Eric Shubert wrote:
> Maxwell Smart wrote:
>> Eric,
>>
>> Eric Shubert wrote:
>>> Maxwell Smart wrote:
>>>> Eric,
>>>>
>>>> Yes, they are there and constant with 127.0.0.1 in the first
>>>> position of
>>>> my resolv.conf file. If I move it back to the last position it's ok.
>>> It's not really ok. It's just that the DNS server(s) before it in the
>>> list are handling the requests, so it never gets to 127.0.0.1, which
>>> is your localhost DNS server.
>>>
>> OK, but it's then going through the ISP's servers anyways just in a
>> round about way.
>
> Not unless you deliberately set it up that way. With a typical
> caching/resolving nameserver, DNS requests will not hit the ISP's
> server at all.
>
Where does it resolve to then? How does it resolve addresses?
>>> The dig command (man dig) is handy for troubleshooting DNS problems.
>>>
>>> You might try:
>>> # dig @127.0.0.1 google.com
>>> and see what you get. I'm guessing that you'll get an error of some
>>> sort (the command will work, but the result of the lookup will fail).
>>>
>> Dig worked fine, no error.
>
> Did it return an answer section with a result in it? dig won't show a
> glaring error. You need to know what to look for.
>
[r...@laetitia smtp]# dig 127.0.0.1 google.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24685
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;127.0.0.1. IN A
;; AUTHORITY
SECTION:
. 1457 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2009092201 1800 900 604800
86400
;; Query time: 143 msec
;; SERVER: 206.13.30.12#53(206.13.30.12)
;; WHEN: Tue Sep 22 15:01:29 2009
;; MSG SIZE rcvd: 102
; <<>> DiG 9.3.4-P1 <<>> 127.0.0.1 google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61092
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 17 IN A 74.125.127.100
google.com. 17 IN A 74.125.67.100
google.com. 17 IN A 74.125.45.100
;; Query time: 145 msec
;; SERVER: 206.13.30.12#53(206.13.30.12)
;; WHEN: Tue Sep 22 15:01:29 2009
;; MSG SIZE rcvd: 76
>>>> Ideas on how to begin to troubleshoot? I remember someone on the
>>>> list a
>>>> few days ago experiencing the same issue, but paid little attention
>>>> then.
>>> IIRC you said earlier that this is a secondary to your authoritative
>>> server. It's generally considered a bad practice to have a DNS server
>>> configured to handle both authoritative and resolver requests. It can
>>> be done, but you'd better know what you're doing.
>>>
>>> If it's ok to blow away your secondary DNS, I would:
>>> # yum remove bind
>>> # yum install chroot-bind caching-nameserver
>>> then try moving 127.0.0.1 to the top of /etc/resolv.conf again.
>>
>> I have a master DNS server (ns1) which is authoritative and a slave
>> (ns2) which is also a web and e mail server.
>
> It'd be better to have a caching/resolving DNS server on the web/email
> host. The email server will use the resolving DNS server fairly
> heavily. Better to put the slave DNS on a different host.
>
>> So remove the nameserver 64.168.70.132 entry in the resolve.conf file?
> Absolutely. Authoritative servers should never be listed in the
> resolv.conf file.
>
OK, I've removed these from the file.
>> The other problem is this was all working just fine until about a week
>> or so ago. I don't know why I would have to start changing my DNS when
>> it was working fine. There is no reason this should have changed. I
>> did however update my toaster.
>
> I don't know what all changed, but updating the toaster should not
> have caused this problem. I think that is coincidental.
>
> Best guess at this point is that your ISP's DNS was/is having
> problems. We've recommended using a caching nameserver on the toaster,
> which will keep your ISP's DNS from detrimentally affecting your
> toaster. Unfortunately, you already had a secondary DNS server running
> on your toaster, which is not a recommended configuration. It is
> possible to configure bind on your toaster to do both secondary
> authoritative and resolving, but that's beyond what we can do for you
> here.
>
OK, are you saying to not use it as my secondary DNS server?
CJ
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
