MS DNS & Bind 9.2.1: msg#00511

I'm having a very strange problem since upgrading Bind on my RH 7.3 servers
to 9.2.1. We have internal DNS servers running on NT4 which forward to our
external Bind 9.2.1 servers that sit in a firewall DMZ. For some domains
(e.g. netrover.com), the MS DNS servers are unable to resolve anything. If
we remove the forwarding then the MS servers have no resolution problems.
Likewise, forwarding to a 2K DNS server results in no problem. We did not
have this issue prior to upgrading (via up2date) to 9.2.1. The PIX firewall
logs show no denials. Unfortunately we are stuck with this configuration for
the foreseeable future as our external servers have copies of the MAPS RBL.
Sendmail on an internal Solaris 8 box gives us the following:

bash-2.03# mailx -v user@xxxxxxxxxxxx
Subject: Test 1
Test 1
.
EOT
user@xxxxxxxxxxxxxxx netrover.com: Name server timeout
user@xxxxxxxxxxxxxxx Transient parse error -- message queued for future
delivery
user@xxxxxxxxxxxxxxx Queued

Yet when I do a nslookup I have no problem getting a response:

bash-2.03# nslookup
Default Server:  proxy.thestar.ca
Address:  10.0.0.1

> set type=mx
> netrover.com
Server:  internaldns.thestar.com
Address:  10.0.0.1

Non-authoritative answer:
netrover.com    preference = 0, mail exchanger = river.netrover.com
netrover.com    preference = 5, mail exchanger = bay.netrover.com

Authoritative answers can be found from:
com     nameserver = G.GTLD-SERVERS.NET
com     nameserver = H.GTLD-SERVERS.NET
com     nameserver = I.GTLD-SERVERS.NET
com     nameserver = J.GTLD-SERVERS.NET
com     nameserver = K.GTLD-SERVERS.NET
com     nameserver = L.GTLD-SERVERS.NET
com     nameserver = M.GTLD-SERVERS.NET
com     nameserver = A.GTLD-SERVERS.NET
com     nameserver = B.GTLD-SERVERS.NET
com     nameserver = C.GTLD-SERVERS.NET
com     nameserver = D.GTLD-SERVERS.NET
com     nameserver = E.GTLD-SERVERS.NET
com     nameserver = F.GTLD-SERVERS.NET

I thought perhaps it was due to the referral being received but it happens
for other domains as well that are not sending referrals. I don't quite
understand why the referral either. We allow recursion on our external
servers for all internal subnets.

bash-2.03# mailx -v user@xxxxxxxxxx
Subject: Test 2
Test 2
.
EOT
user@xxxxxxxxxxxxx zurich.com: Name server timeout
user@xxxxxxxxxxxxx Transient parse error -- message queued for future
delivery
user@xxxxxxxxxxxxx Queued


Ideas anyone?



-- Attached file included as plaintext by Ecartis --

Get to know us
http://www.thestar.com - Canada's largest daily newspaper online
http://www.toronto.com - All you need to know about T.O.
http://www.workopolis.com - Canada's biggest job site
http://www.torontostartv.com - Webcasting & Production
http://www.newinhomes.com - Ontario's Largest New Home & Condo Website
http://www.waymoresports.com - Canada's most comprehensive sports site
http://www.tmgtv.ca - Torstar Media Group Television

Previous by Date:	Re: bind thinks its 4 hours later than it really is, Mark_Andrews
Next by Date:	Workstation name resolution problems in CERTAIN apps, Joel Linuxdude
Previous by Thread:	bind thinks its 4 hours later than it really is, Douglas J Hunley
Next by Thread:	Re: MS DNS & Bind 9.2.1, Danny Mayer
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>