Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I upgraded all our services from Ubuntu 9.10 to 10.4 and now the internal network keeps looking at our OLD email server to send mail.
I upgraded our email server a month ago, and after the upgrade was done mail was coming here fine. Now after this upgrade it is looking at the old server, 10.1.1.95. (the new is 10.1.1.96.)
Aug 18 12:23:12 SERVER postfix/smtp[32707]: 9023135A1A2: to=<EMAIL>, relay=mail.DOMAIN.com[10.1.1.95]:25, delay=0.28, delays=0.08/0.01/0.02/0.17, dsn=2.6.0, status=sent (250 2.6.0 <20110818162312.GA32693@ORIGINATING-SERVER> Queued mail for delivery)
I've checked /etc/resolv.conf and they are looking at our GoDaddy nameservers. I have done an rdnc flush.
Also.. we have a local nameserver here but I only use that as a backup. Here is my /etc/resolv.conf:
I want the mail to go to 10.1.1.96, not 10.1.1.95. When I do a dig or nslookup it all comes back 10.1.1.95, yet my local nameserver is set to 10.1.1.96.
This looks to me like something got messed up in the zone file for your local LAN DNS, i.e. the zone file that defines 10.x.x.x. I would look there. If you have any sort of master/slave arrangement it is also possible that you are looking at an older backup zone or a backup server that didn't get updated. Also be sure to check the serial numbers and make sure you don't have updates being undone because they appear to be an older file.
Here's the contents of the only zone file that it should be looking at.
Code:
root@Internal1:/etc/bind/zones/forward# cat db.DOMAIN.com
$TTL 28800
DOMAIN.com. IN SOA ns1.DOMAIN.com. syslog.DOMAIN.com. (
2010071301
28800
3600
604800
38400 )
DOMAIN.com. IN NS ns1.DOMAIN.com.
;
;web servers
@ IN A 10.1.1.210
web1 IN A 10.1.1.210
web10 IN A 10.1.1.20
web12 IN A 10.1.1.21
web20 IN A 10.1.1.125
web21 IN A 10.1.1.131
;
;internals
internal1 IN A 10.1.1.121
internal2 IN A 10.1.1.122
;
;Database servers
mapdb2 IN A 10.1.1.190
;
;backup servers
mapbak1 IN A 10.1.1.252
;
;mail servers
mapexch IN A 10.1.1.96
;
;other
dev11 IN A 10.2.1.20
l3map02 IN A 10.1.1.123
;
;CNAMES
ns1 CNAME internal1
ldap CNAME internal1
mail CNAME mapexch
backup CNAME mapbak1
www CNAME web1
DOMAIN.com. IN MX 10 mail.DOMAIN.com.
I notice a couple of things, but nothing jumps out at me as immediately obvious. Here are a couple things to look at:
1 - your original post is showing nameserver 10.1.1.121. As this is the name server listed in your private IP space, I assume this is the one that is authoritative for your domain. It looks like this correctly maps via a set of CNAMES, to the server internal1. Similarly, mail maps to mapexch via CNAME which points to your new address. The point I am trying to get at is that an IP / host name on your LAN (using a 10.x.x.x) address will only be resolvable via your DNS, which looks like it is correct. GoDaddy should only be resolving your public domains. I am not sure about the 4.2.2.2. It resolves to vnsc-bak.sys.gtei.net, which I am guessing is your provider.
2 - Interestingly, the .95 address doesn't appear in this zone file at all. This leaves me to wonder what server is returning this address? When you perform an nslookup and get the old address, what does it list above the result on the server line (where it says server: and underneath it address. This will tell you what returned the result.
3 - You can do some tests and specify which nameserver to use, typing 'server <name of the server>' at the nslookup command prompt '>' This will let you see if you get different results from different sources.
root@Internal1:~# nslookup server 4.2.2.2 mail.DOMAIN.com
Server: mail.DOMAIN.com
Address: 10.1.1.96#53
** server can't find server: SERVFAIL
So that's the correct address - but I get the SERVFAIL and a dig to that same server returns 10.1.1.95, the incorrect address... I'm not sure where else to look.
mail CNAME mapexch
backup CNAME mapbak1
www CNAME web1
DOMAIN.com. IN MX 10 mail.DOMAIN.com.
[/CODE]
Here's a bit from DNS-HOWTO:
Quote:
But it's safe to follow the rule that a MX, CNAME or SOA record should never refer to a CNAME record, they should only refer to something with an A record...
So I'm no expert in this matter, but here's what the HOWTO says and here your MX record is pointing to a CNAME record.
Another thing, only a guess though, but could it be that your computers have old /etc/hosts files having mailserver as "10.1.1.95" and /etc/nsswitch.conf saying
Quote:
hosts files dns
which makes them look first into files and only then via DNS? Although I'm not sure that nslookup follows this rule... but I don't see why it shouldn't.
EDIT.Wrong , as the nslookup command above is querying a server anyway.
I mean, in any case, when the cause of the problem isn't clear it is good to review every possibility...
From your post #7 I can see that your server 4.2.2.2 returns the right address, while the 8.8.8.8 is returning the wrong one.
Now the zone file from post #5 is taken from 4.2.2.2 I assume? And what does 8.8.8.8 have, so that it returns the wrong one?
Typically SERVFAIL means that there is a syntax error or something similar wrong with the zone file. Is this DNS under your control? If so, I would restart (bind?) and then look carefully at the syslog for any errors or warnings that help point out the problem.
8.8.8.8 is Google's public DNS. Since this is returning the old address, this tells me that it is likely wrong at the registrar level. Do you use a registrar's DNS or did you declare your own DNS to be the authoritative one(s) for the domain? In any case, I would double check what is on file there.
I really appreciate everyone's help so far. I am definitely a novice with DNS it turns out.
I believe I mislead - 4.2.2.2 and 8.8.8.8 return the same thing inside the network, and a different thing outside.
Inside:
Code:
; <<>> DiG 9.7.0-P1 <<>> @4.2.2.2 mail.DOMAIN.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6944
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.DOMAIN.com. IN A
;; ANSWER SECTION:
mail.DOMAIN.com. 2168 IN A 10.1.1.95
;; Query time: 8 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Thu Aug 25 10:37:43 2011
;; MSG SIZE rcvd: 53
Outside:
Code:
; <<>> DiG 9.7.0-P1 <<>> @4.2.2.2 mail.DOMAIN.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14934
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.DOMAIN.com. IN A
;; ANSWER SECTION:
mail.DOMAIN.com. 593 IN A 64.124.160.95
;; Query time: 10 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Thu Aug 25 10:38:21 2011
;; MSG SIZE rcvd: 53
Another wrinkle - someone pointed out to me that another server has Bind installed, so I configured the zone files as you said - using A records instead of CNAME and incrementing the serial number as I was told was necessary to pick up the changes, then restarted bind9. The two files are now identical:
Code:
root@Internal1:/etc/bind/zones/forward# cat db.DOMAIN.com
$TTL 28800
DOMAIN.com. IN SOA ns1.DOMAIN.com. syslog.DOMAIN.com. (
2011082501
28800
3600
604800
38400 )
DOMAIN.com. IN NS ns1.DOMAIN.com.
;
;web servers
@ IN A 10.1.1.210
web1 IN A 10.1.1.210
web10 IN A 10.1.1.20
web12 IN A 10.1.1.21
web20 IN A 10.1.1.125
web21 IN A 10.1.1.131
;
;internals
internal1 IN A 10.1.1.121
internal2 IN A 10.1.1.122
;
;Database servers
mapdb2 IN A 10.1.1.190
;
;backup servers
mapbak1 IN A 10.1.1.252
;
;mail servers
mail IN A 10.1.1.96
;
;other
dev11 IN A 10.2.1.20
l3map02 IN A 10.1.1.123
;
;CNAMES
ns1 CNAME internal1
ldap CNAME internal1
#mail CNAME mapexch
backup CNAME mapbak1
www CNAME web1
DOMAIN.com. IN MX 10 mail.DOMAIN.com.
I'm considering not using internal DNS at all... Also with some changes I've made I haven't received the SERVFAIL in a couple days.
Last edited by isthisyournacho; 08-25-2011 at 09:58 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.