sendmail and bind

Kevin Darcy kcd at daimlerchrysler.com
Thu Oct 25 22:28:01 UTC 2001


"Boex,Matthew W." wrote:

> Kevin,
>
> Thanks a lot for the reply.  I, sadly, am not the owner of the firewall
> here.  I am having the owner look into it as I type this.  Below is the
> output of dig cna.com mx on each box( I did run the dig cna.com mx multiple
> times before this so you would figure it would be cached).  As you can see,
> on sch1p297 it takes 5006 msec as opposed to sch1p312, 3 msec.  Also, I
> noticed that the flags set in each are different.  sch1p297 has the "aa"
> flag set every time which tells me that it has to go out and get the info
> every time, no caching.  That is odd to me since I ran dig yahoo.com mx and
> it didn't have the "aa" flag set.  So, it looks like sch1p297 isn't caching
> for cna.com.  Weird.
>
> Also, the authority records look different.  312 has -
>
> ;; AUTHORITY SECTION:
> cna.com.                1d31m59s IN NS  DNS.cna.com.
> cna.com.                1d31m59s IN NS  NS2.CW.NET.
>
> while 297 has -
>
> ;; AUTHORITY SECTION:
> cna.com.                2H IN NS        dns.cna.com.
> cna.com.                2H IN NS        ns2.mci.net.
> cna.com.                2H IN NS        ns2.cw.net.
>
> how can that be?

ns2.mci.net is not answering authoritatively for the zone. Either a) it should
be removed from the NS records, or b) whatever is causing that nameserver to
answer non-authoritatively should be fixed *and* it should also be added to the
cna.com delegation records, since currently those NS sets don't match.


- Kevin




More information about the bind-users mailing list