[opensuse] MX record in DNS problem - Suse 11.0
Hello, Setting up a new DNS server on Suse 11.0 (currently using Suse 9.3), however when testing the server from the outside I get an error saying that the MX records can't be found. The records under ./master look identical the records on the running 9.3 server. I can't find what the problem is. Using Check DNS shows; Answer from N/A: host mail.ourdomain.com not found. Some of your MX do not work properly Any ideas on how to fix this? Many thanks, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2009-04-20 at 15:01 -0700, James D. Parra wrote:
Hello,
Setting up a new DNS server on Suse 11.0 (currently using Suse 9.3), however when testing the server from the outside I get an error saying that the MX records can't be found. The records under ./master look identical the records on the running 9.3 server. I can't find what the problem is.
Perhaps because bind in 11.0 by default is chrooted, so the files under /etc are not actually used, but a copy on the chrooted environment. Check those. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkns87UACgkQtTMYHG2NR9XYzQCfajlH7hZR9eQqGJCrt38w7zQw 2skAn3vxnxsl9DyD5sOtZufMfZTnKy0F =Rivn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Setting up a new DNS server on Suse 11.0 (currently using Suse 9.3), however when testing the server from the outside I get an error saying that the MX records can't be found. The records under ./master look identical the records on the running 9.3 server. I can't find what the problem is.
Perhaps because bind in 11.0 by default is chrooted, so the files under /etc are not actually used, but a copy on the chrooted environment. Check those. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thank you, Carlos. Where would I find those? Best, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2009-04-20 at 17:30 -0700, James D. Parra wrote:
Where would I find those?
/var/lib/named/ The init script should copy the files automatically. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkntGmEACgkQtTMYHG2NR9VFwACfUk04nZbzhrqA88Y+xwLnLE/y nqgAoJemcd77s2n721rHxhPvTM+wL4sU =ITTj -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 20 Apr 2009, James D. Parra wrote:- <snip>
Thank you, Carlos.
Where would I find those?
The default location is under /var/lib/named . Unless you've reconfigured it, the default was to run in a chrooted environment under 9.3. Looking at my ancient 9.1 system, it's been the default since at least then, and probably even before that. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 10.3 32b | openSUSE 11.0 32b | | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 | TOS 4.02 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Where would I find those?
The default location is under /var/lib/named . ~~~~~~~~~ Thanks guys. However that is where I update the files and the records on the 11.0 server are identical to the records on the 9.3 server in same location. Is there a dig command I can use to point to the 11.0 server to test the MX records? Maybe that will shed some light on what is going wrong. Again, many thanks. James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 20 Apr 2009, James D. Parra wrote:-
Where would I find those?
The default location is under /var/lib/named .
~~~~~~~~~
Thanks guys. However that is where I update the files and the records on the 11.0 server are identical to the records on the 9.3 server in same location.
Is there a dig command I can use to point to the 11.0 server to test the MX records? Maybe that will shed some light on what is going wrong.
Again, many thanks.
dig $your_domain mx @$server_to_test Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 10.3 32b | openSUSE 11.0 32b | | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 | TOS 4.02 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
dig $your_domain mx @$server_to_test ~~~~~~~~~~~~~ Thank you. Although the service is running, it appears that the address is not listening. <snip> # dig $musicreports.com mx @$192.168.20.64 dig: '.com' is not a legal name (empty label) # dig $musicreports mx @$192.168.20.64 ; <<>> DiG 9.4.1-P1 <<>> mx @92.168.20.64 ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached <snip> And nslookup didn't get a response either; # nslookup musicreports.com 192.168.20.64 Server: 192.168.20.64 Address: 192.168.20.64#53 *** Can't find musicreports.com: No answer <end> Any clues? Thanks again. James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 4/21/2009 at 7:18, "James D. Parra" <jamesp@musicreports.com> wrote:
dig $your_domain mx @$server_to_test
~~~~~~~~~~~~~
Thank you. Although the service is running, it appears that the address is not listening.
Just the obvious things: you checked the firewall? You will want UDP/53 to be accepted by the server (for regular queries) and possibly TCP/53 for zone transfers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2009-04-20 at 22:18 -0700, James D. Parra wrote:
# nslookup musicreports.com 192.168.20.64 Server: 192.168.20.64 Address: 192.168.20.64#53
*** Can't find musicreports.com: No answer
I get the same result here: nimrodel:~ # nslookup musicreports.com Server: 192.168.1.12 Address: 192.168.1.12#53 Non-authoritative answer: *** Can't find musicreports.com: No answer So the problem is the musicreports.com domain itself. nimrodel:~ # host -v musicreports.com ... ;; AUTHORITY SECTION: musicreports.com. 168357 IN NS ns2.musicreports.com. musicreports.com. 168357 IN NS ns1.musicreports.com. nimrodel:~ # host ns1.musicreports.com Host ns1.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns2.musicreports.com Host ns2.musicreports.com not found: 3(NXDOMAIN) The dns servers for that domain are down, invalid, not working... Try quering some other domain instead for your tests. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknttlIACgkQtTMYHG2NR9XyTwCfVJSMj1H7qo/qB+dn3ZxtPF02 eIAAn0ZPv2MY1XbmRntEExApKuvSz0/+ =XdAZ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
So the problem is the musicreports.com domain itself.
nimrodel:~ # host -v musicreports.com ... ;; AUTHORITY SECTION: musicreports.com. 168357 IN NS ns2.musicreports.com. musicreports.com. 168357 IN NS ns1.musicreports.com. nimrodel:~ # host ns1.musicreports.com Host ns1.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns2.musicreports.com Host ns2.musicreports.com not found: 3(NXDOMAIN)
The dns servers for that domain are down, invalid, not working... Try quering some other domain instead for your tests.
ns1.musicreports.com is fine: ; <<>> DiG 9.4.1-P1 <<>> ns1.musicreports.com. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54220 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.musicreports.com. IN A ;; ANSWER SECTION: ns1.musicreports.com. 172800 IN A 207.47.100.61 ;; AUTHORITY SECTION: musicreports.com. 172785 IN NS ns1.musicreports.com. musicreports.com. 172785 IN NS ns2.musicreports.com. ;; Query time: 181 msec ;; SERVER: 192.168.2.104#53(192.168.2.104) ;; WHEN: Tue Apr 21 14:17:36 2009 ;; MSG SIZE rcvd: 86 -- Per Jessen, Zürich (19.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen pecked at the keyboard and wrote:
Carlos E. R. wrote:
So the problem is the musicreports.com domain itself.
nimrodel:~ # host -v musicreports.com ... ;; AUTHORITY SECTION: musicreports.com. 168357 IN NS ns2.musicreports.com. musicreports.com. 168357 IN NS ns1.musicreports.com. nimrodel:~ # host ns1.musicreports.com Host ns1.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns2.musicreports.com Host ns2.musicreports.com not found: 3(NXDOMAIN)
The dns servers for that domain are down, invalid, not working... Try quering some other domain instead for your tests.
ns1.musicreports.com is fine:
; <<>> DiG 9.4.1-P1 <<>> ns1.musicreports.com. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54220 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION: ;ns1.musicreports.com. IN A
;; ANSWER SECTION: ns1.musicreports.com. 172800 IN A 207.47.100.61
;; AUTHORITY SECTION: musicreports.com. 172785 IN NS ns1.musicreports.com. musicreports.com. 172785 IN NS ns2.musicreports.com.
;; Query time: 181 msec ;; SERVER: 192.168.2.104#53(192.168.2.104) ;; WHEN: Tue Apr 21 14:17:36 2009 ;; MSG SIZE rcvd: 86
Except that there is no MX record. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ken Schneider - openSUSE wrote:
Per Jessen pecked at the keyboard and wrote:
Except that there is no MX record.
I didn't look for it, but it isn't exactly mandatory. Nevertheless: ; <<>> DiG 9.4.1-P1 <<>> musicreports.com mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4701 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;musicreports.com. IN MX ;; ANSWER SECTION: musicreports.com. 172800 IN MX 10 mail.musicreports.com. ;; AUTHORITY SECTION: musicreports.com. 170158 IN NS ns1.musicreports.com. musicreports.com. 170158 IN NS ns2.musicreports.com. ;; ADDITIONAL SECTION: mail.musicreports.com. 172800 IN A 207.47.100.36 ns1.musicreports.com. 170173 IN A 207.47.100.61 ;; Query time: 181 msec ;; SERVER: 192.168.2.104#53(192.168.2.104) ;; WHEN: Tue Apr 21 15:01:23 2009 ;; MSG SIZE rcvd: 123 /Per -- Per Jessen, Zürich (19.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2009-04-21 at 14:18 +0200, Per Jessen wrote:
The dns servers for that domain are down, invalid, not working... Try quering some other domain instead for your tests.
ns1.musicreports.com is fine:
No, it is not: nimrodel:~ # host ns2.musicreports.com Host ns2.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns1.musicreports.com Host ns1.musicreports.com not found: 3(NXDOMAIN) querying another server: nimrodel:~ # host ns1.musicreports.com 80.58.61.254 Using domain server: Name: 80.58.61.254 Address: 80.58.61.254#53 Aliases: Host ns1.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # Notice that it does not give an IP. Not for mx, not for anything. However, a verbose query does how an IP: nimrodel:~ # host -v ns1.musicreports.com 80.58.61.254 Trying "ns1.musicreports.com" Using domain server: Name: 80.58.61.254 Address: 80.58.61.254#53 Aliases: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57577 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.musicreports.com. IN A ;; ANSWER SECTION: ns1.musicreports.com. 172800 IN A 207.47.100.61 Received 54 bytes from 80.58.61.254#53 in 313 ms Trying "ns1.musicreports.com" Received 83 bytes from 80.58.61.254#53 in 254 ms Trying "ns1.musicreports.com.valinor" Host ns1.musicreports.com not found: 3(NXDOMAIN) Received 121 bytes from 80.58.61.254#53 in 63 ms Trying "ns1.musicreports.com" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26881 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.musicreports.com. IN MX ;; AUTHORITY SECTION: musicreports.com. 600 IN SOA terabyte.musicreports.com. root.terabyte.musicreports.com. 2009042000 10800 3600 604800 86400 Received 88 bytes from 80.58.61.254#53 in 473 ms nimrodel:~ # - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkntxEEACgkQtTMYHG2NR9Vg6QCeLK265dcIYznzYknh4gjw9mlP DVoAn1n/pGOL+RgIOZ8kiz7ukKTBChPm =1vSS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On Tuesday, 2009-04-21 at 14:18 +0200, Per Jessen wrote:
The dns servers for that domain are down, invalid, not working... Try quering some other domain instead for your tests.
ns1.musicreports.com is fine:
No, it is not:
nimrodel:~ # host ns2.musicreports.com Host ns2.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns1.musicreports.com Host ns1.musicreports.com not found: 3(NXDOMAIN)
Well, seen from here "musicreports.com" works fine. Maybe it had a problem at some point, and the negative TTL is too long? /Per -- Per Jessen, Zürich (19.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2009-04-21 at 15:23 +0200, Per Jessen wrote:
Carlos E. R. wrote:
ns1.musicreports.com is fine:
No, it is not:
nimrodel:~ # host ns2.musicreports.com Host ns2.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns1.musicreports.com Host ns1.musicreports.com not found: 3(NXDOMAIN)
Well, seen from here "musicreports.com" works fine. Maybe it had a problem at some point, and the negative TTL is too long?
Mmm... :-? It could be another sample of my ISP bad DNS service :-/ Now it half works: nimrodel:~ # host ns1.musicreports.com. 80.58.61.254 Using domain server: Name: 80.58.61.254 Address: 80.58.61.254#53 Aliases: ns1.musicreports.com has address 207.47.100.61 Host ns1.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns1.musicreports.com. ns1.musicreports.com has address 207.47.100.61 - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknt6C4ACgkQtTMYHG2NR9VYDQCdHpOOYdGCO0gPkE22s1ATUyE7 pm4AoITcQhhSTrYey2HIcW/KGLyquOsw =Zl2G -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Now it half works: nimrodel:~ # host ns1.musicreports.com. 80.58.61.254 Using domain server: Name: 80.58.61.254 Address: 80.58.61.254#53 Aliases: ns1.musicreports.com has address 207.47.100.61 Host ns1.musicreports.com not found: 3(NXDOMAIN) nimrodel:~ # host ns1.musicreports.com. ns1.musicreports.com has address 207.47.100.61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well, I think found the problem (sort of). Using Yast would insert '$ORIGIN .' at the top of the zone file and checkzone would show errors of 'ignoring out-of-zone data' for all of the names. Removing '$ORIGIN .' resolved the problem. At least on the primary server. Interestingly, when I run rndc on the secondary server to transfer over the zone, the '$ORIGIN .' line is in the file, however checkzone does not show any errors on the secondary server. How odd. Anyhow, all of your input was very helpful. It as available to the public for queries. Many thanks and best regards, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
In <805843153.103491240291134330.JavaMail.root@mri-mail>, James D. Parra wrote:
dig $your_domain mx @$server_to_test ~~~~~~~~~~~~~
Thank you. Although the service is running, it appears that the address is not listening.
# dig $musicreports.com mx @$192.168.20.64 ^ ^
Drop these and try again. In UNIX jargon, "$something" generally means, "substitute your something here". This is due to the UNIX shells expanding "$foo" to the value of the "foo" environment variable. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
participants (7)
-
Boyd Stephen Smith Jr. -
Carlos E. R. -
David Bolt -
Dominique Leuenberger -
James D. Parra -
Ken Schneider - openSUSE -
Per Jessen