Eric,
Eric Shubert wrote:
> Maxwell Smart wrote:
>> Eric,
>>
>> Yes, they are there and constant with 127.0.0.1 in the first position of
>> my resolv.conf file. If I move it back to the last position it's ok.
>
> It's not really ok. It's just that the DNS server(s) before it in the
> list are handling the requests, so it never gets to 127.0.0.1, which
> is your localhost DNS server.
>
OK, but it's then going through the ISP's servers anyways just in a
round about way.
> The dig command (man dig) is handy for troubleshooting DNS problems.
>
> You might try:
> # dig @127.0.0.1 google.com
> and see what you get. I'm guessing that you'll get an error of some
> sort (the command will work, but the result of the lookup will fail).
>
Dig worked fine, no error.
>> I am not entirely clear on what this is supposed to do. Any place I can
>> read up on this?
>
> The Linux Cookbook by Carla Schroder (an excellent reference for many
> things) has several recipes for DNS servers, both bind and djbdns.
>
I'll check that out.
>> I am still having a delay, but noticed if I stop and restart qmail I get
>> all the mail.
>
> Not a solution. :(
>
I know this.
>> Ideas on how to begin to troubleshoot? I remember someone on the list a
>> few days ago experiencing the same issue, but paid little attention
>> then.
>
> IIRC you said earlier that this is a secondary to your authoritative
> server. It's generally considered a bad practice to have a DNS server
> configured to handle both authoritative and resolver requests. It can
> be done, but you'd better know what you're doing.
>
> If it's ok to blow away your secondary DNS, I would:
> # yum remove bind
> # yum install chroot-bind caching-nameserver
> then try moving 127.0.0.1 to the top of /etc/resolv.conf again.
I have a master DNS server (ns1) which is authoritative and a slave
(ns2) which is also a web and e mail server.
So remove the nameserver 64.168.70.132 entry in the resolve.conf file?
The other problem is this was all working just fine until about a week
or so ago. I don't know why I would have to start changing my DNS when
it was working fine. There is no reason this should have changed. I
did however update my toaster.
>> CJ
>>
>> Eric Shubert wrote:
>>> Only if they're there. ;)
>>> Your named has a problem.
>>>
>>> Maxwell Smart wrote:
>>>> Should I be seeing constant entries in my /var/log/messages file like
>>>> this? I don't recall this ever doing this.
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'serix.com/MX/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'ns1.serix.net/A/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'ns1.serix.net/AAAA/IN':
>>>> 64.168.70.132#53
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'ns2.serix.net/A/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'ns2.serix.net/AAAA/IN':
>>>> 64.168.70.132#53
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'c.ns.joker.com/A/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'c.ns.joker.com/AAAA/IN':
>>>> 64.168.70.132#53
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'a.ns.joker.com/AAAA/IN':
>>>> 64.168.70.132#53
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'a.ns.joker.com/A/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'b.ns.joker.com/A/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:14 laetitia named[8777]: FORMERR resolving
>>>> 'b.ns.joker.com/AAAA/IN':
>>>> 64.168.70.132#53
>>>> Sep 22 12:14:15 laetitia named[8777]: FORMERR resolving
>>>> 'serix.com/TXT/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:16 laetitia named[8777]: FORMERR resolving
>>>> '117.208.103.59.rbl.maps.vix.com/TXT/IN':
>>>> 64.168.70.132#53 Sep 22
>>>> 12:14:16 laetitia named[8777]: FORMERR resolving 'stia.ru/MX/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:18 laetitia named[8777]: FORMERR resolving
>>>> '85.194.39.201.rbl.maps.vix.com/TXT/IN':
>>>> 64.168.70.132#53 Sep 22
>>>> 12:14:19 laetitia named[8777]: FORMERR resolving
>>>> 'twavecg.com/MX/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:19 laetitia named[8777]: FORMERR resolving
>>>> 'twavecg.com/TXT/IN':
>>>> 64.168.70.132#53
>>>>
>>>>
>>>> Sep 22 12:14:19 laetitia named[8777]: FORMERR resolving
>>>> '85.194.39.201.in-addr.arpa/PTR/IN':
>>>> 64.168.70.132#53 Sep
>>>> 22 12:14:20 laetitia named[8777]: FORMERR resolving
>>>> 'ns.embratel.net.br/A/IN':
>>>> 64.168.70.132#53
>>>> Sep 22 12:14:20 laetitia named[8777]: FORMERR resolving
>>>> 'ns.embratel.net.br/AAAA/IN': 64.168.70.132#53
>>>> Eric Shubert wrote:
>>>>> Maxwell Smart wrote:
>>>>>> I moved the DNS entries as suggested. This did not work. With
>>>>>> 127.0.0.1 first on the list it failed.
>>>>> Then your caching nameserver isn't working. Did you install bind or
>>>>> djbdns?
>>>>>
>>>>>> I don't have the error message, but I put it back and it worked. I
>>>>>> will put only my ISP's DNS entries in and see what happens.
>>>>> That should work, but a caching DNS server on your toaster would be
>>>>> best.
>>>>>
>>>>>> [r...@laetitia ~]# cat /etc/resolv.conf
>>>>>> nameserver 206.13.30.12
>>>>>> nameserver 206.13.28.12
>>>>>> nameserver 127.0.0.1
>>>>>> ; generated by /sbin/dhclient-script
>>>>>> [r...@laetitia ~]#
>>>>>>
>>>>>> I have been playing with Spamdyke, but it seems to put an incredible
>>>>>> load on the server. I removed it and the load dropped. I don't get
>>>>>> that much spam anyways since the Spamassassin seems to work very
>>>>>> well.
>>>>> Then you definitely have a DNS problem. spamdyke does quite a bit of
>>>>> DNS querying. Once you fix DNS, spamdyke will most certainly reduce
>>>>> the overall load.
>>>>>
>>>>>> I only have spamhaus in my blacklist file.
>>>>> That's why your DNS problem isn't hurting you very badly. Sounds
>>>>> to me
>>>>> like your ISP's DNS server(s) aren't quite up to snuff.
>>>>>
>>>>> Work on getting a caching nameserver working properly on your
>>>>> toaster.
>>>>> That will fix you up permanently. Relying on your ISP's DNS is not a
>>>>> very wise move.
>>>>>
>
>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
