<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I think its fixed... just not sure why...<div>I removed the 'recursion no' line and its much faster now and not timing out...<br><div><br></div><div>I used to have :</div><div> <span class="Apple-tab-span" style="white-space:pre"> </span>recursion no;</div><div><div> allow-query { any; };</div><div> allow-recursion { 192.168.2.0/24; 127.0.0.1; };</div><div> allow-query-cache { 192.168.2.0/24; 127.0.0.1; };</div></div><div><br></div><div>Now I have:</div><div><div><div> allow-query { any; };</div><div> allow-recursion { 192.168.2.0/24; 127.0.0.1; };</div><div> allow-query-cache { 192.168.2.0/24; 127.0.0.1; };</div></div></div><div><br></div><div><br></div><div><br></div><div><div apple-content-edited="true">
</div>
<br><div><div>On May 2, 2012, at 7:24 PM, Lyle Giese wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000">
If you have recursion turned off, then no it won't forward. It
tells your named that if it doesn't already know the answer, tell
the client I don't know and won't ask anyone else.<br>
<br>
But what about the second scenerio below? You check on scenerio 1,
but you have not addressed #2.<br>
<br>
Besides, the recursion setting in named is immaterial when doing dig
+trace. Once dig gets the addresses of the root server, it stops
asking your local copy of named and starts asking the root servers
for itself and does not rely any further on named.<br>
<br>
Lyle<br>
<br>
On 05/02/12 18:59, Paul Marais wrote:
<blockquote cite="mid:1C2A704D-3038-4308-B542-83ABC5E63D43@grayv.com" type="cite">
<div>I checked the firewall and I have rules to allow tcp &
udp on port 53.</div>
<div>Is there anything I can do to get more information on why no
connection is made to the root servers. </div>
<div><br>
</div>
<div>I'm a bit confused.. if I have recursion off shouldn't my
local named be forwarding the request to the name server in my
"forwarders" section of the named options.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<br>
<div>
<div>On May 2, 2012, at 3:48 PM, Lyle Giese wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000"> Using dig +trace, dig
is trying to accomplish the recursion that named would do
for you. This tells us your local copy of named is
answering requests as that is where you received the list of
root servers from. But when dig tries to ask the root name
servers how to find <a moz-do-not-send="true" href="http://gmail.com/">gmail.com</a>, dig is unable to
contact or get an answer from the root name servers.<br>
<br>
This indicates one of two problems.<br>
<br>
1) firewall rules are not permitting both udp and tcp port
53 traffic(which I doubt since it works sometimes).<br>
2) your Internet connection is congested and dropping or
delaying your traffic to the point, dig gives up trying.<br>
<br>
But the use of dig +trace shows much more diagnostic
information which points us to the real issue you have.<br>
<br>
Lyle Giese<br>
LCR Computer Services, Inc.<br>
<br>
On 05/02/12 16:36, Paul Marais wrote:
<blockquote cite="mid:F80FF64A-E8E2-4DDF-BBA8-EBEEBD365F48@grayv.com" type="cite">Thanks Lyle,
<div>You're right - I started using the host command
because it was giving me the error I found in the
postfix logs... </div>
<div>but as I just discovered dig +trace also give me the
error...</div>
<div><br>
</div>
<div>I am seeing lots of mailed messages to gmail
accounts... and when I do a trace I get the following:</div>
<div><br>
</div>
<blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div>
<div>; <<>> DiG 9.7.3 <<>>
+trace mx <a moz-do-not-send="true" href="http://gmail.com/">gmail.com</a></div>
</div>
<div>
<div>;; global options: +cmd</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://m.root-servers.net/">m.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://c.root-servers.net/">c.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://h.root-servers.net/">h.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://b.root-servers.net/">b.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://e.root-servers.net/">e.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://j.root-servers.net/">j.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://k.root-servers.net/">k.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://g.root-servers.net/">g.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://f.root-servers.net/">f.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://i.root-servers.net/">i.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://l.root-servers.net/">l.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://a.root-servers.net/">a.root-servers.net</a>.</div>
</div>
<div>
<div>.<span class="Apple-tab-span" style="white-space:pre"> </span>501632<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS<span class="Apple-tab-span" style="white-space:pre"> </span><a moz-do-not-send="true" href="http://d.root-servers.net/">d.root-servers.net</a>.</div>
</div>
<div>
<div>;; Received 320 bytes from
127.0.0.1#53(127.0.0.1) in 0 ms</div>
</div>
<div>
<div><br>
</div>
</div>
<div>
<div>;; connection timed out; no servers could be
reached</div>
</div>
</blockquote>
<div>
<div><br>
</div>
<div><br>
</div>
<div>If I leave the trace off, I see no error
messages... but I get no answer and I do see a
warning:</div>
<div><br>
</div>
</div>
<blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div>
<div>
<div>; <<>> DiG 9.7.3 <<>>
mx <a moz-do-not-send="true" href="http://gmail.com/">gmail.com</a></div>
</div>
</div>
<div>
<div>
<div>;; global options: +cmd</div>
</div>
</div>
<div>
<div>
<div>;; Got answer:</div>
</div>
</div>
<div>
<div>
<div>;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id: 32902</div>
</div>
</div>
<div>
<div>
<div>;; flags: qr rd; QUERY: 1, ANSWER: 0,
AUTHORITY: 13, ADDITIONAL: 5</div>
</div>
</div>
<div>
<div>
<div>;; WARNING: recursion requested but not
available</div>
</div>
</div>
<div>
<div>
<div><br>
</div>
</div>
</div>
</blockquote>
<div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>On May 2, 2012, at 1:42 PM, Lyle Giese wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div>On 05/02/12 12:12, Paul Marais wrote:<br>
<blockquote type="cite">Hi,<br>
</blockquote>
<blockquote type="cite">I'm having an issue where
my postfix server is having trouble with some
lookups.<br>
</blockquote>
<blockquote type="cite">When I type
'host<hostname>', 80% of the time I get
decent reply speed, but for 20% I get a 5 second
delay, or even a timeout.<br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
<blockquote type="cite">My nameserver is
configured to only allow recursion for hosts on
my local network, and I have my ISP dns in my
forwarders.<br>
</blockquote>
<blockquote type="cite">My resolv.conf has
127.0.0.1, my internal ip, and the ip for my isp
DNS<br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
<blockquote type="cite">Any help will be greatly
appreciated.<br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
<blockquote type="cite">Thanks<br>
</blockquote>
<blockquote type="cite">Paul<br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
Don't use host. It's not telling us what is going
wrong and it's only doing an A record lookup of
host name.<br>
<br>
Postfix does an MX lookup for the domain and then
an A record lookup for the mail server(s) in the
MX records.<br>
<br>
Learn to use dig.<br>
<br>
Do this:<br>
<br>
dig mx <a moz-do-not-send="true" href="http://example.com/">example.com</a><br>
<br>
If the answer is <a moz-do-not-send="true" href="http://mail.example.com/">mail.example.com</a>
do this:<br>
<br>
dig mx <a moz-do-not-send="true" href="http://example.com/">example.com</a><br>
<br>
if either fail do this:<br>
<br>
dig +trace mx <a moz-do-not-send="true" href="http://example.com/">example.com</a><br>
or<br>
dig +trace <a moz-do-not-send="true" href="http://mail.example.com/">mail.example.com</a><br>
<br>
And see if you can catch the failure and then we
can do more for you. The other side of this may
be that your Internet connection is overloaded and
you are dropping packets or it's taking too long
for the query to get out and get the response.<br>
<br>
Lyle Giese<br>
LCR Computer Services, Inc.<br>
<br>
_______________________________________________<br>
Please visit <a moz-do-not-send="true" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a moz-do-not-send="true" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
_______________________________________________<br>
Please visit <a moz-do-not-send="true" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a moz-do-not-send="true" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></blockquote>
</div>
<br>
</blockquote>
<br>
</div>
_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br><br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>https://lists.isc.org/mailman/listinfo/bind-users</blockquote></div><br></div></div></body></html>