943,965 Members | Top Members by Rank

Hardware and Software > Networking > DNS Cache-Only Config Advice
Ad: Download FREE Network Management Software from Spiceworks
  • Networking Discussion Thread
  • Marked Solved
  • Views: 3842
  • Networking RSS
You are currently viewing page 2 of this multi-page discussion thread; Jump to the first page
Permalink
Sep 27th, 2009
0

Re: DNS Cache-Only Config Advice

Well there are settings in BIND for caching out-of-zone data which is the case here. There are inherent security issues with caching out of zone data unless you know what you are doing (which is the case here ). Take a look at this:
http://www.zytrax.com/books/dns/ch7/queries.html

The default behavior should be what you want but double check your configs and make sure they're set up for yes/yes caching. The URL indicates it should only be for CNAME/DNAME out-of-zone following but I would try it just to be sure.

Also take a look at your cache to see what is in it so we don't have to guess:
sk:/var/cache/bind# rndc dumpdb -cache
sk:/var/cache/bind# ls
named_dump.db  stats

From what I can tell MX records aren't cached. If I ran a dump -all I only see MX records for zones where the server is an authority. I have been reading around for half an hour and I can't see a definitive answer on how caching MX records should work. I do not see them in the bind cache and in RFC1912 I see this:
Quote ...
It is a good idea to give every host an MX record, even if it points
to itself! Some mailers will cache MX records, but will always need
to check for an MX before sending mail. If a site does not have an
MX, then every piece of mail may result in one more resolver query,
since the answer to the MX query often also contains the IP addresses
of the MX hosts. Internet SMTP mailers are required by [RFC 1123] to
support the MX mechanism.
It looks like you were right that exim keeps asking regardless. This must be the behavior of the mailer...
Featured Poster
Reputation Points: 1749
Solved Threads: 735
Senior Poster
sknake is offline Offline
3,948 posts
since Feb 2009
Permalink
Sep 28th, 2009
0

Re: DNS Cache-Only Config Advice

Hi Sknake,

A couple of thoughts before bed...

I have no "additional-from*" statements so from the link, I should indeed be "yes yes" (bind 9).

# grep MX cache_dump.db  | wc -l
2802
(counted them to hide the details, they're all MX records)

I wonder why only a few zones behave with the repeated queries, no A record, maybe I should visit their config and have them return a different value? I notice that there is no answer section when I dig these.

ttfn.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
unixanalyst is offline Offline
10 posts
since Sep 2009
Permalink
Sep 29th, 2009
0

Re: DNS Cache-Only Config Advice

Are they "domain.mx" -> mexico, or are they "IN MX" records? My qmail mail server only had domain.mx records in the bind cache, and MX records for my authoratative sites (my domains) -- not cached ones. I think you're on the right track with not having the A record. While its technically correct it may be confusing a resolver.
Featured Poster
Reputation Points: 1749
Solved Threads: 735
Senior Poster
sknake is offline Offline
3,948 posts
since Feb 2009
Permalink
Sep 29th, 2009
0

Re: DNS Cache-Only Config Advice

Just FYI on the thread...

                        25927   MX      5 mail.nacro.org.uk.
                        25927   MX      10 mail.uksolutions.net.
                        48373   MX      10 mailgate.sawyershall.org.uk.
                        36730   MX      5 mailgate1.networcs.net.
                        36730   MX      5 mailgate2.networcs.net.
                        36730   MX      15 mailgate3.networcs.net.
                        36730   MX      15 mailgate4.networcs.net.
                        62156   MX      0 mx5h.state.nj.us.
                        62156   MX      0 mx6o.state.nj.us.
                        62156   MX      0 mx7h.state.nj.us.
                        62156   MX      0 mx8o.state.nj.us.
Any idea what the number means? Is it TTL?

I'll post more when I've checked out altering the record for the errant domain.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
unixanalyst is offline Offline
10 posts
since Sep 2009
Permalink
Sep 29th, 2009
0

Re: DNS Cache-Only Config Advice

Yes it is the TTL id
Featured Poster
Reputation Points: 1749
Solved Threads: 735
Senior Poster
sknake is offline Offline
3,948 posts
since Feb 2009
Permalink
Oct 6th, 2009
0
Re: DNS Cache-Only Config Advice
Right, it's definitely working. I was unconvinced that Exim was actually benefiting from the local DNS cache but have proved that it is. Here's what I did to test...

[The packet capture bits were Ethereal screenshots but had to be deleted because they contained internal IP addresses. I've included descriptions of what was found instead]

Check yahoo isn't in the cache
[root@eximbox data]# rndc dumpdb
[root@eximbox data]# grep yahoo cache_dump.db
[root@eximbox data]# [nothing returned]
Start capturing TCP traffic on port 53
[root@eximbox data]# tcpdump -i eth0 -s 0 -w /tmp/dns.eximbox.`date +%Y%m%d-%H%M`.cap "tcp port 53 or udp port 53" &
Make Exim generate some DNS queries
[root@eximbox data]# echo test | exim -d+resolver martinkagb@yahoo.com
... [output deleted] ...
Exim reports successful DNS lookup
DNS lookup of yahoo.com (MX) succeeded
...
host_find_bydns yield = HOST_FOUND (2); returned hosts:
  f.mx.mail.yahoo.com 98.137.54.237 MX=1
  a.mx.mail.yahoo.com 67.195.168.31 MX=1
  e.mx.mail.yahoo.com 216.39.53.1 MX=1
  c.mx.mail.yahoo.com 216.39.53.2 MX=1
  c.mx.mail.yahoo.com 216.39.53.3 MX=1
  d.mx.mail.yahoo.com 68.142.202.247 MX=1
  d.mx.mail.yahoo.com 209.191.88.247 MX=1
  b.mx.mail.yahoo.com 66.196.82.7 MX=1
  b.mx.mail.yahoo.com 66.196.97.250 MX=1
  g.mx.mail.yahoo.com 98.137.54.238 MX=1
  g.mx.mail.yahoo.com 206.190.53.191 MX=1
... [output deleted] ...

Kill the capture
[root@eximbox data]# kill %1
93 packets captured
186 packets received by filter
0 packets dropped by kernel

Verify that DNS traffic has occured
[Packet capture:] Shows DNS queries going to upstream DNS servers and replies coming back.

Dump the cache and verify that yahoo has been entered
[root@eximbox data]# rndc dumpdb
[root@eximbox data]# grep yahoo cache_dump.db
yahoo.com.              105668  NS      ns1.yahoo.com.
                        105668  NS      ns2.yahoo.com.
                        105668  NS      ns3.yahoo.com.
                        105668  NS      ns4.yahoo.com.
                        105668  NS      ns5.yahoo.com.
                        105668  NS      ns6.yahoo.com.
                        105668  NS      ns8.yahoo.com.
                        4511    MX      1 a.mx.mail.yahoo.com.
                        4511    MX      1 b.mx.mail.yahoo.com.
                        4511    MX      1 c.mx.mail.yahoo.com.
                        4511    MX      1 d.mx.mail.yahoo.com.
                        4511    MX      1 e.mx.mail.yahoo.com.
                        4511    MX      1 f.mx.mail.yahoo.com.
                        4511    MX      1 g.mx.mail.yahoo.com.
a.mx.mail.yahoo.com.    1024    A       67.195.168.31
b.mx.mail.yahoo.com.    1024    A       66.196.82.7
c.mx.mail.yahoo.com.    1024    A       216.39.53.2
d.mx.mail.yahoo.com.    1024    A       68.142.202.247
e.mx.mail.yahoo.com.    1024    A       216.39.53.1
f.mx.mail.yahoo.com.    1782    A       98.137.54.237
g.mx.mail.yahoo.com.    1024    A       98.137.54.238
ns1.yahoo.com.          105668  A       68.180.131.16
ns2.yahoo.com.          105668  A       68.142.255.16
ns3.yahoo.com.          105668  A       121.101.152.99
ns4.yahoo.com.          105668  A       68.142.196.63
ns5.yahoo.com.          105668  A       119.160.247.124
ns6.yahoo.com.          105668  A       202.43.223.170
ns8.yahoo.com.          105668  A       202.165.104.22

Start a new capture
[root@eximbox data]# tcpdump -i eth0 -s 0 -w /tmp/dns.eximbox.`date +%Y%m%d-%H%M`.cap "tcp port 53 or udp port 53" &
Make Exim generate more DNS queries
[root@eximbox  data]# echo test | exim -d+resolver martinkagb@yahoo.com
... [output deleted] ...
Which again succeed
DNS lookup of yahoo.com (MX) succeeded
...
host_find_bydns yield = HOST_FOUND (2); returned hosts:
... [output deleted] ...

Kill the capture
[root@eximbox  data]# kill %1
32 packets captured
65 packets received by filter
0 packets dropped by kernel

Analyse the traffic
[Packet capture:] No DNS traffic between host and upstream DNS servers.

Big thanks sknake.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
unixanalyst is offline Offline
10 posts
since Sep 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Networking Forum Timeline: Software providing different ips
Next Thread in Networking Forum Timeline: Multi-firewall defense in depth





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC