| Stephen Gran on 10 Apr 2005 15:46:56 -0000 |
|
On Sun, Apr 10, 2005 at 08:46:33AM -0400, Jeff Abrahamson said:
> I was getting DNS errors yesteray from exim but not from ping,
> mozilla, etc.
>
> My /etc/resolv.conf file looks like this (with the two commented lines
> uncommented):
>
> search purple.com
> domain purple.com
> #nameserver 204.183.80.2
> #nameserver 204.183.80.3
> nameserver 192.168.0.6
> nameserver 192.168.0.5
> nameserver 192.168.0.254
Change to:
search purple.com
domain purple.com
nameserver $authoritative
nameserver $secondary
nameserver $tertiary
(whichever of your internal namerservers this is correct for)
> The two commented lines are my ISP's DNS servers.
>
> With the two lines commented, exim -qff sent me errors like this:
>
> Message 1DKSQ8-0007rI-00 has been frozen.
> The sender is <jeff@purple.com>.
>
> The following address(es) have yet to be delivered:
> xxx@cs.drexel.edu: lookup of host "mail.purple.com" failed in smarthost router~
Odd, I would have thought exim just used gethostbyname() to resolve a
host, but maybe not. It may be doing independent queries, which would
of course fail with external namerservers.
> With the two lines commented out, all works fine but perhaps a bit slower.
>
> I have /etc/hosts set up a bit excessively:
>
> 127.0.0.1 localhost
> 192.168.0.6 asterix.purple.com asterix
> 192.168.0.5 diderot.purple.com diderot mail.purple.com
> 192.168.0.254 gw.purple.com gw
> 192.168.0.253 lothlorian.purple.com lothlorian
I would remove this, except for local machine information. So asterix's
hosts file would be reduced to
127.0.0.1 localhost
192.168.0.6 asterix.purple.com asterix
(and IPV6 info)
and so on for each machine. This will prevent wierd failures if you
ever change DNS but forget to update /etc/hosts.
> And each of the 192.168 machines has a copy of the 192.168 DNS
> authority file.
Good.
> What I want to happen on my workstation is for lookups to proceed as
> follows:
>
> - If 192.168.0.6 has authority, it should answer.
> - If it doesn't, it should ask the hosts listed in resolv.conf
> - If that doesn't work (but something does), it's ok to query root
> servers
>
> Any idea how to fix this?
In named.conf.options on the primary nameserver, you want:
forward first;
forwarders {
204.183.80.2;
204.183.80.3;
};
On the secondary and tertiary, you should add the primary nameserver as
the first forwarder.
Ensure zone transfers are working between machines, and make sure that
the primary recognizes itself as authoritative.
> BTW, regardless of resolv.conf comments above, dig tells me that it
> can't resolve "asterix" but it can resolve "asterix.purple.com" (an
> internal-only name, note, it should fail for you). Any idea why?
dig doesn't honor the 'domain' option from resolv.conf - you have to use
+domain=purple.com for that type of thing to work. The host command
does, so it might be a better tool for non-FQDN tests.
HTH,
--
--------------------------------------------------------------------------
| Stephen Gran | Women are always anxious to urge |
| steve@lobefin.net | bachelors to matrimony; is it from |
| http://www.lobefin.net/~steve | charity, or revenge? -- Gustave |
| | Vapereau |
--------------------------------------------------------------------------
Attachment:
pgpplJrflvs3C.pgp ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|