9.6.1-P1 zone parser false errors
Len Conrad
Linux ns1.abcxyz.net 2.4.20-31.9smp #1 SMP Tue Apr 13 17:40:10 EDT 2004 i686 i686 i386 GNU/Linux
old BIND:
/usr/sbin/named-checkzone -v
9.2.1
/usr/sbin/named-checkzone abcxyz.com /var/named/db.abcxyz.com
zone abcxyz.com/IN: loaded serial 2009102902
OK
==========
current BIND:
/usr/local/sbin/named-checkzone -v
9.6.1-P1
/usr/local/sbin/named-checkzone abcxyz.com /var/named/db.abcxyz.com
zone abcxyz.com/IN: abcxyz.com/MX 'aspmx.l.google.com' (out of zone) is a CNAME 'mail-yx0-f102.google.com' (illegal)
zone abcxyz.com/IN: abcxyz.com/MX 'alt1.aspmx.l.google.com' (out of zone) is a CNAME 'mail-bw0-f39.google.com' (illegal)
zone abcxyz.com/IN: abcxyz.com/MX 'alt2.aspmx.l.google.com' (out of zone) is a CNAME 'fk-in-f114.1e100.net' (illegal)
zone abcxyz.com/IN: abcxyz.com/MX 'aspmx2.googlemail.com' (out of zone) is a CNAME 'mu-in-f27.1e100.net' (illegal)
zone abcxyz.com/IN: abcxyz.com/MX 'aspmx3.googlemail.com' (out of zone) is a CNAME 'mail-pz0-f6.google.com' (illegal)
zone abcxyz.com/IN: abcxyz.com/MX 'aspmx4.googlemail.com' (out of zone) is a CNAME 'mail-ew0-f7.google.com' (illegal)
zone abcxyz.com/IN: abcxyz.com/MX 'aspmx5.googlemail.com' (out of zone) is a CNAME 'mail-yx0-f8.google.com' (illegal)
zone abcxyz.com/IN: loaded serial 2009102902
All the google domain names are canonical, not CNAMEs.
no views, /etc/hosts is fine, no NIS in use.
Old Linux is broken?
thanks
Len
Chris Buxton
______________________
$ named-checkzone -v
9.6.1-P1
$ named-checkzone abcxyz.com abcxyz.com-hosts
zone abcxyz.com/IN: loaded serial 2009103001
OK
$ cat abcxyz.com-hosts
$TTL 1D
@ SOA localhost. hostmaster 2009103001 8H 2H 1W 2H
NS localhost.
MX 10 aspmx.l.google.com.
MX 10 alt1.aspmx.l.google.com.
MX 10 alt2.aspmx.l.google.com.
MX 10 aspmx2.googlemail.com.
MX 10 aspmx3.googlemail.com.
MX 10 aspmx4.googlemail.com.
MX 10 aspmx5.googlemail.com.
______________________
Just to be sure, I re-ran the test with "-i full" in the command line,
with the same result.
Could it be that, for a brief time, those names were CNAME'd to the
names indicated, and then set back to being A records? Of course, the l.google.com
zone is different depending on where you are in the world, so it's
conceivable that these values are different where you are than where I
am.
Chris Buxton
Professional Services
Men & Mice
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Len Conrad
no, this is a hard fault, over 2 days.
I do, from the machine,
dig abcxyz.com mx
and get the google domain names, then in the ADDITIONAL section, I get their A records.
I also
dig @ns1.google.com <some goog mx domain>
and an A record is returned for each MX domain name.
no CNAMEs anywhere, except in BIND's confusion.
Len
Chris Buxton
> ---------- Original Message ----------------------------------
> From: Chris Buxton <cbu...@menandmice.com>
> Date: Fri, 30 Oct 2009 14:13:31 -0700
>
>> I'm unable to reproduce this error.
>>
>
> no, this is a hard fault, over 2 days.
>
> I do, from the machine,
>
> dig abcxyz.com mx
>
> and get the google domain names, then in the ADDITIONAL section, I
> get their A records.
>
> I also
>
> dig @ns1.google.com <some goog mx domain>
>
> and an A record is returned for each MX domain name.
>
> no CNAMEs anywhere, except in BIND's confusion.
That's pretty strange, given my inability to reproduce this with the
same version of named-checkzone. My first thought was that it was
(mistakenly) resolving those names to addresses and back to names, and
then treating the original names as CNAMEs of the results, but if that
were the case, I would have expected to be able to reproduce the
problem.
As I recall, named-checkzone calls out to the operating system stub
resolver to look up these names. Is there any way the stub resolver
could be getting different data? Is there anything in the stub
resolver config (/etc/{hosts,resolv.conf}) that might explain this?
What do you get if you use 'host' to look up one of these mailhost
names?
Mark Andrews
In message <200910301615...@mail.Go2France.com>, "Len Conrad" writes:
> uname -a
>
> Linux ns1.abcxyz.net 2.4.20-31.9smp #1 SMP Tue Apr 13 17:40:10 EDT 2004 i686
> i686 i386 GNU/Linux
>
> old BIND:
>
> /usr/sbin/named-checkzone -v
>
> 9.2.1
>
> /usr/sbin/named-checkzone abcxyz.com /var/named/db.abcxyz.com
>
> zone abcxyz.com/IN: loaded serial 2009102902
>
> OK
>
> ==========
>
> current BIND:
>
> /usr/local/sbin/named-checkzone -v
>
> 9.6.1-P1
>
> /usr/local/sbin/named-checkzone abcxyz.com /var/named/db.abcxyz.com
>
> zone abcxyz.com/IN: abcxyz.com/MX 'aspmx.l.google.com' (out of zone) is a CNA
> ME 'mail-yx0-f102.google.com' (illegal)
getaddrinfo() is reporting that aspmx.l.google.com's cannonical
name is mail-yx0-f102.google.com. Somewhere in the resolution path
aspmx.l.google.com is being treated as a alias for
mail-yx0-f102.google.com. In the DNS this is done using a CNAME.
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
/*
* Turn off search.
*/
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
...
if (cur != NULL && cur->ai_canonname != NULL &&
strcasecmp(cur->ai_canonname, namebuf) != 0) {
...
if (!logged(namebuf, ERR_IS_MXCNAME)) {
dns_zone_log(zone, level,
"%s/MX '%s' (out of zone)"
" is a CNAME '%s' "
"(illegal)",
ownerbuf, namebuf,
cur->ai_canonname);
add(namebuf, ERR_IS_MXCNAME);
}
> zone abcxyz.com/IN: abcxyz.com/MX 'alt1.aspmx.l.google.com' (out of zone) is
> a CNAME 'mail-bw0-f39.google.com' (illegal)
> zone abcxyz.com/IN: abcxyz.com/MX 'alt2.aspmx.l.google.com' (out of zone) is
> a CNAME 'fk-in-f114.1e100.net' (illegal)
> zone abcxyz.com/IN: abcxyz.com/MX 'aspmx2.googlemail.com' (out of zone) is a
> CNAME 'mu-in-f27.1e100.net' (illegal)
> zone abcxyz.com/IN: abcxyz.com/MX 'aspmx3.googlemail.com' (out of zone) is a
> CNAME 'mail-pz0-f6.google.com' (illegal)
> zone abcxyz.com/IN: abcxyz.com/MX 'aspmx4.googlemail.com' (out of zone) is a
> CNAME 'mail-ew0-f7.google.com' (illegal)
> zone abcxyz.com/IN: abcxyz.com/MX 'aspmx5.googlemail.com' (out of zone) is a
> CNAME 'mail-yx0-f8.google.com' (illegal)
> zone abcxyz.com/IN: loaded serial 2009102902
>
> All the google domain names are canonical, not CNAMEs.
>
> no views, /etc/hosts is fine, no NIS in use.
>
> Old Linux is broken?
>
> thanks
> Len
>
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Sam Wilson
Chris Buxton <cbu...@menandmice.com> wrote:
> As I recall, named-checkzone calls out to the operating system stub
> resolver to look up these names. Is there any way the stub resolver
> could be getting different data? Is there anything in the stub
> resolver config (/etc/{hosts,resolv.conf}) that might explain this?
> What do you get if you use 'host' to look up one of these mailhost
> names?
And if you're using a system with an nsswitch.conf file or equivalent,
what does that say?
Sam
Tony Finch
>
> getaddrinfo() is reporting that aspmx.l.google.com's cannonical
> name is mail-yx0-f102.google.com. Somewhere in the resolution path
> aspmx.l.google.com is being treated as a alias for
> mail-yx0-f102.google.com. In the DNS this is done using a CNAME.
That's the kind of name you get if you do a reverse lookup on an IP
address returned by a lookup of aspmx.l.google.com, e.g.
$ dig +short -x $(dig +short aspmx.l.google.com)
mail-ew0-f49.google.com.
I'm not sure why getaddrinfo() would be doing a reverse lookup to
canonicalize a name. My test machines (Solaris, FreeBSD, Linux) don't.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.