Routing mail to a sub-domain

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 7 15:26:25 UTC 2002 

Iain Firkins wrote:

> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:aqcap3$futd$1 at isrv4.isc.org...
> >
> >
> > If you *must* anonymize the mail server names, please at least use
> server1,
> > server2 or whatever so that we know which server is which...
> >
>
> That's a fair point, let me make those changes and see if it becomes
> clearer.
>
> Lets say that mailserver1 is the main email server, and mailserver2 is the
> email server in the subdomain. The main domain will be called 'domain' and
> the sub-domain 'sub.domain'.
>
> In the external DNS for the domain, there is an entry which says:
>
> sub.domain    IN    MX    12 mailserver1 (FQDN)
>
> In the internal DNS servers, there are the following entries:
> sub.domain    86400    IN    NS    ns0.sub.domain (FQDN)
>                      86400    IN    NS    ns1.sub.domain (FQDN)
>                      86400    IN    NS    ns2.sub.domain (FQDN)
>                      86400    IN    NS    ns3.sub.domain (FQDN)
>
> If I do an nslookup and use ns0.sub.domain through ns3.sub.domain (with
> type=MX), I get the following:
>
> sub.domain    preference = 11, mail exchanger = mailserver2
> .....
>
> If I do an nslookup with the internal DNS (with type=MX), I get the
> following:
>
> Non-authoritative answer:
> sub.domain   preference = 12, mail exchanger = mailserver1
>
> Authoritative answers can be found from:
> sub.domain   nameserver = ns0.sub.domain (FQDN)
> sub.domain   nameserver = ns1.sub.domain (FQDN)
> sub.domain   nameserver = ns2.sub.domain (FQDN)
> sub.domain   nameserver = ns3.sub.domain (FQDN)
> mailserver1       internet address = xxx.xxx.xxx.xxx
>
> I think this is where the problem lies. With this setup, my understanding is
> that mailserver1 would receive an email for sub.domain because of the
> external DNS entry. mailserver1 would try to resolve the sub.domain name and
> get the NS records in the internal DNS and then check with ns0.sub.domain.
> It would then get mailserver2 and pass the mail on. But I wonder if the
> non-authoritative answer is causing the problem. Nowhere is there an MX
> record for sub.domain pointing to mailserver1 except for the external DNS so
> I don't know why mailserver1 would be looking there for an answer.
>
> To re-iterate, I get a "554 MX list for sub.domain points back to
> mailserver1" error whenever I send an email to user at sub.domain.
>
> Sorry for any confusion in my last posting. I hope this is a little clearer
> now.

Ah, that's a little clearer. There would appear to be a discrepancy between
your DNS and the DNS which is being served by the delegated subdomain
nameservers. I suspect that there may be something wrong with your delegation.
Do you by any chance have an MX record (or for that matter, any other record
type besides NS) in the "domain" zone file for sub.domain or anything under
sub.domain? Other than glue A records, that would be technically illegal.
Speaking of glue A records, since the names of the nameservers for sub.domain
are in the sub.domain subdomain, do you have the necessary glue records in the
"domain" zone file?

Are there any error messages in your log files at the time of loading the
"domain" zone file?


- Kevin

More information about the bind-users mailing list