Professional Web Applications Themes

DNS Madness - SCO

Warning: DNS hair-puller ahead. .... ok, having trouble sending/receiving mail from *.brooklyn.cuny.edu. (In general, it's a very broken domain.) My SCO 506 box is the primary ns internally, while a WinNT 4.0 PDC functions as the secondary. Works almost all of the time. But smail cannot write to the domains above, because the primary ns cannot resolve, say, $ /etc/dig MX sci.brooklyn.cuny.edu [...] ;; Querying server (# 1) address = 10.1.1.1 ;; timeout ;; res_nsend to server default -- 10.1.1.1: Connection timed out but if I add a nameserver directive to point to WiNT (curses!) it works. Looking a bit ...

  1. #1

    Default DNS Madness

    Warning: DNS hair-puller ahead.

    .... ok, having trouble sending/receiving mail from *.brooklyn.cuny.edu. (In
    general, it's a very broken domain.) My SCO 506 box is the primary ns
    internally, while a WinNT 4.0 PDC functions as the secondary. Works almost all
    of the time. But smail cannot write to the domains above, because the primary
    ns cannot resolve, say,

    $ /etc/dig MX sci.brooklyn.cuny.edu
    [...]
    ;; Querying server (# 1) address = 10.1.1.1
    ;; timeout
    ;; res_nsend to server default -- 10.1.1.1: Connection timed out

    but if I add a nameserver directive to point to WiNT (curses!) it works.

    Looking a bit further, I notice that that SCO's dig is missing the trace option
    (did that arise in BIND 9?) so the best I can do is -d2:

    ; <<>> DiG 8.2 <<>> +d2 MX sci.brooklyn.cuny.edu
    ;; res_nmkquery(QUERY, sci.brooklyn.cuny.edu, IN, MX)
    ;; res options: init debug recurs defnam dnsrch ?0x80000000?
    ;; res_send()
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64177
    ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;; sci.brooklyn.cuny.edu, type = MX, class = IN

    ;; Querying server (# 1) address = 10.1.1.1
    ;; timeout

    etc., etc.

    So I have to do the trace myself. Cuny.edu's nameservers are:

    ;; AUTHORITY SECTION:
    cuny.edu. 2D IN NS ACME.UCC.cuny.edu.
    cuny.edu. 2D IN NS BLACK-ICE.CC.VT.edu.
    cuny.edu. 2D IN NS NS3.BROADWING.NET.
    cuny.edu. 2D IN NS NS4.BROADWING.NET.
    cuny.edu. 2D IN NS SAELL.CC.COLUMBIA.edu.

    ;; ADDITIONAL SECTION:
    ACME.UCC.cuny.edu. 2D IN A 128.228.1.10
    BLACK-ICE.CC.VT.edu. 2D IN A 128.173.14.71
    SAELL.CC.COLUMBIA.edu. 2D IN A 128.59.59.218

    Now, *.broadwing.net does not recurse, just returning me to the roots; while
    saell refuses my query altogether (!), black-ice times out, and acme gives me a
    real answer. Clearly, cuny.edu's system adminstrator has his/her job cut out
    for him.

    Evidently (how do I test this?) SCO's resolver goes to black-ice, times out and
    gives up, while other resolvers (Linux envy again!) figure out that they need
    to talk to acme.

    So, how do I nail down this difference? And why can't SCO resolve, when Linux &
    Windows can?

    Thanks!

    --
    _________________________________________
    Nachman Yaakov Ziskind, EA, LLM com
    Attorney and Counselor-at-Law http://ziskind.us
    Economic Group Pension Services http://egps.com
    Actuaries and Employee Benefit Consultants
    Nachman Guest

  2. #2

    Default Re: DNS Madness

    In article <egps.com>,
    Nachman Yaakov Ziskind <com> wrote: 
     
     

    Not knowing how your config file is set up, I'm just guessing
    that maybe you don't have the 10.1.1.1. that you don't
    have the correct IP in the master line in your in-addr-arpa for
    your local machine.

    A typo perhaps in the zone line which by normal convention
    would be 1.1.10-in-addr-arpa, or a problem with name or
    pointing to your reverse file in that same areaa.

    You have not indicated what you use for debugging this but
    have you tried for example 'nslint'. Available at
    ftp.ee.lbl.gov [that the Lawrenece Livermore Berkeley Labs].

    Just guesses, which could be off base.
     
     

    Which says the name server doesn't think it is running on 10.1.1.1.
    Could it be running on 127.0.0.1 ?

    Bill

    --
    Bill Vermillion - bv wjv . com
    Bill Guest

  3. #3

    Default Re: DNS Madness

    Bill Vermillion wrote (on Wed, Oct 29, 2003 at 04:05:04AM +0000): 


    >
    > Not knowing how your config file is set up, I'm just guessing
    > that maybe you don't have the 10.1.1.1. that you don't
    > have the correct IP in the master line in your in-addr-arpa for
    > your local machine.[/ref]

    Nope, got it.
     

    Nope, but not only that: this server processess hundreds (thousands?) of
    domains a day, with 'nary a peep. *This* domain always gives me trouble.
     

    I appreciate even an off-base guess. But, I'm fairly convinced that the problem
    is in the resolver, not the config.
     

    >
    > Which says the name server doesn't think it is running on 10.1.1.1.
    > Could it be running on 127.0.0.1 ?[/ref]

    No, because, a) tried all three of 1) 10.1.1.1, 2) 127.0.0.1, and 3) nothing,
    in the /etc/resolv.conf file, and b) as above, every other domain works, pretty
    much. I do not have wholesale problems with DNS.
     

    Thanks, Bill!

    --
    _________________________________________
    Nachman Yaakov Ziskind, EA, LLM com
    Attorney and Counselor-at-Law http://ziskind.us
    Economic Group Pension Services http://egps.com
    Actuaries and Employee Benefit Consultants
    Nachman Guest

  4. #4

    Default Re: DNS Madness

    In article <egps.com>,
    Nachman Yaakov Ziskind <com> wrote: [/ref][/ref]

    [highly edited - wjv]

     [/ref]
     
     [/ref]
     

    In the log file when you start/restart DNS are there any things
    that stand out. I once had one where only one zone would not
    run - and it was noted in the entry on startup. I suspect you
    probably have checked that.
     [/ref]
     [/ref]
     

    We've all been there - but I get humbled far too often by missing
    something silly :-(

    Do try the nslint - which checks the config files, or the dlint.

    My dns is not complex but it's getting ungainly. One of my blocks
    dlint found 729 PTRs and about 98% of those go to Mac OS/XF
    machines.

    If you don't trust the resolver perhaps you could build a new one.
    When I set and SCO machine for a gateway between the internet and
    large Novell network in 1995 I had to DL the sources.

    I've run out of ideas.

    Best of luck.

    Bill
    --
    Bill Vermillion - bv wjv . com
    Bill Guest

Similar Threads

  1. autostretch madness
    By serialRei in forum Macromedia Dynamic HTML
    Replies: 1
    Last Post: December 14th, 05:23 PM
  2. Utter madness!
    By Paul Mason in forum ASP.NET Security
    Replies: 5
    Last Post: July 15th, 11:35 AM
  3. Madness, I call it madness
    By Marius Horak in forum ASP.NET Data Grid Control
    Replies: 2
    Last Post: June 4th, 02:28 PM
  4. eval() madness
    By Mark McCarthy in forum Macromedia Flash Actionscript
    Replies: 3
    Last Post: February 11th, 03:44 AM
  5. flv -&gt; swf madness
    By etg7 in forum Macromedia Flash Actionscript
    Replies: 0
    Last Post: February 9th, 06:46 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139