Maxwell Smart wrote:
Eric,
Eric Shubert wrote:
Maxwell Smart wrote:
Eric,
Yes, they are there and constant with 127.0.0.1 in the first position of
my resolv.conf file. If I move it back to the last position it's ok.
It's not really ok. It's just that the DNS server(s) before it in the
list are handling the requests, so it never gets to 127.0.0.1, which
is your localhost DNS server.
OK, but it's then going through the ISP's servers anyways just in a
round about way.
Not unless you deliberately set it up that way. With a typical
caching/resolving nameserver, DNS requests will not hit the ISP's server
at all.
The dig command (man dig) is handy for troubleshooting DNS problems.
You might try:
# dig @127.0.0.1 google.com
and see what you get. I'm guessing that you'll get an error of some
sort (the command will work, but the result of the lookup will fail).
Dig worked fine, no error.
Did it return an answer section with a result in it? dig won't show a
glaring error. You need to know what to look for.
Ideas on how to begin to troubleshoot? I remember someone on the list a
few days ago experiencing the same issue, but paid little attention
then.
IIRC you said earlier that this is a secondary to your authoritative
server. It's generally considered a bad practice to have a DNS server
configured to handle both authoritative and resolver requests. It can
be done, but you'd better know what you're doing.
If it's ok to blow away your secondary DNS, I would:
# yum remove bind
# yum install chroot-bind caching-nameserver
then try moving 127.0.0.1 to the top of /etc/resolv.conf again.
I have a master DNS server (ns1) which is authoritative and a slave
(ns2) which is also a web and e mail server.
It'd be better to have a caching/resolving DNS server on the web/email
host. The email server will use the resolving DNS server fairly heavily.
Better to put the slave DNS on a different host.
So remove the nameserver 64.168.70.132 entry in the resolve.conf file?
Absolutely. Authoritative servers should never be listed in the
resolv.conf file.
The other problem is this was all working just fine until about a week
or so ago. I don't know why I would have to start changing my DNS when
it was working fine. There is no reason this should have changed. I
did however update my toaster.
I don't know what all changed, but updating the toaster should not have
caused this problem. I think that is coincidental.
Best guess at this point is that your ISP's DNS was/is having problems.
We've recommended using a caching nameserver on the toaster, which will
keep your ISP's DNS from detrimentally affecting your toaster.
Unfortunately, you already had a secondary DNS server running on your
toaster, which is not a recommended configuration. It is possible to
configure bind on your toaster to do both secondary authoritative and
resolving, but that's beyond what we can do for you here.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
