bind/sendmail resolving.. (NXDOMAIN)
David Miller
dmiller at tiggee.com
Fri Sep 20 23:35:34 UTC 2013
On 9/20/2013 7:28 PM, Mark Andrews wrote:
>
> In message <021501ceb653$ede37250$c9aa56f0$@leadmon.net>, "Howard Leadmon" writ
> es:
>> This is probably easier than I am making it, but my googlefu seems to be
>> failing me at the moment when I look around. I handle a batch of FreeBSD
>> servers running sendmail, and I am having a site that is trying to deliver
>> mail being rejected, but they swear their DNS is right, so I am not sure if
>> we have an issue, or they do.
>>
>> I am seeing sendmail rejects like this:
>>
>> Sep 20 14:45:59 mail3 mail3-smtp[15388]: r8JE8kQg099367:
>> to=<jmeteyard at panini.co.uk>, delay=1+04:37:10, xdelay=00:00:31,
>> mailer=esmtp, pri=5259883, relay=smtp2.panini.co.uk., dsn=4.0.0,
>> stat=Deferred: Name server: smtp2.panini.co.uk.: host name lookup failure
>>
>>
>> If I take and run a host lookup, I get a response like this:
>>
>> $ host panini.co.uk
>> panini.co.uk mail is handled by 10 smtp.panini.co.uk.
>> panini.co.uk mail is handled by 20 smtp2.panini.co.uk.
>>
>>
>> Now if I try that on any of the hosts that should accept the mail, I see:
>>
>> $ host smtp.panini.co.uk
>> smtp.panini.co.uk is an alias for smtp.panini.it.
>> smtp.panini.it has address 151.12.160.24
>> Host smtp.panini.it not found: 3(NXDOMAIN)
>>
>> $ host smtp2.panini.co.uk
>> smtp2.panini.co.uk is an alias for smtp2.panini.it.
>> smtp2.panini.it has address 151.12.160.30
>> Host smtp2.panini.it not found: 3(NXDOMAIN)
>
> Firstly MX records are not supposed to point to CNAME records. The
> MX records need to be updated.
>
>> So I get the IP address returned, but then an NXDOMAIN that follows. I do
>> have the BrokenAAAA config option in my sendmail, so know it's not that, or
>> I don't think so. Yet if I do a dig on the hosts, they seem to come back
>> with an IP address as expected, and shown above.
>>
>> So if anyone can offer a clue on this, it would be appreciated..
>
> Secondly and more importantly they have a misconfigured load balancer
> that is returning bad answers. The last answer to "dig +trace
> smtp2.panini.it aaaa" should be "smtp2.panini.it. 86400 IN SOA
> paninirad1.panini.it. administrator.panini.it".
>
> Note the SOA record needs to be from the zone delegated (smtp2.panini.it)
> to the load balancer.
>
> They need to contact their load balancer vendor for proper instructions
> on how to configure it.
>
> Mark
>
> % dig +trace smtp2.panini.it aaaa
>
> ; <<>> DiG 9.10.0a1 <<>> +trace smtp2.panini.it aaaa
> ;; global options: +cmd
> . 518400 IN NS f.root-servers.net.
> . 518400 IN NS c.root-servers.net.
> . 518400 IN NS k.root-servers.net.
> . 518400 IN NS d.root-servers.net.
> . 518400 IN NS l.root-servers.net.
> . 518400 IN NS i.root-servers.net.
> . 518400 IN NS h.root-servers.net.
> . 518400 IN NS b.root-servers.net.
> . 518400 IN NS e.root-servers.net.
> . 518400 IN NS m.root-servers.net.
> . 518400 IN NS g.root-servers.net.
> . 518400 IN NS a.root-servers.net.
> . 518400 IN NS j.root-servers.net.
> . 518400 IN RRSIG NS 8 0 518400 20130927000000 20130919230000 49656 . U9k2KFpbNYnY4EfyKzla26XbharLoAQtkQG02oq3aHVnM3OlLp6lmBdT wgMDcShAQJxIk50krHlIuoyOGHHuJ56P6ubFiGBRU0V4OOt2/V8emJZx U6MRMDwDyTweZbfNZiiK20T5RVlUK/PLI3YbbcYxxtSCKzV2fThLxi3F /x4=
> ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
>
> it. 172800 IN NS a.dns.it.
> it. 172800 IN NS c.dns.it.
> it. 172800 IN NS m.dns.it.
> it. 172800 IN NS r.dns.it.
> it. 172800 IN NS dns.nic.it.
> it. 172800 IN NS nameserver.cnr.it.
> it. 86400 IN NSEC je. NS RRSIG NSEC
> it. 86400 IN RRSIG NSEC 8 1 86400 20130927000000 20130919230000 49656 . A01ecU1p6o7U4le9Jh8F2aQ4fl9XdPFMcERxLf2cZ6aiHkKsZdQsHiwN eI/5VnC9N1sLgF9p8uD7H8adMjC/EFHDK/kXmbpJNps9Hi/VdYa846He tu4iYxmQpaq0SgIpCqsRSRk0TjnL0l0B/VZueZREvpEQND6Zjjys7Zow ZvE=
> ;; Received 610 bytes from 128.63.2.53#53(h.root-servers.net) in 352 ms
>
> panini.it. 10800 IN NS dns1.quadrante.com.
> panini.it. 10800 IN NS dns2.quadrante.com.
> ;; Received 108 bytes from 2001:678:4::16#53(c.dns.it) in 200 ms
>
> smtp2.panini.it. 3600 IN NS paninirad3.panini.it.
> smtp2.panini.it. 3600 IN NS paninirad2.panini.it.
> smtp2.panini.it. 3600 IN NS paninirad1.panini.it.
> ;; Received 167 bytes from 83.103.76.83#53(dns2.quadrante.com) in 410 ms
>
> panini.it. 86400 IN SOA panini.it. administrator.panini.it. 998545544 28800 7200 604800 86400
> ^^^^^^^^^^ is WRONG!!!!!!!!!!!
> ;; Received 110 bytes from 83.216.164.178#53(paninirad3.panini.it) in 341 ms
Their load balancer doesn't return any NS records for the domain
smtp2.panini.it either:
$ dig ns smtp2.panini.it. @paninirad1.panini.it.
; <<>> DiG 9.9.2 <<>> ns smtp2.panini.it. @paninirad1.panini.it.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36438
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;smtp2.panini.it. IN NS
;; Query time: 125 msec
;; SERVER: 151.12.160.50#53(151.12.160.50)
;; WHEN: Fri Sep 20 23:32:46 2013
;; MSG SIZE rcvd: 33
-DMM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130920/d41c5355/attachment.bin>
More information about the bind-users
mailing list