The *Ouch* Page

Every now and then (or more often, for some of us) we do something really really dumb, and it takes us an awfully long time to figure it out and fix it. Computers only make matters worse. Here are some of my personal gotchas... things stupid enough that I thought someone else might want to read them. Maybe it will help you avoid the same mistake... or maybe you just want to laugh at me.

Unix System Administration

• At my company, I run an internal nameserver for our internal, non-routable class A network machines (10.*.*.*). We sit behind a firewall that forwards DNS requests. Today, I suddenly started having problems with sendmail on my machine, which claimed it couldn't find a DNS entry for our mail server. First I tried (for nearly an hour) everything under the sun I could think of to understand sendmail's problem. Ever done an 'strace -f sendmail -d0-99.100 -bD' before? I hadn't either... Pages and pages of output... Every time I tried a DNS lookup for the host with nslookup, it came back just fine.

  Finally I looked over at the logs on the firewall, and discovered that MX requests were what was failing. Sure enough, if I tried asking for an MX record, it didn't work. But wait a minute... why were my DNS lookups getting forwarded at all? Wasn't my own machine claiming to be authoritative for the domain?

  As it turns out, no. It wasn't even serving for the domain. It was forwarding all the requests to the firewall. But clearly named was running... what was going on? I tried 'kill -HUP' on named, I tried stopping it and starting it from scratch. Nothing changed. Then I looked at the log files. Apparently, I had introduced a typo while adding a new host... I left off one field in the (completely useless) HINFO record, and it dumped the entire domain. Now, instead of being authoritative for the domain, it was merely forwarding to another machine which didn't know squat.

  *Ouch*