need help figuring this MX /A record query problem out *sigh*

King, John (Greg) (OAO-HOU) jking at houston.oao.com
Thu May 17 16:57:12 UTC 2001


ok still cannot see what is causing the actual cache to respond with a big 0
on subsequent queries to hsc.com.  It works with other domains like sun.com
and microsoft.com...

but i just thought of something and need to know if this could in any way
affect it. The firewall people blocked inbound TCP 53 completely. Only
allowing 53 UDP in.  Im am now at the point of trying to pull anything out
of thin air since as of yet no explanation and solution has been found for
this annoying problem and I cant prove its at HSC.com. I know understand the
earlier comments about running a cacheing and auth server which unconfused
the confusion on that issue but in our case performance aint a prob and
running both a cacheing and auth config of BIND has never hurt us before.

so far all ive earned is more management status updates, migraine from all
getout and a ton of lost hair... been awhile since the ol' stress monster
kicked in

-Greg

-----Original Message-----
From: Brad Knowles [mailto:brad.knowles at skynet.be]
Sent: Thursday, May 17, 2001 10:27 AM
To: King, John (Greg) (OAO-HOU); 'bind-users at isc.org'
Subject: RE: need help figuring this MX /A record query problem out



At 9:53 AM -0500 5/17/01, King, John (Greg) (OAO-HOU) wrote:

>  Im alittle confused now. Im not saying its not a better idea, what im
>  wondering is that where have I set it up to act as a cacheing server?
>  Looking in 3rd Edition Bind 8 from O'Reilly:

	You're mixing caching & authoritative services on the same 
machine.  Here's the complete "options" section from the named.conf 
you previously posted:

options{
         directory "path_to_dns_area";
         allow-transfer { x.x.x.x; };
         query-source address * port 53 ;
         allow-query { any; };
         statistics-interval 1440; // stats once per day is enough
         version "DNS server"; // every little bit helps
};

	If you want to be authoritative-only and not include caching, you 
have to add "recursion no;" and ideally "fetch-glue no;" to these 
options.  Both of these are turned on by default, and if you do not 
turn these off and you define zones that you are authoritative for, 
then you will be mixing authoritative and caching services on the 
same machine.

	This is documented in the man pages for "named.conf" in BIND 8, 
as well as BIND 9.  Type "man named.conf" to see what you have, and 
scroll down to the "recursion" and "fetch-glue" statements.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'


More information about the bind-users mailing list