[lug] Wierd Sendmail vs resolv.conf issue.

Nate Duehr nate at natetech.com
Thu Apr 5 02:23:56 MDT 2001 

On Thu, Apr 05, 2001 at 01:55:23AM -0600, John Starkey wrote:
> > i.e.:  dig @IP.OF.DNS.SERVER www.yahoo.com
> >
> > ... and get a response?
> 
> Yeah dig returned the records for yahoo using the DNS I had in there originally..
> 
> > If not, adding that server to /etc/resolv.conf will cause you problems.
> >
> > At the new site, is there a firewall between you and the remote DNS
> > server?  Stuff like that...
> 
> I can do DNS lookups using any server i want including the ones I'd entered, that
> supposedly caused the problems. So i don't think this would be the case.
> 
> > gethostbyaddr is going to do a REVERSE lookup.  Is your sendmail trying
> > to reverse resolve itself or other nameservers?  Are there actually
> > reverse records in the reverse zones for the new site?
> 
> No it's not reversed. nslookup is returning Non-Existent host/domain (is there an
> option for arpa? I didn't see one in man nslookup)

I'm not sure what you mean, but if you're trying to do reverse lookups
with dig, the easy way to do it is to use the -x option...

dig -x 100.200.300.400

... by itself will default to whatever's in /etc/resolv.conf (assuming
/etc/nsswitch.conf is set up to use DNS!  :-) ) and will reverse the
octets for you and add the in-addr.arpa. to the request... so it would
look up PTR record "400" in the 300.200.100.in-addr.arpa. zone.

Or you can force the query to go to a nameserver...

dig -x 100.200.300.400 @nameserver.ontheinter.net

> But it's doing fine with forward resolve and sendmail now. logins aren't delayed.

So I'm forgetful tonight... does that mean everything's working, or is
there something still goofed up?  ;-)

Just as another side-comment, nslookup is no longer distributed with
BIND 9 and is deprecated in favor of dig.  Dig's a much better tool
IMHO, and it is probably better to spend time learning its intricacies
instead of nslookup's -- of course, I have no idea what vendors like M$
will do -- they may continue their support for nslookup as a tool.
Isc.org is not releasing nslookup any more as part of the BIND source
tree, however...

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.

More information about the LUG mailing list