[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::seal

Title:	SEAL

Moderator:	GALVIA::SMITH

Created:	Mon Mar 21 1994
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	1989
Total number of notes:	8209

1781.0. "WNT DNS event where does it come from?" by BACHUS::DOBBENI () Fri Feb 07 1997 09:04

Hello,

A customer has a WNT Firewall which logs frequently an event concerning DNS. The
event he gets has source: DNS12,  EventID 5 and the following text message:
the description for eventid (5) in source (DNS12) could not be found. It
contains the following insertion string(s): <3>JAN 10 !4:!#:00 syslog: sysquery:
server name mismatch for [192.36.148.17]: (nic.nordu.net != I.ROOT-SERVERS.NET)
(server for WS4.VX0.TELUB.SE).

Does anyone has any idea where this comes from?

Best Regards,

Mia

T.R	Title	User	Personal Name	Date	Lines
1781.1	Spelling error in a DNS config file?	EEMELI::HJONSSON	Ebbe Jonsson	`Tue Feb 11 1997 05:51`	16
	Offhand I'd say the problem is a misconfigured DNS cache file (a spelling error, perhaps), that tries to equate the nic.nordu.net host with something called I.ROOT-SERVERS.NET. The message ID for the event is 5, but the WNT system logger can't find the message in the resources for the firewall, and thus just logs the ID along with the parameter. Look at your named.ca file (or equivalent), and correct the entry for nic.nordu.net. Disclaimer: I'm not that familiar with the WNT DNS service; the above is based on the Unix BIND daemon. Rgs, ...Ebbe
1781.2	already replaced the old named.ca files	BACHUS::ROELANDTS	Wa d'es ma da ve ne stuut	`Tue Feb 11 1997 06:34`	17
	Ebbe, Thank you for this info, but ..... nic.nordu.net is the old name of one of the root name servers, whereas I.ROOT-SERVERS.NET is the new one found in the actual named.ca files. We checked all customer systems for an old named.ca file, we found one on their BIND server (which is an UCX system) and put a new named.ca file in place, but we still have the same error ..... so where can it then come from ? Regards, Guy
1781.3		QUICHE::PITT	Alph a ha is better than no VAX!	`Wed Feb 12 1997 06:13`	38
	There's something very funny going on up there in Scandinavia ... If you go into nslookup and ask for ws4.vx0.telub.se, you will be told there are no A records available for it. However, if you do lserver I.ROOT-SERVERS.NET first, then you get a mighty funny message back from nslookup: # nslookup Default Server: gmtns.gmt.dec.com Address: 16.196.192.1 > ws4.vx0.telub.se. Server: gmtns.gmt.dec.com Address: 16.196.192.1 *** No address (A) records available for ws4.vx0.telub.se. > lserver I.ROOT-SERVERS.NET Default Server: I.ROOT-SERVERS.NET Address: 192.36.148.17 > ws4.vx0.telub.se. Server: I.ROOT-SERVERS.NET Address: 192.36.148.17 Name: ws4.vx0.telub.se Served by: -ns.enator.se 147.13.200.1 telub.se - nic.enator.net 192.176.163.101 telub.se > If you dig further, you will find that there are only MX records for ws4.vx0.telub.se, not A record(s). But what causes that funny message about name served by ? I've never seen that anywhere before ... T