Sorry, that should be "listening on 192.168.1.1 *AND* the ISP's forwarder,
thus allowing for domainname.xxx to be referred to bind 8.2.3 (127.0.0.1)
and all external to be forwarded to our ISP's round-robin DNS system.
Craig Foster
-----Original Message-----
From: Craig Foster [mailto:[EMAIL PROTECTED]]
Sent: Friday, 23 February 2001 6:13 PM
To: Gordon Rowell
Cc: E-smith developers list
Subject: RE: [e-smith-devinfo] DNS problems?
On one 4.1.1 machine I have Bind 8.2.2 and on the other (same ISP
different connection) I have e-smith-named running on 127.0.0.1, and dnrd
running on 192.168.1.1 the ISP's forwarder. I'm trialling which system
works best, and what sites I have trouble with. I hope to report these
results shortly...
Craig Foster
> -----Original Message-----
> From: Gordon Rowell [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 23 February 2001 2:51 PM
> To: Rob Adams
> Cc: E-smith developers list
> Subject: Re: [e-smith-devinfo] DNS problems?
>
>
> On Fri, Feb 23, 2001 at 09:30:17AM +0930, Rob Adams
> <[EMAIL PROTECTED]> wrote:
> > I think you will find this is a common named problem, I have
> seen similar
> > instances on a default RedHat 7.0 installation (with named update).
>
> This may be true, but I'd like to see evidence. Most common named
> problems are not actually named, but misconfigured DNS at the remote
site.
> People are often tempted to blame named for DNS configuration errors.
>
> I am not a fan of BIND, and we intend to move to djbdns in the future.
> This will add security and robustness, but will not fix broken remote
> sites.
>
> In my former life I did a lot of DNS consulting (and have
> written various DNS tools). Many sites (dare I say most) have poorly
> configured DNS, which can be picked up with the tools on
www.dns.net/dnsrd
>
> The resip.ssga.com domain mentioned by Dan appears to be broken - the
two
> listed nameservers return failures when asked for NS or SOA records for
> that domain.
>
> The only way to diagnose DNS errors is to do an exhaustive tree walk
> to ensure all delegations are correct. It is amazing how often this
shows
> up inconsistencies - no delegation, inconsistent delegation or
> inconsistent
> nameservers.
>
> So, if there are failures:
> 1 What is the domain?
> 2 Is it properly delegated?
> 3 Are the delegated nameservers reachable?
> 4 Are the delegated nameservers responding to queries?
> 5 Do _ALL_ of the delegated nameservers agree on the SOA value?
> 6 Do the delegated nameservers return the correct information?
>
> If you get past step 6, you may be looking at BIND problems. I haven't
had
> one of those since Sun's broken bind 4.1 in SunOs 4 This was fixed by
> replacing Sun's bind with the current (many years newer) code.
>
> Gordon
>
> > Rob.
> >
> > ----- Original Message -----
> > From: "Craig Foster" <[EMAIL PROTECTED]>
> > To: "Dan Brown" <[EMAIL PROTECTED]>; "E-smith developers list"
> > <[EMAIL PROTECTED]>
> > Sent: Thursday, February 22, 2001 7:46 PM
> > Subject: RE: [e-smith-devinfo] DNS problems?
> >
> >
> > > I've had similar problems. But as I can't find out what's happening
> > exactly,
> > > I haven't sent anything to [EMAIL PROTECTED]
> > >
> > > It seems to be that it has problems after a certain time (no
specifics
> > yet).
> > > One person will be able to find every site they need, and yet
> my client
> > > machine will baulk on my ISP web page :-(
> > >
> > > "killall named" fixes the problem for another couple of days...
> > >
> > > Not elegant, but I can't find what's happening yet.
> > >
> > > yet.....
> > >
> > >
> > > Craig Foster
> > >
> > > > -----Original Message-----
> > > > From: Dan Brown [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, 22 February 2001 11:23 AM
> > > > To: E-smith developers list
> > > > Subject: [e-smith-devinfo] DNS problems?
> > > >
> > > >
> > > > I'm having trouble looking up one particular host with my
> > > > e-smith box.
> > > > If I tell nslookup to use my ISP's DNS servers, it finds it, but
the
> > > > e-smith box doesn't:
> > > >
> > > > [root@e-smith ssl.key]# nslookup resip.ssga.com 216.231.41.22
> > > > Server: cobalt.speakeasy.org
> > > > Address: 216.231.41.22
> > > >
> > > > Name: resip.ssga.com
> > > > Address: 209.202.167.55
> > > >
> > > > [root@e-smith ssl.key]# nslookup resip.ssga.com
> > > > Server: localhost
> > > > Address: 127.0.0.1
> > > >
> > > > *** localhost can't find resip.ssga.com: Non-existent host/domain
> > > > [root@e-smith ssl.key]#
> > > >
> > > > My machine is able to resolve other hosts (like www) in that
domain,
> > > > but not that one. Any ideas what could be wrong, or where to
start
> > > > looking? There's nothing logged in /var/log/messages.
> > > >
> > > > --
> > > > Dan Brown, KE6MKS, [EMAIL PROTECTED]
> > > > "Meddle not in the affairs of dragons, for you are crunchy
> > > > and taste good with ketchup."
> > > >
> > > > --
> > > > This list is archived
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > --
> > > This list is archived
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> Gordon Rowell [EMAIL PROTECTED]
> http://www.e-smith.org (development) http://www.e-smith.com
(corporate)
> Phone: +61 (0418) 467 366 Fax: +1 (613) 564 7739
> e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
>
>
> --
> This list is archived
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
smime.p7s
