Bind unable to get MX reocrd from Parrent name server

Steven Carr sjcarr at gmail.com
Fri Jul 5 12:20:04 UTC 2013


Their setup is broken, it doesn't work for me either...

sjcarr at elmo:~ $ dig @ns1.yithosting.co.za rbcaa.co.za mx

; <<>> DiG 9.8.3-P1 <<>> @ns1.yithosting.co.za rbcaa.co.za mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19408
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;rbcaa.co.za.            IN    MX

;; ANSWER SECTION:
rbcaa.co.za.        14400    IN    MX    0 rbcaa.co.za.

;; AUTHORITY SECTION:
rbcaa.co.za.        86400    IN    NS    babylon.mitsol.co.za.
rbcaa.co.za.        86400    IN    NS    demeter.is.co.za.

;; ADDITIONAL SECTION:
rbcaa.co.za.        14400    IN    A    41.203.1.156

;; Query time: 301 msec
;; SERVER: 41.203.1.157#53(41.203.1.157)
;; WHEN: Fri Jul  5 13:15:33 2013
;; MSG SIZE  rcvd: 115

sjcarr at elmo:~ $ dig @babylon.mitsol.co.za rbcaa.co.za mx

; <<>> DiG 9.8.3-P1 <<>> @babylon.mitsol.co.za rbcaa.co.za mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 14928
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;rbcaa.co.za.            IN    MX

;; Query time: 205 msec
;; SERVER: 196.23.141.66#53(196.23.141.66)
;; WHEN: Fri Jul  5 13:15:50 2013
;; MSG SIZE  rcvd: 29

Contact the owner of the domain and get them to fix their setup.

The reason +trace works is because it bypasses the normal flow of DNS
and uses the response to the previous query. In real life the first
lookup for the MX record replaces the ns1.yithosting.co.za +
ns2.yithosting.co.za entries in your cache with demeter.is.co.za +
babylon.mitsol.co.za as these are authoritative in the actual zone, so
the second time a query is made it bypasses ns1+ns2 and goes straight
to demeter+babylon and the zone they are hosting does not have the
records in their copy of the zone.

Steve


On 5 July 2013 12:59, Fosiul Alam <fosiul at gmail.com> wrote:
> Hi
> thanks for reply,
> I am not the domain admin for "rbcaa.co.za"
> I can see they have issue with their domain setup .
> but what I want to know is :
> when all Dns server can resolved their mx record example ,
> mxtoolbox,introdns,google .. (Despite they have issue with their dns
> setup for that domain (as you said) ) then why we cant ??
>
> Thanks for looking into it .
>
> On Fri, Jul 5, 2013 at 12:45 PM, Steven Carr <sjcarr at gmail.com> wrote:
>> Your glue is broken. You need to update the glue NS records in the
>> parent to reflect the actual nameservers that are authoritative for
>> the zone.
>>
>> It also looks like you could have some data mismatch between zones
>> hosted on (ns1.yithosting.co.za + ns2.yithosting.co.za) and
>> (demeter.is.co.za + babylon.mitsol.co.za). Check that the zone data is
>> consistent across the nameservers.
>>
>> Steve
>>
>> On 5 July 2013 12:35, Fosiul Alam <fosiul at gmail.com> wrote:
>>> Hi
>>> Occasionally we see customer is complainning that we are not able to
>>> resolve mx record when mxtoolbox or other website can resolve their mx
>>> record .
>>> If i do a trace on the domain, i get bellow .
>>>
>>> now the problem is :
>>> demeter.is.co.za. and babylon.mitsol.co.za does not know anything
>>> about MX record of that domain. but if i query by using  parent name
>>> server ns1.yithosting.co.za. and ns2.yithosting.co.za , it returns the
>>> mx record .
>>>
>>> but mxtoolbox, introdns can resolve the mx record although they
>>> complain the same that
>>>
>>> """"
>>> The following nameservers are listed at your nameservers as
>>> nameservers for your domain, but are not listed at the parent
>>> nameservers (see RFC2181 5.4.1). You need to make sure that these
>>> nameservers are working.If they are not working ok, you may have
>>> problems!
>>> demeter.is.co.za
>>> babylon.mitsol.co.za
>>>
>>> ERROR: One or more of the nameservers listed at the parent servers are
>>> not listed as NS records at your nameservers. The problem NS records
>>> are:
>>> ns1.yithosting.co.za
>>> ns2.yithosting.co.za
>>> This is listed as an ERROR because there are some cases where nasty
>>> problems can occur (if the TTLs vary from the NS records at the root
>>> servers and the NS records point to your own domain, for example).
>>> ""
>>>
>>> then why our bind is unable to resolve mx record ???
>>> Thanks for the  help
>>>
>>>
>>> [root at za-ns-8 ~]# dig  rbcaa.co.za +trace
>>>
>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> rbcaa.co.za +trace
>>> ;; global options: +cmd
>>> . 447499 IN NS a.root-servers.net.
>>> . 447499 IN NS j.root-servers.net.
>>> . 447499 IN NS l.root-servers.net.
>>> . 447499 IN NS d.root-servers.net.
>>> . 447499 IN NS k.root-servers.net.
>>> . 447499 IN NS g.root-servers.net.
>>> . 447499 IN NS i.root-servers.net.
>>> . 447499 IN NS h.root-servers.net.
>>> . 447499 IN NS m.root-servers.net.
>>> . 447499 IN NS c.root-servers.net.
>>> . 447499 IN NS f.root-servers.net.
>>> . 447499 IN NS e.root-servers.net.
>>> . 447499 IN NS b.root-servers.net.
>>> ;; Received 508 bytes from 10.33.91.35#53(10.33.91.35) in 14 ms
>>>
>>> za. 172800 IN NS za1.dnsnode.net.
>>> za. 172800 IN NS disa.tenet.ac.za.
>>> za. 172800 IN NS nsza.is.co.za.
>>> za. 172800 IN NS za-ns.anycast.pch.net.
>>> za. 172800 IN NS sns-pb.isc.org.
>>> ;; Received 360 bytes from 199.7.83.42#53(199.7.83.42) in 346 ms
>>>
>>> co.za. 86400 IN NS ns0.plig.net.
>>> co.za. 86400 IN NS ns.coza.net.za.
>>> co.za. 86400 IN NS ns0.neotel.co.za.
>>> co.za. 86400 IN NS ns1.coza.net.za.
>>> co.za. 86400 IN NS coza1.dnsnode.net.
>>> co.za. 86400 IN NS ns0.is.co.za.
>>> co.za. 86400 IN NS ns4.iafrica.com.
>>> ;; Received 266 bytes from 196.4.160.27#53(196.4.160.27) in 285 ms
>>>
>>> rbcaa.co.za. 86400 IN NS ns1.yithosting.co.za.
>>> rbcaa.co.za. 86400 IN NS ns2.yithosting.co.za.
>>> ;; Received 108 bytes from 196.4.160.17#53(196.4.160.17) in 81 ms
>>>
>>> rbcaa.co.za. 14400 IN A 41.203.1.156
>>> rbcaa.co.za. 86400 IN NS demeter.is.co.za.
>>> rbcaa.co.za. 86400 IN NS babylon.mitsol.co.za.
>>> ;; Received 99 bytes from 41.203.1.158#53(41.203.1.158) in 41 ms
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
> http://www.fosiul.co.uk


More information about the bind-users mailing list