From owner-freebsd-net  Sun Dec  2  5:34:29 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75])
	by hub.freebsd.org (Postfix) with ESMTP id D7D1637B419
	for <freebsd-net@FreeBSD.ORG>; Sun,  2 Dec 2001 05:34:20 -0800 (PST)
Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id C2F6216B13
	for <freebsd-net@FreeBSD.ORG>; Sun,  2 Dec 2001 14:34:18 +0100 (CET)
Received: from IBM-HIRXKN66F0W.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP
  (SMTPD32-6.06) id A0F6456F021C; Sun, 02 Dec 2001 14:47:34 +0100
Message-Id: <5.1.0.14.0.20011202063643.03e87b98@mail.Go2France.com>
X-Sender: LConrad@Go2France.com@mail.Go2France.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 02 Dec 2001 07:33:25 -0600
To: freebsd-net@FreeBSD.ORG
From: Len Conrad <LConrad@Go2France.com>
Subject: Re: problem (hairy) with dns-server
In-Reply-To: <200112021206.fB2C6Y523027@mail15.bigmailbox.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


>I have two dns-servers at 200.198.77.34 and 200.198.77.35, and when 
>querying it with the nslookup and dnsquery everything appears as normal.

when do recursive query to either, I get an answer.  you should not allow 
recursive queries except from your trusted ip's, for BIND8

acl mynets {ip_list;};

options {
allow-recursion {mynets;} ;
fetch-glue no;
};

>a) when starting named, after a few seconds of the message *listening 
>on..*, suddenly pops the following message:
>
>:=== begin
>
>named[2876]:sysquery:findns error (NXDOMAIN) on 
>deviant-1.77.198.200.in-addr.arp
>named[2876]:sysquery:findns error (NXDOMAIN) on 
>deviant-2.77.198.200.in-addr.arp

in-addr.arp?   ".arpa" is the name of the reverse TLD parent

# dig -x 200.198.77.2

; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      2.77.198.200.in-addr.arpa, type = ANY, class = IN

;; AUTHORITY SECTION:
77.198.200.in-addr.arpa.  1D IN SOA  ns.ipaccess.diveo.net.br. 
hostmaster.ipaccess.diveo.net.br. (
                                         2001021300      ; serial
                                         1D              ; refresh
                                         1H              ; retry
                                         2W              ; expiry
                                         1D )            ; minimum


and

# dig @200.198.77.3 -x 200.198.77.2

; <<>> DiG 8.3 <<>> @200.198.77.3 -x
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 200.198.77.3: Operation timed out

your NS's haven't been delegated with reverse authority for your subnet

>(you can experiment using these dns-servers as your default ones,

I didn't do that, but they both do recursion fine with dig

>  and sending a mail to test@dixtal.com.br), for the complete mail-error 
> message.

works fine for me:

Dec  2 13:46:26 mgw1 postfix/smtp[17844]: 08D5116B13: 
to=<test@dixtal.com.br>, relay=mx-sec.zazcorp.com.br[200.176.131.2], 
delay=121, status=sent (250 2.0.0 fB2CkKrO013294 Message accepted for delivery)


                               DNS Expert
                    Detailed Report for dixtal.com.br

2001-12-02, 07:30, using the analysis setting "Thorough"
======================================================================

Information
----------------------------------------------------------------------
Serial number:           2001073101
Primary name server:     srv5-poa.nutecnet.com.br.
Primary mail server:     mail.dixtal.com.br.
Number of records:       N/A

Errors
----------------------------------------------------------------------
o An NS record for "dixtal.com.br." refers to
   "srv5-poa.nutecnet.com.br." which is a CNAME record
     An NS record located in the zone "dixtal.com.br." refers to the
     host "srv5-poa.nutecnet.com.br.".  The record
     "srv5-poa.nutecnet.com.br." is a CNAME record.  NS records should
     always refer to canonical host names.

o The name server "dns-web.zaz.com.br." is only listed in delegation
   data
     The server "dns-web.zaz.com.br." is listed as being authoritative
     for the zone according to the delegation data, but there is no NS
     record for that server in the zone data.  Delegation data and zone
     data should always match.

o The primary mail server "mail.dixtal.com.br." does not respond
     The mail server "mail.dixtal.com.br.", which is a primary mail
     server for "dixtal.com.br.", does not seem to be working.


Warnings
----------------------------------------------------------------------
o The zone contains more than one authoritative name server with the
   same IP address
     The name servers "srv5-poa.nutecnet.com.br." and
     "dns-web.zaz.com.br.", which are authoritative for
     "dixtal.com.br.", have the same IP address (200.176.131.9).

Len


http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message