Secondary DNS question...

SH Development listaccount at starionline.com
Fri Jun 21 04:02:38 UTC 2013 

I agree that the incoming and outgoing are different issues.  I just mention it because I dealt with issues on both fronts today.  The few claims that I had about email not being delivered were proved false by reviewing the logs that showed they had actually been delivered.  So I don't think that really has anything to do with the issue.

I believe we are authoritative, as outgoing DNS requests are handled by our ISP's DNS servers.  Does that sound right?

Incoming mail (MX record) on most of our hosted domains is pointed to our spam filtering appliance at mailfoundry.starionhost.net with a priority of 10. We are testing out a new spam server appliance on a couple of our own domains and have a secondary MX set up with a priority of 20.

All outgoing mail that customers send goes through their respective domain, ex. mail.starionline.com

Feel free to poke around our ns1.starionhost.net and ns2.starionhost.net

I would be interested to hear about any red flags you may see.

Jeff


On Jun 20, 2013, at 10:49 PM, John Miller <johnmill at brandeis.edu> wrote:

> Hi Jeff,
> 
> You've pointed out two separate problems (incoming e-mail not coming in & outgoing e-mail not going out), so some more details about your environment would probably be useful here:
> 
> - are you combining both authoritative and recursive DNS on the same servers?
> - Are you using different MXes for incoming and outgoing e-mail?
> - How is name resolution configured on each? For example, are your MXes running local caching NS?  Are they forwarding to another NS?  What's their nameserver order?
> 
> Not sure if you're posting from the same domain that had the outage, so won't make any assumptions there.
> 
> That said, some general info: outside MXes use authoritative DNS to send to you; your incoming MX servers use recursive DNS to do any reverse lookups on sender IPs, to query DNSBLs, and to get SPF/DKIM/DMARC info; outgoing MXes use recursive DNS to find outside MXes.
> 
> John
> 
> 
> 
> On Thu, Jun 20, 2013 at 11:02 PM, SH Development <listaccount at starionline.com> wrote:
> Our secondary DNS machine went down (and unnoticed for 24 hours).
> 
> Today, we had multiple people calling about email that hadn't come in, and trouble with outgoing emails not going out.
> 
> Our primary DNS was up the whole time.  So my question is, why would my secondary being down, and only my primary being up cause so many problems?  I thought the whole idea behind having two DNS servers on different networks was to never have a failure like this.
> 
> My understanding was that when DNS is queried, the one that responds fastest is the information that is used.  If the secondary is down, then the primary would by default always be fastest (and only).
> 
> I think I reasonably understand basic DNS and the setup, but this has me thinking that something isn't set up right.
> 
> Can anyone shed any light on what might have happened here?  Could my primary not be responding as it should?  All the tests I have run on it show that it is responding normally.
> 
> Jeff
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> -- 
> John Miller
> Systems Engineer
> Brandeis University
> johnmill at brandeis.edu
> (781) 736-4619

More information about the bind-users mailing list