MX records incomplete wierd error

King, John (Greg) (OAO-HOU) jking at houston.oao.com
Mon May 14 12:57:43 UTC 2001


Heres a portion of the named.conf file that i am running.

//logging stuff snipped out//

options{
        directory "/pathtorecords";
        allow-transfer { x.x.x.x; x.x.x.x; x.x.x.x; };
        query-source address * port 53 ;
        allow-query { any; };
        statistics-interval 1440; // stats once per day is enough
};

zone "." in {
        type hint;
        file "db.cache";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "db.127.0.0";
};

...everything else is master records

then the zone for the domain itself:

zone "x.x.x.x" in {
        type master;
        file "db.x.x.x.x";
        check-names ignore;
        allow-update { none; };
        allow-query { any; };
        allow-transfer { x.x.x.x;x.x.x.x; };
        notify no;
};


If i dump the cache i can query it once and get the A records for the mail
exchangers. Then it goes away again. The serial number for their zone and
what I see match (fyi).

Oh and the dns admins at hsc.com and myself have been trying to figure this
one out since last week, I mentioned i was gonna ask the BIND-Users list for
help and she didnt mind.

Thanks again!

-----Original Message-----
From: Jim Reid [mailto:jim at rfc1035.com]
Sent: Monday, May 14, 2001 7:39 AM
To: King, John (Greg) (OAO-HOU)
Cc: bind-users at isc.org
Subject: Re: MX records incomplete wierd error 


>>>>> "John" == King, John (Greg) (OAO-HOU) <jking at houston.oao.com> writes:

    John> I have been trying to find a cause for this and so far no
    John> luck. I am running the latest version of Bind 8 on a Sparc
    John> (Solaris 2.7) behind a firewall.

The MX records for hsc.com check out just fine. So the discrepancy --
if indeed there is one -- can be attributed to a configuration error
on one of the name servers. Or perhaps the A records for the MX
targets are just getting expired from the cache? If you'd used dig to
make the queries, we could have seen the actual answers from the
servers with their flags bits and TTLs. Are you using forwarding? If
so, this might explain why stuff vanishes from the cache so quickly.
Try dumping your server's cache and find out where it is getting its
information about hac.com from.

The NS records for hsc.com are a bit clumsy. This zone is served by
fw-es06.hac.com and fw-es10.hac.com. The hac.com zone is in turn
served by fw-he0{2,4}.hughes.com. This should get cleaned up: maybe
hsc.com and hac.com should be served by fw-he0{2,4}.hughes.com? I've
bcc'ed the admins of these zones, so maybe they'll chase this up.

BTW you should use a decent DNS lookup tool like dig, not the
disgusting abomination that is nslookup.

    John> I am getting queued mail to a specific site due what I
    John> believe is missing A records for some mail exchangers when a
    John> lookup occurs.

Well the A records certainly exist. Your server seems unable to find
them for some reason. Since you didn't show us the named.conf file of
that server, it's hard to say why that is. It could be something to do
with how that server has been configured or how it is allowed to make
queries through your firewall.


More information about the bind-users mailing list