bind9 + host command issue in FreeBSD-5.4

Scott Bennett bennett at cs.niu.edu
Sat Feb 18 04:25:08 PST 2006 

     On Fri, 17 Feb 2006 22:24:29 -0800 Doug Barton <dougb at FreeBSD.org>
wrote:

>tpeixoto at widesoft.com.br wrote:
>> Hello all!
>> 
>> I am not sure if this is the right place to discuss this issue
>
>For future reference, the bind-users list at ISC is probably a better forum,
>but this is as good as any. :)
>
>> but I am
>> experiencing strange behaviour with bind9 + host command with some domains
>> that bind are _not_ authoritative
>
>I assume you mean domains for which you are not authoritative, in other
>words, domains you have no control over.
>
>> as the following example:
>> 
>> # uname -a
>> FreeBSD server2.mydomain.com.br 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed
>> Feb  1 22:18:04 BRST 2006    
>> root at server2.mydomain.com.br:/usr/src/sys/i386/compile/SERVER2  i386
>> 
>> # named -v
>> BIND 9.3.1
>
>When 5.5-RELEASE comes out (or better yet, 6.1-RELEASE) you should seriously
>consider upgrading. If you are doing anything mission critical that depends
>on DNS, BIND 9.3.2 is going to be an improvement for you.
>
>> # host cauexcnt001smtp.unibanco.com.br.
>> cauexcnt001smtp.unibanco.com.br has address 200.174.81.116
>> Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL)
>
>The second line is caused because there is no AAAA record for that hostname,
>and by default host always queries for one. You can see that things are fine
>with the hostname itself by using 'host -t a', or by using dig as you did
>below. FYI, if you need to do any kind of serious DNS debugging, dig is
>always the best tool to use. The host command is best for simple lookups
>when you just need the answer.
>
>> That's the problem! host command replies with SERVFAIL. This also causes
>> sendmail to raise "host name lookup failure" and not deliver the messages.
>
>sendmail does not use the host command. The most likely cause for this
>failure is that the A record for cauexcnt001smtp.unibanco.com.br has a 0
>second TTL, which is not only stupid, it's extremely unfriendly. It's also
>possible that your system has IPv6 support enabled, but you don't have IPv6
>connectivity, and/or your sendmail is configured to use (or prefer) IPv6
>addresses. Also, if you have any input into the operation of this zone,
>suggest that they increase the TTL, and add an MX record for that hostname
>(even if it points to itself).
>
     Another point to keep in mind is that sendmail requires authoritative
answers.  It ignores non-authoritative responses.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the freebsd-net mailing list