On 9/20/2013 7:28 PM, Mark Andrews wrote: > > In message <021501ceb653$ede37250$c9aa56f0$@leadmon.net>, "Howard Leadmon" > writ > es: >> This is probably easier than I am making it, but my googlefu seems to be >> failing me at the moment when I look around. I handle a batch of FreeBSD >> servers running sendmail, and I am having a site that is trying to deliver >> mail being rejected, but they swear their DNS is right, so I am not sure if >> we have an issue, or they do. >> >> I am seeing sendmail rejects like this: >> >> Sep 20 14:45:59 mail3 mail3-smtp[15388]: r8JE8kQg099367: >> to=<jmetey...@panini.co.uk>, delay=1+04:37:10, xdelay=00:00:31, >> mailer=esmtp, pri=5259883, relay=smtp2.panini.co.uk., dsn=4.0.0, >> stat=Deferred: Name server: smtp2.panini.co.uk.: host name lookup failure >> >> >> If I take and run a host lookup, I get a response like this: >> >> $ host panini.co.uk >> panini.co.uk mail is handled by 10 smtp.panini.co.uk. >> panini.co.uk mail is handled by 20 smtp2.panini.co.uk. >> >> >> Now if I try that on any of the hosts that should accept the mail, I see: >> >> $ host smtp.panini.co.uk >> smtp.panini.co.uk is an alias for smtp.panini.it. >> smtp.panini.it has address 151.12.160.24 >> Host smtp.panini.it not found: 3(NXDOMAIN) >> >> $ host smtp2.panini.co.uk >> smtp2.panini.co.uk is an alias for smtp2.panini.it. >> smtp2.panini.it has address 151.12.160.30 >> Host smtp2.panini.it not found: 3(NXDOMAIN) > > Firstly MX records are not supposed to point to CNAME records. The > MX records need to be updated. > >> So I get the IP address returned, but then an NXDOMAIN that follows. I do >> have the BrokenAAAA config option in my sendmail, so know it's not that, or >> I don't think so. Yet if I do a dig on the hosts, they seem to come back >> with an IP address as expected, and shown above. >> >> So if anyone can offer a clue on this, it would be appreciated.. > > Secondly and more importantly they have a misconfigured load balancer > that is returning bad answers. The last answer to "dig +trace > smtp2.panini.it aaaa" should be "smtp2.panini.it. 86400 IN SOA > paninirad1.panini.it. administrator.panini.it". > > Note the SOA record needs to be from the zone delegated (smtp2.panini.it) > to the load balancer. > > They need to contact their load balancer vendor for proper instructions > on how to configure it. > > Mark > > % dig +trace smtp2.panini.it aaaa > > ; <<>> DiG 9.10.0a1 <<>> +trace smtp2.panini.it aaaa > ;; global options: +cmd > . 518400 IN NS f.root-servers.net. > . 518400 IN NS c.root-servers.net. > . 518400 IN NS k.root-servers.net. > . 518400 IN NS d.root-servers.net. > . 518400 IN NS l.root-servers.net. > . 518400 IN NS i.root-servers.net. > . 518400 IN NS h.root-servers.net. > . 518400 IN NS b.root-servers.net. > . 518400 IN NS e.root-servers.net. > . 518400 IN NS m.root-servers.net. > . 518400 IN NS g.root-servers.net. > . 518400 IN NS a.root-servers.net. > . 518400 IN NS j.root-servers.net. > . 518400 IN RRSIG NS 8 0 518400 20130927000000 > 20130919230000 49656 . > U9k2KFpbNYnY4EfyKzla26XbharLoAQtkQG02oq3aHVnM3OlLp6lmBdT > wgMDcShAQJxIk50krHlIuoyOGHHuJ56P6ubFiGBRU0V4OOt2/V8emJZx > U6MRMDwDyTweZbfNZiiK20T5RVlUK/PLI3YbbcYxxtSCKzV2fThLxi3F /x4= > ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms > > it. 172800 IN NS a.dns.it. > it. 172800 IN NS c.dns.it. > it. 172800 IN NS m.dns.it. > it. 172800 IN NS r.dns.it. > it. 172800 IN NS dns.nic.it. > it. 172800 IN NS nameserver.cnr.it. > it. 86400 IN NSEC je. NS RRSIG NSEC > it. 86400 IN RRSIG NSEC 8 1 86400 20130927000000 > 20130919230000 49656 . > A01ecU1p6o7U4le9Jh8F2aQ4fl9XdPFMcERxLf2cZ6aiHkKsZdQsHiwN > eI/5VnC9N1sLgF9p8uD7H8adMjC/EFHDK/kXmbpJNps9Hi/VdYa846He > tu4iYxmQpaq0SgIpCqsRSRk0TjnL0l0B/VZueZREvpEQND6Zjjys7Zow ZvE= > ;; Received 610 bytes from 128.63.2.53#53(h.root-servers.net) in 352 ms > > panini.it. 10800 IN NS dns1.quadrante.com. > panini.it. 10800 IN NS dns2.quadrante.com. > ;; Received 108 bytes from 2001:678:4::16#53(c.dns.it) in 200 ms > > smtp2.panini.it. 3600 IN NS paninirad3.panini.it. > smtp2.panini.it. 3600 IN NS paninirad2.panini.it. > smtp2.panini.it. 3600 IN NS paninirad1.panini.it. > ;; Received 167 bytes from 83.103.76.83#53(dns2.quadrante.com) in 410 ms > > panini.it. 86400 IN SOA panini.it. > administrator.panini.it. 998545544 28800 7200 604800 86400 > ^^^^^^^^^^ is WRONG!!!!!!!!!!! > ;; Received 110 bytes from 83.216.164.178#53(paninirad3.panini.it) in 341 ms
Their load balancer doesn't return any NS records for the domain smtp2.panini.it either: $ dig ns smtp2.panini.it. @paninirad1.panini.it. ; <<>> DiG 9.9.2 <<>> ns smtp2.panini.it. @paninirad1.panini.it. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36438 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;smtp2.panini.it. IN NS ;; Query time: 125 msec ;; SERVER: 151.12.160.50#53(151.12.160.50) ;; WHEN: Fri Sep 20 23:32:46 2013 ;; MSG SIZE rcvd: 33 -DMM
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
