Using an MX record from a different domain

Lear, Karen (Evolver) Karen.Lear at USPTO.GOV
Tue Mar 30 21:49:23 UTC 2010


Dig or host returns the internal IP address of smtpedge1 and smtpedge2, as the name server by default points to the recursive name name server.  If I specify localhost, it resolves to the external IP address:

[klear at dns1 conf]$ dig smtpedge1.uspto.gov @localhost

; <<>> DiG 9.6.1-P3 <<>> smtpedge1.uspto.gov @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7811
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;smtpedge1.uspto.gov.           IN      A

;; ANSWER SECTION:
smtpedge1.uspto.gov.    7200    IN      A       151.207.243.76


-----Original Message-----
From: Matthew Pounsett [mailto:matt at conundrum.com]
Sent: Tuesday, March 30, 2010 5:15 PM
To: Lear, Karen (Evolver)
Cc: 'bind-users at lists.isc.org'
Subject: Re: Using an MX record from a different domain


On 2010/03/30, at 16:57, Lear, Karen (Evolver) wrote:

>
> I'm adding a new domain to my existing authoritative name servers, and need to add an MX record for a device residing on existing domain.  When I run named-checkzone, I get a message about the MX record being out of zone and not having an A record.  However, at the end of my named-checkzone output, I get "OK."  Can I restart named as is without causing problems or do I need to address these messages?
>
> [klear at dns1 conf]$ sudo named-checkzone -t /dns/chroot/conf -D usptoenews.gov db.usptoenews
> zone usptoenews.gov/IN: usptoenews.gov/MX 'smtpedge1.uspto.gov' (out of zone) has no addresses records (A or AAAA)
> zone usptoenews.gov/IN: usptoenews.gov/MX 'smtpedge2.uspto.gov' (out of zone) has no addresses records (A or AAAA)

Ah, I see.  On my previous read I mistook this for complaining that there was a uspto.gov owner name in the usptonews.gov zone.

named-checkzone doesn't only check the internal consistency of a zone, it also tries to see that it is externally consistent.  e.g. that names referred to in other zones also exist.  If for some reason it can't resolve smtpedge1.uspto.gov and smtpedge2.uspto.gov it will give you the above errors.

Since I can resolve those names from here, I suspect there's some problem with the resolver on the host where you're running named-checkzone.  Perhaps uspto.gov zone is only visible on a view on the outside of the network, and you're inside?

What happens if you try to resolve those two names by hand on that server using 'host' or 'dig'?

I see this:
> host smtpedge1.uspto.gov
smtpedge1.uspto.gov has address 151.207.243.76
smtpedge1.uspto.gov mail is handled by 5 smtpedge1.uspto.gov.

> host smtpedge2.uspto.gov
smtpedge2.uspto.gov has address 151.207.247.81
smtpedge2.uspto.gov mail is handled by 5 smtpedge2.uspto.gov.

If those are the only errors you're seeing, then the zone is internally consistent, and BIND will load it.  However, it's probably worth investigating why named-checkzone can't resolve those names, so that you can make sure that anyone who needs to reach those MX servers will be able to.

Matt






More information about the bind-users mailing list