Sender domain must resolve...

James A Griffin agriffin at cpcug.org
Fri Mar 16 23:34:32 UTC 2001 

Part of the problem is a Cisco NAT that the hostmaster at utc.edu says
they use. Here is some information from a Cisco FAQ telling what they
do.

Q. Does Cisco IOS NAT support DNS queries?

A. Yes, Cisco IOS NAT will translate the address(es) which appear in DNS
responses to name lookups (A queries) and inverse lookups (PTR queries).
Thus, if an outside host sends a name-lookup to a DNS server on the
inside, and that server responds with a local address, the NAT code will
translate that local address to a global address. The opposite is also
true, and is how we support IP addresses overlapping: an inside host
queries an outside DNS server, the response contains an address that
matches the access-list specified on the "outside source" command, so
the code translates the outside global address to an outside local
address. 

Time-to-live (TTL) values on all DNS resource records (RRs) which
receive address translations in RR payloads are automatically set to
zero. 

Cisco IOS NAT does not translate IP addresses embedded in DNS zone
transfers.

Regards,
Jim


peter at icke-reklam.ipsec.nu.invalid wrote:
> 
> Union College Academic Systems Administrator <sysadm at union.edu> wrote:
> 
> > We're getting the following message in our mail.log on our smtp/DNS primary
> > server (eliphalet.union.edu):
> 
> > Mar 16 08:39:41 eliphalet sendmail[145479]: IAA145479:
> > from=<owner-hp3000-l at RAVEN.UTC.EDU>, size=0, class=0, pri=0, nrcpts=0,
> > proto=ESMTP, relay=raven.utc.edu [208.45.211.16]
> > Mar 16 08:39:41 eliphalet sendmail[145558]: IAA145558: ruleset=check_mail,
> > arg1=<owner-hp3000-l at RAVEN.UTC.EDU>, relay=raven.utc.edu [208.45.211.16],
> > reject=451 <owner-hp3000-l at RAVEN.UTC.EDU>... Sender domain must resolve
> 
> Your DNS might not like TTL=0 as announced by "utc.edu" Quite understandable,
> since the answers are too old by the time you get them. Some (older ?)
> bind will definitly be upset.
> 
> This "utc.edu" seems to run 8.2.3, but they have "all their servers in
> the same basket", so chances are high that they don't know what they
> are doing.
> 
> If you need to exchange mail with them, contact them ( by fax) and
> explain the problems.
> 
> > If I do an nslookup on the name (raven.utc.edu) or its ip address, it
> > resolves, however if
> > I set the type to "any", it does not. Also, if I set the type to "mx", it
> > comes backup with a record, however the list of authoritative servers are
> > the root servers, and not the utc.edu domain primaries... I suspect at this
> > point that there is a problem with their DNS configuration, am I correct?
> 
> > thanks,
> > mike
> 
> > # nslookup
> > Default Server:  localhost
> > Address:  127.0.0.1
> 
> >> raven.utc.edu
> > Server:  localhost
> > Address:  127.0.0.1
> 
> > Non-authoritative answer:
> > Name:    raven.utc.edu
> > Address:  208.45.211.16
> 
> >> 208.45.211.16
> > Server:  localhost
> > Address:  127.0.0.1
> 
> > Name:    raven.utc.edu
> > Address:  208.45.211.16
> 
> >> set q=any
> >> raven.utc.edu
> > Server:  localhost
> > Address:  127.0.0.1
> 
> > *** localhost can't find raven.utc.edu: Non-existent host/domain
> >> 208.45.211.16
> > Server:  localhost
> > Address:  127.0.0.1
> 
> > *** localhost can't find 208.45.211.16: Non-existent host/domain
> >> set type=mx
> >> raven.utc.edu
> > Server:  localhost
> > Address:  127.0.0.1
> 
> > Non-authoritative answer:
> > raven.utc.edu   preference = 0, mail exchanger = raven.utc.edu
> 
> > Authoritative answers can be found from:
> > edu     nameserver = D.ROOT-SERVERS.NET
> > edu     nameserver = E.ROOT-SERVERS.NET
> > edu     nameserver = F.ROOT-SERVERS.NET
> > edu     nameserver = G.ROOT-SERVERS.NET
> > edu     nameserver = H.ROOT-SERVERS.NET
> > edu     nameserver = I.ROOT-SERVERS.NET
> > edu     nameserver = A.ROOT-SERVERS.NET
> > edu     nameserver = B.ROOT-SERVERS.NET
> > edu     nameserver = C.ROOT-SERVERS.NET
> >>
> 
> --
> Peter Håkanson
>         IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
>            Sorry about my e-mail address, but i'm trying to keep spam out.
>            Remove "icke-reklam"and "invalid"  and it works.

More information about the bind-users mailing list