Problems resolving some domains

Kevin Darcy kcd at daimlerchrysler.com
Thu Jan 4 22:59:00 UTC 2001


All of the delegated nameservers for friendfinder.com, cerner.com and
midusa.net are lame or non-existent. kcnet.com looks OK now -- maybe they
fixed their problem recently.


- Kevin

Paul Kenyon wrote:

> Hello All,
>
> I am having a strange problem resolving some domains when receiving
> email.  It seems to only happen only with a handful of domains, and I'm
> not quite sure what's going on.  When someone sends mail to us, it comes
> to our mail relay (mail.pvii.com) running sendmail with Sun's
> DOMAIN(solaris-antispam).  Now I get an occasional refusals:
>
> Jan  4 10:13:04 pvidns02 sendmail[25155]: [ID 801593 mail.notice]
> KAA25155: ruleset=check_mail,
> arg1=<bounce-return-ns-asdf at friendfinder.com>, relay=[209.185.12.44],
> reject=451 <bounce-return-ns-asdf at friendfinder.com>... Sender domain
> must resolve
> Jan  3 13:10:27 pvidns02 sendmail[21694]: [ID 801593 mail.notice]
> NAA21694: ruleset=check_mail, arg1=<user at cerner.com>,
> relay=ns1.cerner.com [159.140.254.60], reject=451 <user at cerner.com>...
> Sender domain must resolve
> Jan  3 07:45:08 pvidns02 sendmail[20068]: [ID 801593 mail.notice]
> HAA20068: ruleset=check_mail, arg1=<user at kcnet.com>,
> relay=mail2.kcnet.com [216.90.72.3], reject=451 <user at kcnet.com>...
> Sender domain must resolve
> Jan  2 19:14:46 pvidns02 sendmail[18506]: [ID 801593 mail.notice]
> TAA18506: ruleset=check_mail, arg1=<user at midusa.net>,
> relay=mta01.alltel.net [166.102.165.143], reject=451
> <user at midusa.net>... Sender domain must resolve
>
> for the most part, those are the only domains that show to have problems
> (Although kcnet.com seemed to only happen to that address; it looks like
> other mail from kcnet.com goes through fine.)  I started by taking a
> look at the senders...
>
> midusa.net seems to have the NS information all messed up.  One of their
> nameservers listed at the rootservers doesn't exist, and the other
> returns a valid MX.  nslookup says it's non-authoritative.
> cerner.com and friendfinder.com both look ok, but they also say
> non-authoritative with nslookup.
> kcnet.com looks ok, and always returns authoritative.  When I use
> nslookup, I set norecurse and manually walk to each nameserver that is
> supposed to be authoritative.  Isn't that the way the resolver works?
>
> The midusa.net user sends mail frequently...  One time, I pinged
> midusa.net, and then it started accepting the mail.  I am guessing that
> my nameserver cached it, and when sendmail tried to verify the domain,
> it worked for some reason.  But why wouldn't it find it on it's own?
> Why are those servers returning an answer non-authoritative?  I don't
> think it's a cache thing, because there are other domains I nslookup
> that always respond authoritative.
>
> The only option I have in my named.conf is directory.  It appears to be
> loading without any warnings or errors.  I tried to get the hints file
> again, but they cmp'ed OK.  Where do I go next to figure out what's
> going on?
>
> Thanks for your help,
>
> Paul
>
> -- Binary/unsupported file stripped by Listar --
> -- Type: text/x-vcard
> -- File: paul.kenyon.vcf
> -- Desc: Card for Paul Kenyon






More information about the bind-users mailing list