are from our
Internal DNS servers that that handle all external DNS queries. At that
particular point in time both DNS server could find the Domain, the NS, A
and MX records. The third one is from the same server as #1 but at a
different time. What does the LAME= mean? I was not able to lookup the A
record or the MX record.
1. From DNS server #1
samsung 3656 IN NS nic.samsung.co.kr. ;Cr=answer [203.255.234.103]
3656 IN NS red.samsung.co.kr. ;Cr=answer [203.255.234.103]
3656 IN NS green.samsung.co.kr. ;Cr=answer [203.255.234.103]
43161 IN A 203.254.192.15 ;Cr=answer [203.241.135.135]
57675 IN MX 0 imail00.samsung.co.kr.;Cr=answer [203.241.135.135]
2. From DNS server #2
samsung 2203 IN NS nic.samsung.co.kr. ;Cr=addtnl [203.248.240.141]
2203 IN NS red.samsung.co.kr. ;Cr=addtnl [203.248.240.141]
2203 IN NS green.samsung.co.kr. ;Cr=addtnl [203.248.240.141]
43169 IN A 203.254.192.15 ;Cr=answer [203.241.135.130]
43188 IN MX 0 imail00.samsung.co.kr.;Cr=answer [203.241.135.130]
3. From DNS server #1 At a different time
samsung 3138 IN NS nic.samsung.co.kr. ;Cr=addtnl LAME=158 [203.255.234.103]
3138 IN NS red.samsung.co.kr. ;Cr=addtnl LAME=157 [203.255.234.103]
3138 IN NS green.samsung.co.kr.;Cr=addtnl LAME=158 [203.255.234.103]
Performing a nslookup in debug mode I get the following. The below lookups
gave me results #3 above. What does the SERVFAIL really mean? This has
been an intermittent issue for the past month or so.
Thanks for your help
RCE
> samsung.co.kr.
Server: rootdns1.agere.com
Address: 192.19.192.98
;; res_nmkquery(QUERY, samsung.co.kr, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 27819, rcode = SERVFAIL
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
samsung.co.kr, type = A, class = IN
------------
*** rootdns1.agere.com can't find samsung.co.kr.: Server failed
> set type=mx
> samsung.co.kr.
Server: rootdns1.agere.com
Address: 192.19.192.98
;; res_nmkquery(QUERY, samsung.co.kr, IN, MX)
------------
Got answer:
HEADER:
opcode = QUERY, id = 44586, rcode = SERVFAIL
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
samsung.co.kr, type = MX, class = IN
------------
*** rootdns1.agere.com can't find samsung.co.kr.: Server failed
> set type=any
> samsung.co.kr.
Server: rootdns1.agere.com
Address: 192.19.192.98
;; res_nmkquery(QUERY, samsung.co.kr, IN, ANY)
------------
Got answer:
HEADER:
opcode = QUERY, id = 44587, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 3, authority records = 3, additional = 3
QUESTIONS:
samsung.co.kr, type = ANY, class = IN
ANSWERS:
-> samsung.co.kr
nameserver = nic.samsung.co.kr
ttl = 3205 (53m25s)
-> samsung.co.kr
nameserver = red.samsung.co.kr
ttl = 3205 (53m25s)
-> samsung.co.kr
nameserver = green.samsung.co.kr
ttl = 3205 (53m25s)
AUTHORITY RECORDS:
-> samsung.co.kr
nameserver = nic.samsung.co.kr
ttl = 3205 (53m25s)
-> samsung.co.kr
nameserver = red.samsung.co.kr
ttl = 3205 (53m25s)
-> samsung.co.kr
nameserver = green.samsung.co.kr
ttl = 3205 (53m25s)
ADDITIONAL RECORDS:
-> nic.samsung.co.kr
internet address = 203.241.132.34
ttl = 299 (4m59s)
-> red.samsung.co.kr
internet address = 203.241.135.130
ttl = 54764 (15h12m44s)
-> green.samsung.co.kr
internet address = 203.241.135.135
ttl = 48523 (13h28m43s)
------------
Non-authoritative answer:
samsung.co.kr
nameserver = nic.samsung.co.kr
ttl = 3205 (53m25s)
samsung.co.kr
nameserver = red.samsung.co.kr
ttl = 3205 (53m25s)
samsung.co.kr
nameserver = green.samsung.co.kr
ttl = 3205 (53m25s)
Authoritative answers can be found from:
samsung.co.kr
nameserver = nic.samsung.co.kr
ttl = 3205 (53m25s)
samsung.co.kr
nameserver = red.samsung.co.kr
ttl = 3205 (53m25s)
samsung.co.kr
nameserver = green.samsung.co.kr
ttl = 3205 (53m25s)
nic.samsung.co.kr
internet address = 203.241.132.34
ttl = 299 (4m59s)
red.samsung.co.kr
internet address = 203.241.135.130
ttl = 54764 (15h12m44s)
green.samsung.co.kr
internet address = 203.241.135.135
ttl = 48523 (13h28m43s)
Looks good here!
-----Original Message-----
From: Simon Waters [mailto:Simon at wretched.demon.co.uk]
Sent: Friday, November 09, 2001 12:31 PM
To: undisclosed-recipients; undisclosed-recipients;
@isc.org at alerelay.agere.com
Subject: Re: max-ncache-ttl
"England, Robert" wrote:
>
> If decreasing the time for the negative cache is not a good thing, any
ideas
> of what I can do to help us resolve the domain names. We have mail that
sits
> in the queues. We have a current db.cache file. Could the problems be
> Internet Latency?
What Barry is saying is that the symptom you describe is because
the domains or DNS are set up wrong, and may have nothing to do
with the server that is resolving them. If you have high
latency, you fail to get an answer, this isn't cached (Although
BIND remembers if a server is particularly slow in responding so
it can try others first).
NXDOMAIN is only cached if something tells you that a domain
doesn't exist. So reducing max-ncache-ttl may help you requery
one of the servers that is working correctly, but it doesn't fix
the broken servers.
Mail sitting in queues should be a DIFFERENT problem, and not
caused by NXDOMAIN responses.
If I mail fred at nonesuchdomain.com I get an NXDOMAIN from one of
the GTLD-SERVERS.NET.
Immediately my mailer gives up and says;
<fred at nonesuchdomain.com>: Name service error for
nonesuchdomain.com: Host not found
Why would a mailer hang on to mail for a domain that doesn't
exist? It can never be delivered? (Unless someone registers
nonesuchdomain.com, and sets the DNS up shortly after you sent
the message ;).
Are you sure your getting NXDOMAIN, and not some other error?
What does "mailq" show?
More information about the bind-users
mailing list