Gabriel Tabares wrote:
On 23/08/2010 13:28, Joseph L. Casale wrote:
Both files are the default ones from CentOS:
So what do the host names look like that the application attempts to resolve, fully qualified or not? What does your cli based query look like?
My resolv.conf is:
search mydomain.com nameserver 10.3.2.2
The hostname of the machines is set to a FQDN server.mydomain.com.
The time it takes for the queries does not change whether we use the FQDN or just the hostname.
See below for an example (I stopped the mail server so the connection was refused).
#time telnet md-mail02.mydomain.com 25 (long wait) Trying 10.2.9.2... telnet: connect to address 10.2.9.2: Connection refused telnet: Unable to connect to remote host: Connection refused
real 0m20.005s user 0m0.000s sys 0m0.005s
#time telnet md-mail02 25 (long wait) Trying 10.2.9.2... telnet: connect to address 10.2.9.2: Connection refused telnet: Unable to connect to remote host: Connection refused
real 0m10.004s user 0m0.001s sys 0m0.002s
#time telnet 10.2.9.2 25 (no wait) Trying 10.2.9.2... telnet: connect to address 10.2.9.2: Connection refused telnet: Unable to connect to remote host: Connection refused
real 0m0.005s user 0m0.001s sys 0m0.002s
Nslookup responds immediately:
#time nslookup my-mail02.mydomain.com Server: 10.2.2.254 Address: 10.2.2.254#53
Non-authoritative answer: Name: my-mail02.mydomain.com Address: 10.2.9.2
real 0m0.006s # Eclipse ISP nameserver 212.104.130.9 nameserver 212.104.130.65
# OpenDNS nameserver 208.67.222.222 nameserver 208.67.220.220user 0m0.003s sys 0m0.003s
#time nslookup my-mail02 Server: 10.2.2.254 Address: 10.2.2.254#53
Non-authoritative answer: Name: my-mail02.mydomain.com Address: 10.2.9.2
real 0m0.005s user 0m0.001s sys 0m0.004s
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
If your resolv.conf has:
nameserver 10.3.2.2
Why does nslookup say that it is querying server 10.2.2.254? Is your system multi-homed? Try changing resolv.conf to use 127.0.0.1, If your using bind, and you specifiy 127.0.0.1 I believe it will use local sockets instead of the IP stack for the query.
I would try dig (from the bind-utils package) You want to make sure that either your local server is authoritative for mydomain.com and for the reverse domain. This is confirmed by the 'aa' flag from dig (not sure of nslookup can do this). If it is not authoritative, then it must delegate to another nameserver that is. You should also get back a proper SOA record for both. Lack of proper authoritative SOA records for both your forward (mydomain.com) and reverse domains will cause the server to try to go out to the Internet for further resolution. If there is no internet access, this will hang. Even if you don't populate the reverse domain with records, it must still be authoritative. Minimally, I suggest a simple script to generate reverse entries for all of the ip addresses in your address space.
dig mydomain.com soa @127.0.0.1
dig 2.2.10.in-addr.arpa. soa @127.0.0.1
penguin> dig 2.2.10.in-addr.arpa. soa
; <<>> DiG 9.5.2-RedHat-9.5.2-1.fc10 <<>> 2.2.10.in-addr.arpa. soa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21666 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;2.2.10.in-addr.arpa. IN SOA
;; AUTHORITY SECTION: 2.2.10.in-addr.arpa. 14400 IN SOA ns1.mydomain.com. me.mydomain.com. 2010082600 3600 600 15552000 14400
;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Aug 28 13:09:51 2010 ;; MSG SIZE rcvd: 91
Nataraj