As well as the nameservers, if you haven't arranged with IOL and Pipex for backup mail services, you should probably take those out as well. It would be nice to have two real DNS servers rather than a CNAME for the same server to fool the IEDR into thinking you have two. Although the x.x.194.in-addr.arpa zone has calisto and leviathan as its nameservers - should this be consistent for each zone?
You should make sure you have PTR records for at least your nameservers themselves, of course you should have them for everything!
Do you really have calisto.mydomain.ie and levithan.mydomain.ie mail domains? If not a few of the extra MX records are redundant.
But the suggestions already made are the big ones.
HTH
Des
----- Original Message -----
From: Chris Boyd <chris_d_b71 at yahoo.com>
Date: Friday, May 7, 2004 1:56 pm
Subject: [ILUG] DNS problems
> I just recently did a full install of Fedora Core I
> (over RH 7.1, possibly not the best move) and I've
> having serious problems with named/DNS.
> I had thought that there was a problem with the name
> servers being registered with IEDR, but that doesn't
> seem to be the case.
> The named process is running and listening but nothing
> in mydomain resolves. It was working for a few days
> after (so I don't see how it could be the config
> files) I configured it after installing Fedora but it
> went down and I haven't been able to get it working
> since.
> After attempting to re-register the nameservers with
> IEDR I'm getting the following message from them:
>> OK: 09:45:43 UTC on Fri 7 May 2004
> OK: Verifying zone mydomain.ie.
> OK: Starting verification from server 194.x.x.x
> OK: Requesting NS list for zone mydomain.ie. from
> 194.x.x.x
> OK: No NS list in 'answer' section; checking
> 'authority' section
> FATAL: Empty NS list found for zone mydomain.ie. from
> 194.x.x.x
> OK: Querying server 194.x.x.x as 194.x.x.x
> FATAL: No authoritative answers obtained
> FATAL: Verification failed for zone mydomain.ie.
> FATAL: 09:45:43 GMT on Fri 7 May 2004
>> _____________________________________________
>> rndc -s host reload
>> tail -f /var/log/messages
>> May 7 08:35:21 leviathan named[22884]: loading
> configuration from '/etc/named.conf'
> May 7 08:35:21 leviathan named[22884]: no IPv6
> interfaces found
> May 7 08:35:46 leviathan named[22884]: lame server
> resolving 'www.mydomain.ie' (in 'mydomain.ie'?):
> 194.x.x.x#53
> May 7 08:35:46 leviathan last message repeated 2
> times
>>>> ps auxw|less
>> named 22884 0.0 1.4 40824 3636 ? May06 0:56
> /usr/sbin/named -u named -t /var/named/chroot
>> Here's named.conf:
>> // generated by named-bootconf.pl
>> options {
> directory "/var/named";
> /*
> * If there is a firewall between you and
> nameservers you want
> * to talk to, you might need to uncomment the
> query-source
> * directive below. Previous versions of BIND
> always asked
> * questions using port 53, but BIND 8.1 uses
> an unprivileged
> * port by default.
> */
>> //query-source address * port 53;
> };
>> //
> // File: named.boot
> // Purpose: give the DNS its startup parameters and
> // list of startup files.
> //
> //
> //
> //
> // XFRNETS parameter limits the transfer of zone
> information
> // to machines matching the subnet wildcard/mask
> entries listed
> //
> //
> // XFRNETS
> //
> // establish a loopback entry for this machine, and
> tell
> // it to load its identity from db.127.0.0
> //
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "db.127.0.0";
> };
>> //
> // set ourselves as primary server for the zone
> //
> zone "mydomain.ie" {
> type master;
> file "db.zoneinfo";
> };
>> //
> // provide reverse address-to-host mapping
> //
> zone "x.x.194.in-addr.arpa" {
> type master;
> file "db.194.x.x";
> };
>> //
> // prime the DNS with root server 'hint' information
> //
> zone "." {
> type hint;
> file "db.cache";
> };
>> logging {
> category lame-servers{null;};
> };
> key rndc {
> algorithm hmac-md5 ;
> secret "x";
> };
> controls {
> inet 127.0.0.1 allow { localhost; } keys
> {rndc; };
> };
>>> Here's /var/named/db.zoneinfo:
>> $ORIGIN .
> $TTL 172800 ; 2 days
> mydomain.ie IN SOA host.mydomain.ie.
> hostmaster.mydomain.ie. (
> 1998062504 ; serial
> 21600 ; refresh
> (6 hours)
> 7200 ; retry (2
> hours)
> 1209600 ; expire (2
> weeks)
> 172800 ; minimum
> (2 days)
> )
> NS ns.isi.ie
> NS ns2.esat.net
> NS titan.mydomain.ie.
> NS leviathan.mydomain.ie.
> A 194.x.x.x
> MX 5 GPO.mydomain.ie.
> MX 10 mxbackup.iol.net.
> MX 50 relay.pipex.net.
> $ORIGIN mydomain.ie.
> calisto A 194.x.x.2
> MX 1 leviathan
> $ORIGIN mydomain.ie.
> defunct A 194.x.x.111
> ftp CNAME leviathan
> $ORIGIN mydomain.ie.
> GPO CNAME leviathan
> $ORIGIN mydomain.ie.
> keeper A 194.x.x.112
> leviathan A 194.x.x.x
> MX 5 GPO
> MX 10 mail.iol.ie.
> MX 50 relay.pipex.net.
> localhost A 127.0.0.1
> mail CNAME leviathan
> $ORIGIN mydomain.ie.
> ns CNAME leviathan
> $ORIGIN mydomain.ie.
> titan CNAME leviathan
> ww2 CNAME leviathan
> www CNAME leviathan
>> Here's /var/named/db.194.x.x
>> $TTL 172800 ; 2 days
> x.x.194.in-addr.arpa. IN SOA
> leviathan.mydomain.ie. hostmaster.mydomain.ie. (
> 1998062504 ; serial
> 21600 ; refresh
> (6 hours)
> 7200 ; retry (2
> hours)
> 1209600 ; expire (2
> weeks)
> 172800) ; minimum
> (2 days)
>> NS ns.isi.ie
> NS ns2.esat.net
> NS leviathan.mydomain.ie.
> NS calisto.mydomain.ie
>>> >From the secondary DNS server:
>> /etc/rc.d/init.d/named restart
> Stopping named:
> [ OK ]
> Starting named:
> [ OK ]
> [root at calisto root]# tail -f /var/log/messages
> May 7 13:07:31 calisto named[23381]: zone
> mydomain.ie/IN: expired
> May 7 13:07:31 calisto named[23381]: zone
> x.x.194.in-addr.arpa/IN: refresh: non-authoritative
> answer from master 194.x.x.x#53
> May 7 13:07:31 calisto named[23381]: zone
> irelands-web.ie/IN: refresh: non-authoritative answer
> from master 194.125.22.1#53
>> Anyway, not sure where to go from here and any help
> greatly appreciated.
>> TIA
>> Chris
>>>>>>>>> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
>http://hotjobs.sweepstakes.yahoo.com/careermakeover> --
> Irish Linux Users' Group
>http://www.linux.ie/mailman/listinfo/ilug/>>
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
