issues with mcd.com DNS

Dave Lugo dlugo at etherboy.com
Mon Oct 13 13:42:16 UTC 2003


Simon Waters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Dave Lugo wrote:
> 
>>On my DNS server, I can query for mcd.com's MX, with no problem.
>>
>>On other boxes in the same subnet as my DNS server, that same query
>>against my DNS server fail.
> 
> 
> Be absolutely clear on what is a client and what is a server in this
> context.
> 
> In the context of say running "dig" with no server specificied, the
> chances are if you run it on your DNS server or elsewhere on your
> network the query to the nameserver is identical.
> 


I would think so.


> So either some of these boxes are using another DNS server, or there is
> more to this than you've managed to describe/uncover.
> 

Undoubtedly.  MCD has 'interesting' DNS, to say the least.


> 
>>As for mcd.com's somewhat broken DNS configuration, it's not something I
>>am able to resolve myself, but I have pointed it out to them.  I'm not
>>sure that their b0rkeness is what is causing my problem
> 
> 
> With only one DNS server and a 15 minute TTL they shouldn't expect their
>  MX to resolve reliably. If it is that important to email these people
> quickly you could put a hack in your MTA configuration, but far better
> for them to sort their DNS.
> 

I've been recommending to MCD for ther past three years that they fix 
their DNS, but have yet to show any progress.


> I think that usually such a borked configuration would work, but the C&W
> secondary is returning SERVFAIL rather than a referral, and it is too
> early for me to figure out what that means, but I'd guess it ain't
> helping matters.

I'm sure :)

I'm also seeing similar behavior for mcdkorea.co.uk:

on dcns2.ch1.ummail.com (this box doesn't accept queries from the public 
internet, so in case you try and get nuttin ;), I can do this:


[root at dcns2.ch1 log]# dig mx mcdkorea.co.kr

; <<>> DiG 9.2.1 <<>> mx mcdkorea.co.kr
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34629
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mcdkorea.co.kr.                        IN      MX

;; ANSWER SECTION:
mcdkorea.co.kr.         2585    IN      MX      1010 mcdkorea.co.kr.

;; AUTHORITY SECTION:
mcdkorea.co.kr.         2585    IN      NS      ns.mcdkorea.co.kr.

;; Query time: 2 msec
;; SERVER: 216.64.206.205#53(216.64.206.205)
;; WHEN: Mon Oct 13 09:34:30 2003
;; MSG SIZE  rcvd: 65


So, I would assume that the answer is now cached on dcns2.ch1.ummail.com.

...but on another box on the same /24, when I query against 
dcns2.ch1.ummail.com, I get:

mc1:/root> dig mx mcdkorea.co.kr @dcns2.ch1.ummail.com

; <<>> DiG 8.2 <<>> mx mcdkorea.co.kr @dcns2.ch1.ummail.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server dcns2.ch1.ummail.com  216.64.213.4: Connection 
timed out


...and I have *no* idea why.  Restarting named on dcns2.ch1.ummail.com 
doesn't help.


-- 
--------------------------------------------------------
Dave Lugo   dlugo at etherboy.com    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.



More information about the bind-users mailing list