bind/sendmail resolving.. (NXDOMAIN)

Mark Andrews marka at isc.org
Fri Sep 20 23:28:14 UTC 2013 

In message <021501ceb653$ede37250$c9aa56f0$@leadmon.net>, "Howard Leadmon" writ
es:
>   This is probably easier than I am making it, but my googlefu seems to be
> failing me at the moment when I look around.   I  handle a batch of FreeBSD
> servers running sendmail, and I am having a site that is trying to deliver
> mail being rejected, but they swear their DNS is right, so I am not sure if
> we have an issue, or they do.
> 
>  I am seeing sendmail rejects like this:
> 
> Sep 20 14:45:59 mail3 mail3-smtp[15388]: r8JE8kQg099367:
> to=<jmeteyard at panini.co.uk>, delay=1+04:37:10, xdelay=00:00:31,
> mailer=esmtp, pri=5259883, relay=smtp2.panini.co.uk., dsn=4.0.0,
> stat=Deferred: Name server: smtp2.panini.co.uk.: host name lookup failure
> 
> 
>  If I take and run a host lookup, I get a response like this:
> 
> $ host panini.co.uk             
> panini.co.uk mail is handled by 10 smtp.panini.co.uk.
> panini.co.uk mail is handled by 20 smtp2.panini.co.uk.
> 
> 
> Now if I try that on any of the hosts that should accept the mail, I see:
> 
> $ host smtp.panini.co.uk
> smtp.panini.co.uk is an alias for smtp.panini.it.
> smtp.panini.it has address 151.12.160.24
> Host smtp.panini.it not found: 3(NXDOMAIN)
> 
> $ host smtp2.panini.co.uk
> smtp2.panini.co.uk is an alias for smtp2.panini.it.
> smtp2.panini.it has address 151.12.160.30
> Host smtp2.panini.it not found: 3(NXDOMAIN)

Firstly MX records are not supposed to point to CNAME records.  The
MX records need to be updated.

>  So I get the IP address returned, but then an NXDOMAIN that follows.   I do
> have the BrokenAAAA config option in my sendmail, so know it's not that, or
> I don't think so.    Yet if I do a dig on the hosts, they seem to come back
> with an IP address as expected, and shown above.
> 
>  So if anyone can offer a clue on this, it would be appreciated..

Secondly and more importantly they have a misconfigured load balancer
that is returning bad answers.  The last answer to "dig +trace
smtp2.panini.it aaaa" should be "smtp2.panini.it. 86400 IN SOA
paninirad1.panini.it. administrator.panini.it".

Note the SOA record needs to be from the zone delegated (smtp2.panini.it)
to the load balancer.

They need to contact their load balancer vendor for proper instructions
on how to configure it. 

Mark

% dig +trace smtp2.panini.it aaaa

; <<>> DiG 9.10.0a1 <<>> +trace smtp2.panini.it aaaa
;; global options: +cmd
.			518400	IN	NS	f.root-servers.net.
.			518400	IN	NS	c.root-servers.net.
.			518400	IN	NS	k.root-servers.net.
.			518400	IN	NS	d.root-servers.net.
.			518400	IN	NS	l.root-servers.net.
.			518400	IN	NS	i.root-servers.net.
.			518400	IN	NS	h.root-servers.net.
.			518400	IN	NS	b.root-servers.net.
.			518400	IN	NS	e.root-servers.net.
.			518400	IN	NS	m.root-servers.net.
.			518400	IN	NS	g.root-servers.net.
.			518400	IN	NS	a.root-servers.net.
.			518400	IN	NS	j.root-servers.net.
.			518400	IN	RRSIG	NS 8 0 518400 20130927000000 20130919230000 49656 . U9k2KFpbNYnY4EfyKzla26XbharLoAQtkQG02oq3aHVnM3OlLp6lmBdT wgMDcShAQJxIk50krHlIuoyOGHHuJ56P6ubFiGBRU0V4OOt2/V8emJZx U6MRMDwDyTweZbfNZiiK20T5RVlUK/PLI3YbbcYxxtSCKzV2fThLxi3F /x4=
;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms

it.			172800	IN	NS	a.dns.it.
it.			172800	IN	NS	c.dns.it.
it.			172800	IN	NS	m.dns.it.
it.			172800	IN	NS	r.dns.it.
it.			172800	IN	NS	dns.nic.it.
it.			172800	IN	NS	nameserver.cnr.it.
it.			86400	IN	NSEC	je. NS RRSIG NSEC
it.			86400	IN	RRSIG	NSEC 8 1 86400 20130927000000 20130919230000 49656 . A01ecU1p6o7U4le9Jh8F2aQ4fl9XdPFMcERxLf2cZ6aiHkKsZdQsHiwN eI/5VnC9N1sLgF9p8uD7H8adMjC/EFHDK/kXmbpJNps9Hi/VdYa846He tu4iYxmQpaq0SgIpCqsRSRk0TjnL0l0B/VZueZREvpEQND6Zjjys7Zow ZvE=
;; Received 610 bytes from 128.63.2.53#53(h.root-servers.net) in 352 ms

panini.it.		10800	IN	NS	dns1.quadrante.com.
panini.it.		10800	IN	NS	dns2.quadrante.com.
;; Received 108 bytes from 2001:678:4::16#53(c.dns.it) in 200 ms

smtp2.panini.it.	3600	IN	NS	paninirad3.panini.it.
smtp2.panini.it.	3600	IN	NS	paninirad2.panini.it.
smtp2.panini.it.	3600	IN	NS	paninirad1.panini.it.
;; Received 167 bytes from 83.103.76.83#53(dns2.quadrante.com) in 410 ms

panini.it.		86400	IN	SOA	panini.it. administrator.panini.it. 998545544 28800 7200 604800 86400
^^^^^^^^^^ is WRONG!!!!!!!!!!!
;; Received 110 bytes from 83.216.164.178#53(paninirad3.panini.it) in 341 ms

%

 
> ---
> Howard Leadmon 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list