Re: bind 9 error

> > When you're wondering what's wrong with a domain, you can go to
> > www.dnsreport.com and enter the domain.  It will look for lots of problems.
> 
> Nice info thanks!  Still doesn't explain why BIND 8 is more
> tolerant/reliable than BIND 9.  That's pretty disturbing to upgrade
> and find the old server works better than the new.
> 
> >     Well according to the nameservers for cyberbizsoft.net
> >     dns1.cyberbizsoft.net and dns2.cyberbizsoft.net does not exist.
> 
> That's not true.  dns1.cyberbizsoft.net does exist.  dig
> @dns1.cyberbizsoft.net victorero.com MX works fine.

        Did you bother to look at the dig output at the bottom of
        my message?  The glue records for dns1.cyberbizsoft.net and
        dns2.cyberbizsoft.net exist however the records these are
        supposed to be copies of don't.

        Named will learn that according to the nameservers for
        cyberbizsoft.net that dns1.cyberbizsoft.net and
        dns1.cyberbizsoft.net don't exist.  Once it learns this
        lookups of victorero.com fail.

        BIND 9 and recent BIND 8's lookup missing glue AAAA records,
        they also don't return glue as answers.  Both of these actions
        will cause them to learn that the name does not exist.

; <<>> DiG 8.3 <<>> dns1.cyberbizsoft.net @207.87.81.26 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      dns1.cyberbizsoft.net, type = A, class = IN

;; AUTHORITY SECTION:
cyberbizsoft.net.       1H IN SOA       cbsiinetserver.cyberbizsoft.net. admin. 
(
                                        2030            ; serial
                                        15M             ; refresh
                                        10M             ; retry
                                        1D              ; expiry
                                        1H )            ; minimum


;; Total query time: 291 msec
;; FROM: drugs.dv.isc.org to SERVER: 207.87.81.26  207.87.81.26
;; WHEN: Wed May 28 10:25:04 2003
;; MSG SIZE  sent: 39  rcvd: 111

> > It doesn't have an MX record.  This shouldn't be fatal -- if a hostname
> > doesn't have an MX, you send mail to it directly by looking up the A
> > record.
> 
> That's what I would expect to happen, but mail is fatal on the new
> server with BIND 9.  Perhaps its a problem with sendmail, but it's
> very confusing that dig victorero.com MX works on the old server but
> times out on the new.  It appears to be an error in BIND on the new
> server that only queries one of the NS servers.
> 
> Here more indication of a BIND 9 problem:
> 
> zone "victorero.com" {
>         type forward;
>         forwarders { 207.87.81.26; };
> };
> 
> Adding that to /etc/named.conf and email goes right through and dig
> victorero.com MX starts working.
> 
        No.  This is working around a misconfiguration.

        This is a classic case of GARBAGE IN GARBAGE OUT.

        Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@xxxxxxx