Eric,
I think I found part of my problem. It was an entry in the forwards of
my DNS server. This should really improve performance. I am not sure
how it even worked.
CJ
Eric Shubert wrote:
> Maxwell Smart wrote:
>> Eric,
>>
>> Eric Shubert wrote:
>>> Maxwell Smart wrote:
>>>> Eric,
>>>>
>>>> Yes, they are there and constant with 127.0.0.1 in the first
>>>> position of
>>>> my resolv.conf file. If I move it back to the last position it's ok.
>>> It's not really ok. It's just that the DNS server(s) before it in the
>>> list are handling the requests, so it never gets to 127.0.0.1, which
>>> is your localhost DNS server.
>>>
>> OK, but it's then going through the ISP's servers anyways just in a
>> round about way.
>
> Not unless you deliberately set it up that way. With a typical
> caching/resolving nameserver, DNS requests will not hit the ISP's
> server at all.
>
>>> The dig command (man dig) is handy for troubleshooting DNS problems.
>>>
>>> You might try:
>>> # dig @127.0.0.1 google.com
>>> and see what you get. I'm guessing that you'll get an error of some
>>> sort (the command will work, but the result of the lookup will fail).
>>>
>> Dig worked fine, no error.
>
> Did it return an answer section with a result in it? dig won't show a
> glaring error. You need to know what to look for.
>
>>>> Ideas on how to begin to troubleshoot? I remember someone on the
>>>> list a
>>>> few days ago experiencing the same issue, but paid little attention
>>>> then.
>>> IIRC you said earlier that this is a secondary to your authoritative
>>> server. It's generally considered a bad practice to have a DNS server
>>> configured to handle both authoritative and resolver requests. It can
>>> be done, but you'd better know what you're doing.
>>>
>>> If it's ok to blow away your secondary DNS, I would:
>>> # yum remove bind
>>> # yum install chroot-bind caching-nameserver
>>> then try moving 127.0.0.1 to the top of /etc/resolv.conf again.
>>
>> I have a master DNS server (ns1) which is authoritative and a slave
>> (ns2) which is also a web and e mail server.
>
> It'd be better to have a caching/resolving DNS server on the web/email
> host. The email server will use the resolving DNS server fairly
> heavily. Better to put the slave DNS on a different host.
>
>> So remove the nameserver 64.168.70.132 entry in the resolve.conf file?
>
> Absolutely. Authoritative servers should never be listed in the
> resolv.conf file.
>
>> The other problem is this was all working just fine until about a week
>> or so ago. I don't know why I would have to start changing my DNS when
>> it was working fine. There is no reason this should have changed. I
>> did however update my toaster.
>
> I don't know what all changed, but updating the toaster should not
> have caused this problem. I think that is coincidental.
>
> Best guess at this point is that your ISP's DNS was/is having
> problems. We've recommended using a caching nameserver on the toaster,
> which will keep your ISP's DNS from detrimentally affecting your
> toaster. Unfortunately, you already had a secondary DNS server running
> on your toaster, which is not a recommended configuration. It is
> possible to configure bind on your toaster to do both secondary
> authoritative and resolving, but that's beyond what we can do for you
> here.
>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
