[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] DNS Errors.

Subject: Re: [cobalt-users] DNS Errors.
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Thu Jan 16 10:05:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

GW> Date: Thu, 16 Jan 2003 11:36:26 -0500 (EST)
GW> From: Gerald Waugh


GW> I seem to be getting a lot of stuff in my log files
GW>
GW> Jan 16 11:17:07 fsn4 named[673]: Lame server on 'a.mx.everquick.net' (in
GW> 'mx.everquick.net'?): [65.208.232.2].53
GW> 'maven.webokay.com': learnt (A=192.41.162.30,NS=65.208.232.2)
GW> Jan 16 11:17:07 fsn4 named[673]: Lame server on 'a.mx.everquick.net' (in
GW> 'mx.everquick.net'?): [216.89.137.11].53
GW> 'ns1.everquick.net': learnt (A=192.31.80.30,NS=65.208.232.2)
GW> Jan 16 11:20:13 fsn4 named[673]: sysquery: query(a.mx.everquick.net) All
GW> possible A RR's lame
GW> Jan 16 11:20:13 fsn4 named[673]: sysquery: query(b.mx.everquick.net) All
GW> possible A RR's lame
GW>
GW> What is going on here!

Combination of operator and BIND stupidity.  BIND was not setting
AA on mx.everquick.net RRs, although both 216.89.137.11 and
65.208.232.2 are authoritative.  For whatever odd reason, I had
added a couple of NS RRs in $ORIGIN mx.everquick.net...

...but BIND processed them as a zone cut (unaware that said NS
RRs records referred to itself) and cleared AA.  Stupid behavior,
IMNSHO; you'd think a server with an auth copy of zone info, a
valid SOA RR, and itself listed as an NS would know to set AA.

Feh.  I'll just run mx.everquick.net as a separate zone; AA is
now set, which will eradicate the lame server errors for the
MX.

Only a couple more months until I'm done writing our DNS server,
and I can be rid of BIND and djbdns (haven't tried PowerDNS) for
good. :-)  Ironically enough, I added a check for this situation
in our DNS server a couple days ago, but didn't think to check
how BIND behaves.

In the mean time, thanks for the heads-up, Gerald.  Considering
AA was cleared, the lookup wasn't cached, so you probably did
receive a fair number of those log entries. ;-)

Now, if only BIND returned !AA NXDOMAIN instead of ancestral
referrals when it's not authoritative for a zone...


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.

References:
- [cobalt-users] DNS Errors.
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-users] Alliance Of Operators
Next by Date: Re: [cobalt-users] [RaQ 550] Backup with tar and e-mailing to admin
Previous by thread: [cobalt-users] DNS Errors.
Next by thread: [cobalt-users] RaQ4 with latest kernel just installed reports /home partition full when not

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index