Eric Shubert wrote: > Maxwell Smart wrote: >> >> Eric Shubert wrote: >>> Maxwell Smart wrote: >>>> Eric, >>>> >>>> Eric Shubert wrote: >>>>> Maxwell Smart wrote: >>>>>> Eric, >>>>>> >>>>>> Yes, they are there and constant with 127.0.0.1 in the first >>>>>> position of >>>>>> my resolv.conf file. If I move it back to the last position it's >>>>>> ok. >>>>> It's not really ok. It's just that the DNS server(s) before it in the >>>>> list are handling the requests, so it never gets to 127.0.0.1, which >>>>> is your localhost DNS server. >>>>> >>>> OK, but it's then going through the ISP's servers anyways just in a >>>> round about way. >>> Not unless you deliberately set it up that way. With a typical >>> caching/resolving nameserver, DNS requests will not hit the ISP's >>> server at all. >>> >> Where does it resolve to then? How does it resolve addresses? > > The root authoritative servers by default. > >>>>> The dig command (man dig) is handy for troubleshooting DNS problems. >>>>> >>>>> You might try: >>>>> # dig @127.0.0.1 google.com >>>>> and see what you get. I'm guessing that you'll get an error of some >>>>> sort (the command will work, but the result of the lookup will fail). >>>>> >>>> Dig worked fine, no error. >>> Did it return an answer section with a result in it? dig won't show a >>> glaring error. You need to know what to look for. >>> >> [r...@laetitia smtp]# dig 127.0.0.1 google.com >> ;; Got answer: ;; ->>HEADER<<- opcode: >> QUERY, status: NXDOMAIN, id: 24685 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;127.0.0.1. IN A >> >> >> >> >> ;; AUTHORITY >> SECTION: >> >> >> . 1457 IN SOA A.ROOT-SERVERS.NET. >> NSTLD.VERISIGN-GRS.COM. 2009092201 1800 900 604800 >> 86400 >> ;; Query time: 143 msec >> ;; SERVER: 206.13.30.12#53(206.13.30.12) >> ;; WHEN: Tue Sep 22 15:01:29 2009 ;; MSG SIZE rcvd: >> 102 >> >> ; <<>> DiG 9.3.4-P1 <<>> 127.0.0.1 google.com >> ;; global options: printcmd ;; Got >> answer: ;; ->>HEADER<<- opcode: QUERY, >> status: NOERROR, id: 61092 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;google.com. IN A >> >> ;; ANSWER SECTION: >> google.com. 17 IN A 74.125.127.100 >> google.com. 17 IN A 74.125.67.100 >> google.com. 17 IN A 74.125.45.100 >> >> ;; Query time: 145 msec >> ;; SERVER: 206.13.30.12#53(206.13.30.12) >> ;; WHEN: Tue Sep 22 15:01:29 2009 ;; MSG SIZE rcvd: 76 > > That command was: > # dig @127.0.0.1 google.com > The @127.0.0.1 tells dig to use 127.0.0.1 as the resolver, bypassing > what you have in the /etc/resolv.conf file. > > Your command did succeed, but it was resolved by 206.13.30.12, not the > nameserver on your toaster (127.0.0.1). > >>>>>> Ideas on how to begin to troubleshoot? I remember someone on the >>>>>> list a >>>>>> few days ago experiencing the same issue, but paid little attention >>>>>> then. >>>>> IIRC you said earlier that this is a secondary to your authoritative >>>>> server. It's generally considered a bad practice to have a DNS server >>>>> configured to handle both authoritative and resolver requests. It can >>>>> be done, but you'd better know what you're doing. >>>>> >>>>> If it's ok to blow away your secondary DNS, I would: >>>>> # yum remove bind >>>>> # yum install chroot-bind caching-nameserver >>>>> then try moving 127.0.0.1 to the top of /etc/resolv.conf again. >>>> I have a master DNS server (ns1) which is authoritative and a slave >>>> (ns2) which is also a web and e mail server. >>> It'd be better to have a caching/resolving DNS server on the web/email >>> host. The email server will use the resolving DNS server fairly >>> heavily. Better to put the slave DNS on a different host. >>> >>>> So remove the nameserver 64.168.70.132 entry in the resolve.conf file? >>> Absolutely. Authoritative servers should never be listed in the >>> resolv.conf file. >>> >> OK, I've removed these from the file. >>>> The other problem is this was all working just fine until about a week >>>> or so ago. I don't know why I would have to start changing my DNS >>>> when >>>> it was working fine. There is no reason this should have changed. I >>>> did however update my toaster. >>> I don't know what all changed, but updating the toaster should not >>> have caused this problem. I think that is coincidental. >>> >>> Best guess at this point is that your ISP's DNS was/is having >>> problems. We've recommended using a caching nameserver on the toaster, >>> which will keep your ISP's DNS from detrimentally affecting your >>> toaster. Unfortunately, you already had a secondary DNS server running >>> on your toaster, which is not a recommended configuration. It is >>> possible to configure bind on your toaster to do both secondary >>> authoritative and resolving, but that's beyond what we can do for you >>> here. >>> >> OK, are you saying to not use it as my secondary DNS server? > > That would be best.
Is it OK to use this as my primary DNS server? > >> CJ >> >> --------------------------------------------------------------------------------- >> >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and >> installations. >> If you need professional help with your setup, contact them today! >> --------------------------------------------------------------------------------- >> >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> To unsubscribe, e-mail: >> qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: >> qmailtoaster-list-h...@qmailtoaster.com >> >> >> > > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com