Re: /etc/resolv.conf with 3 nameservers

2006-04-10 Thread Ken Stevenson

[EMAIL PROTECTED] wrote:

Hi,

The man page of resolv.conf claims:

 The different configuration options are:

 nameserver  Internet address (in dot notation) of a name server that the
 resolver should query.  Up to MAXNS (currently 3) name
 servers may be listed, one per keyword

I've three DNS server in my /etc/resolv.conf in 6.0-REL:

$ cat /etc/resolv.conf
domain Sisis.de
nameserver 10.0.1.201
nameserver xxx.xxx.xxx.xxx
nameserver yyy.yyy.yyy.yyy

But only the 1st one (10.0.1.201) is contacted to make the name lookup
(I've checked this with trussing a 'ping whatever.domain.com') and if
it does not know the addr, while the second one would know it, it does
not resolve.

Do I miss something?
Thx

matthias

I think the problem is that once your first server responds with a 
domain not found, that's considered an answer to your query. It 
doesn't try another DNS server just to see if it gets a different 
answer. If you were to disable the DNS server on 10.0.1.201, then it 
would use xxx.xxx.xxx.xxx or yyy.yyy.yyy.yyy to resolve the query.


--
Ken Stevenson
Allen-Myland Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: /etc/resolv.conf with 3 nameservers

2006-04-10 Thread guru
El día Monday, April 10, 2006 a las 10:44:52AM -0400, Ken Stevenson escribió:

 I think the problem is that once your first server responds with a 
 domain not found, that's considered an answer to your query. It 
 doesn't try another DNS server just to see if it gets a different 
 answer. If you were to disable the DNS server on 10.0.1.201, then it 
 would use xxx.xxx.xxx.xxx or yyy.yyy.yyy.yyy to resolve the query.

Yes, you're right. It is said in (...) that the fall down only works
on timeout. I did not read carefully enough, stupid as I am. :-(

matthias

-- 
Matthias Apitz / Sisis Informationssysteme GmbH
ein Tochterunternehmen der OCLC PICA B.V. Leiden (NL)
D-82041 Oberhaching, Gruenwalder Weg 28g
Fon: +49 89 / 61308-351, Fax: -399, Mobile +49 170 4527211
http://www.sisis.de/~guru/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: /etc/resolv.conf with 3 nameservers

2006-04-10 Thread Alex Zbyslaw

[EMAIL PROTECTED] wrote:


El día Monday, April 10, 2006 a las 10:44:52AM -0400, Ken Stevenson escribió:

 

I think the problem is that once your first server responds with a 
domain not found, that's considered an answer to your query. It 
doesn't try another DNS server just to see if it gets a different 
answer. If you were to disable the DNS server on 10.0.1.201, then it 
would use xxx.xxx.xxx.xxx or yyy.yyy.yyy.yyy to resolve the query.
   



Yes, you're right. It is said in (...) that the fall down only works
on timeout. I did not read carefully enough, stupid as I am. :-(
 

There's nothing to stop you configuring that local nameserver to use 
your two backups for names that it cannot resolve.


You could then leave the two backups in /etc/resolv.conf but if your 
local nameserver is authoritative for your local domain, then you 
probably want to know if it goes away, and those backups won't be able 
to look up names in your local domain.


I'm making some assumptions about why you set things up this way in the 
first place, and I may be wrong, but there's too little info in your 
post to give definitive suggestions.


--Alex



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: /etc/resolv.conf with 3 nameservers

2006-04-10 Thread guru
El día Monday, April 10, 2006 a las 04:07:34PM +0100, Alex Zbyslaw escribió:

 [EMAIL PROTECTED] wrote:
 
 El día Monday, April 10, 2006 a las 10:44:52AM -0400, Ken Stevenson 
 escribió:
 
  
 
 I think the problem is that once your first server responds with a 
 domain not found, that's considered an answer to your query. It 
 doesn't try another DNS server just to see if it gets a different 
 answer. If you were to disable the DNS server on 10.0.1.201, then it 
 would use xxx.xxx.xxx.xxx or yyy.yyy.yyy.yyy to resolve the query.

 
 
 Yes, you're right. It is said in (...) that the fall down only works
 on timeout. I did not read carefully enough, stupid as I am. :-(
  
 
 There's nothing to stop you configuring that local nameserver to use 
 your two backups for names that it cannot resolve.
 
 You could then leave the two backups in /etc/resolv.conf but if your 
 local nameserver is authoritative for your local domain, then you 
 probably want to know if it goes away, and those backups won't be able 
 to look up names in your local domain.
 
 I'm making some assumptions about why you set things up this way in the 
 first place, and I may be wrong, but there's too little info in your 
 post to give definitive suggestions.

The anderlying problem is that we are three companies, now connected
through VPN tunnels. Each company runs it's own DNS server internaly and
without publicating all its names to Internet. The three DNS are
10.0.1.201 (mine one), xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy. 

Any idea? Yes, in the future we will unify the whole zone, but this is
not a short term option...

matthias
-- 
Matthias Apitz / Sisis Informationssysteme GmbH
ein Tochterunternehmen der OCLC PICA B.V. Leiden (NL)
D-82041 Oberhaching, Gruenwalder Weg 28g
Fon: +49 89 / 61308-351, Fax: -399, Mobile +49 170 4527211
http://www.sisis.de/~guru/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: /etc/resolv.conf with 3 nameservers

2006-04-10 Thread Alex Zbyslaw

[EMAIL PROTECTED] wrote:


El día Monday, April 10, 2006 a las 04:07:34PM +0100, Alex Zbyslaw escribió:
 

There's nothing to stop you configuring that local nameserver to use 
your two backups for names that it cannot resolve.


You could then leave the two backups in /etc/resolv.conf but if your 
local nameserver is authoritative for your local domain, then you 
probably want to know if it goes away, and those backups won't be able 
to look up names in your local domain.


I'm making some assumptions about why you set things up this way in the 
first place, and I may be wrong, but there's too little info in your 
post to give definitive suggestions.
   



The anderlying problem is that we are three companies, now connected
through VPN tunnels. Each company runs it's own DNS server internaly and
without publicating all its names to Internet. The three DNS are
10.0.1.201 (mine one), xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy. 


Any idea? Yes, in the future we will unify the whole zone, but this is
not a short term option...
 

Presumably all three ranges have distinct domain names  E.g. company1.de 
company2.de company3.de


I am no expert of DNS, but isn't all you need for each company to run 
nameservers which are slaves (secondaries) for the other 2 as well as 
master of their own?  So the nameserver at company1 is master for 
company1.de and is a slave for company2.de and company3.de etc.


Of course, you might want some redundancy in that scenario, with each 
company running DNS on another server as well, and that one being a 
slave for all 3 domains.


If you don't know enough to do that, I strongly recommend getting the 
latest edition of O'Reilly DNS and BIND; and you should find BIND doc 
on your FreeBSD system starting in /usr/share/doc/bind9/arm/Bv9ARM.html.


Best,

--Alex



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: /etc/resolv.conf with 3 nameservers

2006-04-10 Thread Charles Swiger

On Apr 10, 2006, at 9:54 AM, [EMAIL PROTECTED] wrote:

$ cat /etc/resolv.conf
domain Sisis.de
nameserver 10.0.1.201
nameserver xxx.xxx.xxx.xxx
nameserver yyy.yyy.yyy.yyy

But only the 1st one (10.0.1.201) is contacted to make the name lookup
(I've checked this with trussing a 'ping whatever.domain.com') and if
it does not know the addr, while the second one would know it, it does
not resolve.

Do I miss something?


If your nameserver at 10.whatever is returning NXDOMAIN, the resolver  
has gotten an answer and never asks for a second opinion from other  
nameservers.  Fix your 10.whatever nameserver...


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]