[ale] named loosing a domain?
Joe Steele
joe at madewell.com
Mon Jun 26 16:39:32 EDT 2000
Try using "dig" (or else turn on debugging inside nslookup). If bind is reporting a non-existent domain, then it should have an authority record identifying where the info came from. For example, "dig ghost.bogusdomain.com" gives the following:
; <<>> DiG 8.2 <<>> ghost.bogusdomain.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; ghost.bogusdomain.com, type = A, class = IN
;; AUTHORITY SECTION:
COM. 1D IN SOA A.ROOT-SERVERS.NET. hostmaster.internic.NET. (
2000062600 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; Total query time: 307 msec
;; FROM: lan2 to SERVER: default -- 192.168.2.1
;; WHEN: Mon Jun 26 15:50:20 2000
;; MSG SIZE sent: 39 rcvd: 116
Now if I repeat the command a second time, I get a slightly different result:
; <<>> DiG 8.2 <<>> ghost.bogusdomain.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; ghost.bogusdomain.com, type = A, class = IN
;; AUTHORITY SECTION:
COM. 2h54m42s IN SOA A.ROOT-SERVERS.NET. hostmaster.internic.NET. (
2000062600 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; Total query time: 2 msec
;; FROM: lan2 to SERVER: default -- 192.168.2.1
;; WHEN: Mon Jun 26 15:55:37 2000
;; MSG SIZE sent: 39 rcvd: 116
The difference is in the time-to-live value of the SOA record. The first time, bind had to contact an authoritative server for ".com" in order to get the NXDOMAIN response. This negative response is then cached locally for a period of 3 hours (bind's default for such data). When I repeat the query 5 min. 18 sec. later, I get the same response (this time retrieved from the local cache) with a time-to-live of 2h54m42s. This can help you identify which level in the domain name is generating the error (".com" in this example). It can also give you an idea of when the error occurred.
In your case, the error is probably short lived, but because it is being cached, the error is persistent until the cached data times out or until you clear the cache by restarting bind.
I had a similar thing happen to me recently, where the ".com" servers were saying that a domain of mine didn't exist. I could tell from the locally cached data when the error had occurred, but by the time I started looking into the problem, everything was normal again (except for the bad data in my cache).
--Joe
-----Original Message-----
From: Robert L. Harris [SMTP:Robert.L.Harris at rnd-consulting.com]
Sent: Monday, June 26, 2000 10:00 AM
To: Atlanta Linux Enthusiasts
Subject: [ale] named loosing a domain?
Ok,
I'm running a debian linux box with the latest packages (potato). Every
now and then I try to mail my father at sunline.net. Sometimes I get an
email 4hrs later it says it can't find the domain. If I do an nslookup
on "sunline.net" it says no such domain. If I restart bind via rc script
and do the lookup again it works great. I dont seem to have problems with
any other domains.
Anyone have any theories?
Robert
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list