[TCLUG] DNS Help

Tue Oct 26 12:41:03 CDT 2004

;; AUTHORITY SECTION:
itasca.net.             2D IN NS        bullwinkle.itasca.net.
itasca.net.             2D IN NS        rocky.itasca.net.

;; ADDITIONAL SECTION:
bullwinkle.itasca.net.  2D IN A         207.195.213.5
rocky.itasca.net.       2D IN A         207.195.213.6

*blink blink*  That netblock sure looks familiar :)

When I hear symptoms like this, I immediately think of the 
WorkAroundBrokenAAAA sendmail option - but these guys appear to be running 
bind-8 and working correctly, so that probably isn't the issue.

Are you running a DNS server on this machine?  Do you have a nameserver 
specified in /etc/resolv.conf?  Who's your upstream?

What you may want to do is run tcpdump and watch the DNS traffic.  See who 
you are sending the DNS query to, and who is responding back and with what 
answers.

Also, in general, a good DNS test is to just use dig on your local machine 
and "play computer", like:

dig @f.gtld-servers.net itasca.net
(returns nameservers for itasca.net)

dig @1st-name-server.itasca.net itasca.net mx
dig @2nd-name-server.itacsa.net itasca.net mx

See if you get the same response from both, and see if both servers return 
the same NS records in the authority section that came from the root 
servers (they did when I looked, so if you are able to get responses from 
both servers, they should be right).  This shouldn't be the case here, but 
I've seen a lot of intermittent DNS problems because the DNS servers for a 
domain are returning a different set of auth NS servers in the query 
responses, from those listed in the root, and the different servers are 
being flakey - typically this is the case of someone updating the root 
because they decommissioned or renumbered a name server, but didn't change 
the zone file.

On Tue, 26 Oct 2004, Chris Schumann wrote:

> Hey all,
>
> I've got a RH9 box (I know), and am using Pine and Sendmail... most of the
> time. There's a set of domains (itasca.net) that I cannot send e-mail to.
>
> I get messages that DNS has timed out.
>
> I have root capability on my box, but I suspect my upstream DNS provider
> is the real problem.
>
> Anyone got some tips for me? Where to start investigating?
>
> Many thanks,
> Chris Schumann
>
>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> Help beta test TCLUG's potential new home: http://plone.mn-linux.org
> Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
> tclug-list at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-list
>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list