Topic: SME won't resolve a particular domain

[Kelvin]

I did think of it but one thing that stopped me from doing it was the description on the configuration page which says :

Specify an address here if there is a firewall beween this server and the internet (not in this case), or if another DNS server resolves local addresses on your LAN.

I would not want all local address queries to end up going out to the ISP and then back again. On a slow link, this could be a killer.

Kelvin

[Cyrus Bharda]

We have it setup that way here at work and we rarly have usage above the 700MB/month range, thats with 160 people using http/ftp/email, on a dial-up 56k modem connection, so for me its not really much.

Cyrus Bharda

[Kelvin]

Hi Cyrus,

It's not the usage - it's the fact that any DNS lookups, etc. might need to go to the ISP's DNS server and fail before looking locally. I was asked to fix a network problem once for another company and tracked the problem to this issue (although they were using W2K servers instead of SME servers) ... another story for another day.

Kelvin

[Kelvin]

Unconvinced and not satisfied that the problem lies with iproperty's DNS settings (I mean, just look at all the symptoms and evidence - if only SME 5.1.2 can't find it but *everything* else can, how can it be anyone else's fault but SME's ??), I tried a few experiments.

1. I setup a new SME 5.6 beta server. Hooked it up to a dial up connection. Hooked up my laptop to it as a client. Fired up the connection. Tried www.iproperty.com.au -> works first go. Ping www.iproperty.com.au also works first go.

2. Reformatted the HDD and reloaded SME 5.1.2. Hooked up the connection as before. Tried www.iproperty.com.au -> cannot find. Ping www.iproperty.com.au -> unknown host.

3. Downloaded latest bind I could find for Redhat 7.1 (bind-9.2.1-0.71.1.i386.rpm and the corresponding bind-utils rpm). Installed them into the SME 5.1.2 server using rpm -Uvh *.rpm, rebooted, connected again, found a slight problem (see later) and tested www.iproperty.com.au -> worked first go. Ping also worked first go.

So, apparently, there must be a problem with the version of bind installed in SME 5.1.2. Now for the problems encountered.

After installing the updated bind packages and rebooting, I found that named did not start up automatically, resulting in no DNS resolutions at all. I had to manually start named with the command :-

service named start

After running a few minutes, the server console had a number of messages about "ld" spawining too fast and another message about the usage of named (which I failed to copy down before having to rush out earlier).

I do not know if the update command I used was the proper way to have upgraded bind or not. If anyone knows of the correct way to perform the upgrade and fix the errors / problems, I would be vary happy to know it. I've only tested on the test server and don't as yet dare to try it on the production servers unless I know the upgrade procedure will work correctly.

My thanks to all who have been participating in this little exercise. I will be submitting my results to bugs@e-smith.org as well, even if they reckon it may be iproperty's fault.

Kelvin

[Cyrus Bharda]

Sounds like you's be better off just upgrading to SME 5.5, but good luck

Cyrus Bharda

[Kelvin]

Actually, I'm hanging out for 5.6. I don't think 5.5 is worth all the hassles of upgrading, given that it still uses the same kernel as 5.1.2, very little gain IMHO. At least 5.6 will be using a standard RH kernel.

Plus, we are talking about lots of installed 5.1.2 servers out there. Even with M$ servers, you don't go out and upgrade them everytime M$ releases a new server OS (though they will love you for it if you did ! Ha ! Ha !). Especially if a Service Pack (oops, Blades in SME terminology) or hotfix, will fix the immediate problem. Besides, one cannot adopt the attitude that just because 5.5 is out therefore people with problems with 5.x (prior to 5.5) or even 4.x are on their own. Especially when the 5.x series really isn't all that old. The only real problems I have with 5.1.2 are :-

1. It occasionally loses mail (not often, but in some cases, once is too often).
2. The file system is too easily corrupted on an unexpected shutdown (UPSes don't help when people ignore GIANT signs in front of the power button to NOT turn off the system under any circumstances !)
3. This current problem with DNS (who knows what other domains it may have trouble with)

So, if I can patch up all existing 5.1.2 servers out there with an upgrade to bind to fix the DNS issue, I'm more than happy to do so.

Kelvin

[Rob Wellesley]

Kelvin wrote:
>
>
> So, if I can patch up all existing 5.1.2 servers out there
> with an upgrade to bind to fix the DNS issue, I'm more than
> happy to do so.
>
> Kelvin

Let me know if I can help - we install 5.1.2 servers and have had similar - sporadic - instances.

rob

[Kelvin]

Hi Rob,

I've been trying very hard to get the updated bind to work correctly. As I did not receive any replies of help from my later post on this issue, I had to tackle it alone (no small task for a linux newbie !).

I think I managed to figure it out (as of my last attempt late last night). I will try and note down the steps and redo it again on a clean loaded 5.1.2 server and if it works then I will post my results. The version of bind I am upgrading to should also fix up the bind security issue mentioned on e-smith.org, I think, not that anyone else seem to think it is an important issue at the moment.

Kelvin

[rob wellesley]

Hi Kelvin

The arrival of 5.6 has "solved" the problem for us. The workaround we have been operating is to set up a repeating 30 min cron job to dnsquery or dig for the "offending" name on that names registered nameserver. This reloads the local dns cache. Crude but effective.

Sorry we couldn't put any time into testing your update.

rob

[Kelvin]

Hi Rob,

That's all-right. I've successfully used the upgrade procedure at a number of 5.1.2 sites so far. I think my procedure uses the same bind version as 5.6 so whatever 5.6 "sees", my upgraded servers should also see.

Due to the PPTP issues, I'm holding back upgrading users to 5.6 (unless they have no need for PPTP - like file servers and non gateway servers).

Cheers !

Kelvin