Stephen Gran on 10 Apr 2005 15:46:56 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] DNS weirdness

On Sun, Apr 10, 2005 at 08:46:33AM -0400, Jeff Abrahamson said:
> I was getting DNS errors yesteray from exim but not from ping,
> mozilla, etc.
> My /etc/resolv.conf file looks like this (with the two commented lines
> uncommented):
>     search
>     domain
>     #nameserver
>     #nameserver
>     nameserver
>     nameserver
>     nameserver

Change to:

nameserver $authoritative
nameserver $secondary
nameserver $tertiary

(whichever of your internal namerservers this is correct for)

> The two commented lines are my ISP's DNS servers.
> With the two lines commented, exim -qff sent me errors like this:
>   Message 1DKSQ8-0007rI-00 has been frozen.
>   The sender is <>.
>   The following address(es) have yet to be delivered:
> lookup of host "" failed in smarthost router~

Odd, I would have thought exim just used gethostbyname() to resolve a
host, but maybe not.  It may be doing independent queries, which would
of course fail with external namerservers.

> With the two lines commented out, all works fine but perhaps a bit slower.
> I have /etc/hosts set up a bit excessively:
>	localhost
> asterix
> diderot
> gw
> lothlorian

I would remove this, except for local machine information.  So asterix's
hosts file would be reduced to localhost asterix
(and IPV6 info)

and so on for each machine.  This will prevent wierd failures if you
ever change DNS but forget to update /etc/hosts.

> And each of the 192.168 machines has a copy of the 192.168 DNS
> authority file.


> What I want to happen on my workstation is for lookups to proceed as
> follows:
>     - If has authority, it should answer.
>     - If it doesn't, it should ask the hosts listed in resolv.conf
>     - If that doesn't work (but something does), it's ok to query root
>       servers
> Any idea how to fix this?

In named.conf.options on the primary nameserver, you want:

forward first;
forwarders {;;

On the secondary and tertiary, you should add the primary nameserver as
the first forwarder.

Ensure zone transfers are working between machines, and make sure that
the primary recognizes itself as authoritative.
> BTW, regardless of resolv.conf comments above, dig tells me that it
> can't resolve "asterix" but it can resolve "" (an
> internal-only name, note, it should fail for you).  Any idea why?

dig doesn't honor the 'domain' option from resolv.conf - you have to use for that type of thing to work.  The host command
does, so it might be a better tool for non-FQDN tests.

|  Stephen Gran                  | Women are always anxious to urge        |
|             | bachelors to matrimony; is it from      |
| | charity, or revenge?   -- Gustave       |
|  			         | Vapereau                                |

Attachment: pgpplJrflvs3C.pgp
Description: PGP signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --