bind9 + host command issue in FreeBSD-5.4

Hello all!

I am not sure if this is the right place to discuss this issue but I am
experiencing strange behaviour with bind9 + host command with some domains
that bind are _not_ authoritative as the following example:

# uname -a
FreeBSD server2.mydomain.com.br 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed
Feb 1 22:18:04 BRST 2006
root@xxxxxxxxxxxxxxxxxxxxxxx:/usr/src/sys/i386/compile/SERVER2 i386

# named -v
BIND 9.3.1

# host -t mx unibanco.com.br
unibanco.com.br mail is handled by 10 cauexcnt001smtp.unibanco.com.br.

Ok, fine so far.


# host cauexcnt001smtp.unibanco.com.br.
cauexcnt001smtp.unibanco.com.br has address 200.174.81.116
Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL)

That's the problem! host command replies with SERVFAIL. This also causes
sendmail to raise "host name lookup failure" and not deliver the messages.
The strange thing is that nslookup and dig work correctly:

# nslookup cauexcnt001smtp.unibanco.com.br.
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: cauexcnt001smtp.unibanco.com.br
Address: 200.174.81.116

# dig cauexcnt001smtp.unibanco.com.br.

; <<>> DiG 9.3.1 <<>> cauexcnt001smtp.unibanco.com.br.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4512
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;cauexcnt001smtp.unibanco.com.br. IN A

;; ANSWER SECTION:
cauexcnt001smtp.unibanco.com.br. 0 IN A 200.155.107.243

;; AUTHORITY SECTION:
cauexcnt001smtp.unibanco.com.br. 1322 IN NS ubblp01.unibanco.com.br.
cauexcnt001smtp.unibanco.com.br. 1322 IN NS ubblp02.unibanco.com.br.

;; Query time: 250 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 17 13:46:18 2006
;; MSG SIZE rcvd: 109


I also have another server with the same FreeBSD and bind version and the
problem is the same. On the other hand, a server with FreeBSD-4.8 and bind
8.3.4-REL works ok:

# host cauexcnt001smtp.unibanco.com.br
cauexcnt001smtp.unibanco.com.br has address 200.174.81.243


I've tried several things, looked into google the entire morning, but no
success.
It's not firewall. "ipfw add 1 allow ip from any to any" didn't help.
Ports bind 9.3.2 also didn't work.

Any help would be greatly appreciated.

Thank you in advance,
Tobias.


_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: resolv order /etc/hosts file
    ... I am running a bind9 server and want pc's using it as a DNS server to ... BIND uses DNS. ... Doesn't matter if you're on the host running BIND or not. ...
    (comp.unix.admin)
  • Re: resolv order /etc/hosts file
    ... I am running a bind9 server and want pc's using it as a DNS server to ... BIND uses DNS. ... Doesn't matter if you're on the host running BIND or not. ...
    (comp.unix.admin)
  • Re: bind9 + host command issue in FreeBSD-5.4
    ... that bind are _not_ authoritative ... Host cauexcnt001smtp.unibanco.com.br not found: 2 ... sendmail to raise "host name lookup failure" and not deliver the messages. ... possible that your system has IPv6 support enabled, ...
    (freebsd-net)
  • Re: Avoiding domain mismatch (TCPIP Services)
    ... I think I have the BIND server configured ok, ... database doesn't get to the DNS server so you can't test it. ... of a DI524 host name, since this would help isolate problems. ... But you don't have authority for it. ...
    (comp.os.vms)
  • RE: What sort of attack is this?
    ... What sort of attack is this? ... host doesn't need. ... I was wondering why BIND would just stop responding. ...
    (Focus-Linux)