Dealing with "unexpected RCODE (SERVFAIL)"

Mark Andrews marka at isc.org
Tue Mar 16 22:22:16 UTC 2010


In message <20100316131539.GA10620 at fantomas.sk>, Matus UHLAR - fantomas writes:
> > > On 16.03.10 09:45, Ruben Laban wrote:
> > > > In my logs I see numerous line like these:
> > > > 
> > > > Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL) 
> > > > resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
> > > > Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL) 
> > > > resolving 'hotmeil.com/MX/IN': 10.0.1.3#53
> > > > Mar 16 04:59:15 mx02 named[4606]: unexpected RCODE (SERVFAIL) 
> > > > resolving 'hotmeil.com/MX/IN': 10.1.1.3#53
> 
> > In message <20100316090709.GC7223 at fantomas.sk>, Matus UHLAR - fantomas writ
> es:
> > > the microsoft's nameservers are providing only A and TXT records for
> > > hotmeil.com. They return ". IN SOA (NOERROR)" for other questions.
> > > This is apparently invalid and causes the SERVFAIL.
> > > 
> > > seems it's time to blame microsoft.
> 
> On 16.03.10 23:43, Mark Andrews wrote:
> > And the lack of a way to register a name in COM without creating a
> > delegation.  And the lack of a way to say this domain name is not
> > a valid email domain.
> 
> It's apparently because DNS was designed to provide records that exist, not
> those that do not.

Actually it's designed to provide records that exist *and* to tell you
when they don't exist.  Reserving namespace is outside of the DNS itself.
 
> > The best thing would be for hotmeil.com to always return NXDOMAIN
> > and people would correct their spelling errors.  Unfortunately there
> > is not way to register hotmeil.com without creating a delegation
> > and you could you have these ISP's that hijack NXDOMAIN and rewrite
> > it so you get a A record instead of NXDOMAIN.
> 
> > So Microsoft have to supply a A record but they don't want it to
> > be used for email so they need to break the MX lookup so MTA's soft
> > fail and eventually (days later) return the email to the sender.
> 
> You can also register a domain and not provide any records for it (except
> SOA and NS), which would be best in current situation imho.
>
> However Microsoft decided to provide A records for hotmeil.com (and
> www.hotmeil.com too), so they don't want people to fix their typos, but are
> doing it themselves instead.

They are kind of forced to these days due to the abuse of the DNS by ISP's.
 
> Yes, there could be way to define a domain that has A record but does not
> provide mail service. Unluckily, in case of MX nonexistance the A is used
> (as implicit zero-priority MX).

Which is why "MX 0 ." is needed.  We have it for SRV "SRV 0 0 ."
means there is no service.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list