Strange MX record problem in bind-8.2.2_p5
bind-users at sanitarium.net
bind-users at sanitarium.net
Tue Jun 13 14:49:57 UTC 2000
On Mon, 12 Jun 2000, Kevin Darcy wrote:
> Since the full response to a "usa.com MX" query is in the area of 512 bytes, if
> I had to guess I'd say you have some sort of router or firewall blocking
> TCP port 53 (which is what named will attempt if the UDP packet gets
> truncated). But the fact that it's intermittent is puzzling. Do you have
We do not (yet) have a firewall at all. Except for these two servers, all of
our other systems are behind a NAT router. These two are completely open (they
just have all of the dangerous protocols turned off).
> multiple network paths to the Internet by any chance?
We will but we don't yet.
>
> If it were me, I'd be turning on debugging at this point...
I did run nslookup in debug mode (which strangely fixed the promlem) but I
haven't tried running bind in debug mode yet. The problem is that it only does
this about once every couple of days.
>
> By the way, nslookup sucks. Use "dig".
I do use dig for many things especially reverse lookups but I have had it
fail on things that nslookup works fine on. Plus I know how to do more things
with nslookup than I do with dig. Either way it is sendmail that is actually
generating the query. I keep finding email messages sitting in my mailq with
(deferred: host map lookup) and the only way I can get them through is to set
my /etc/resolv.conf to some other DNS server and then user sendmail -q to force
the message to retry.
>
>
> - Kevin
>
> bind-users at sanitarium.net wrote:
>
> > Problem: Bind version 8.2.2 Patch 5 compiled running on Sun Solaris 8 is
> > acting funky.
> > Symptoms: Mail Queue is filling up with out-bound mail to certain domain
> > names
> > Cause:
> > * Our DNS server cannot locate the MX record for these mail messages domain
> > names in the mail queue.
> > * Other DNS servers do not have a problem resolving these same sites' domain
> > names during this testing process.
> > * Our real IP addresses and domain name have been replaced with loopback
> > ip's and fake names for this post.
> >
> > Strange Resolutions
> > * On our first attempt to locate the problem we used nslookup in interactive
> > mode to lookup a MX record for a particular address in the mail queue. In
> > this case it was for usa.com
> >
> > > set type=mx
> > > usa.com
> > Server: dnsserver at ourdomain.com
> > Address: 127.0.0.2
> >
> > *** dnsserver at ourdomain.com can't find usa.com: Non-existent host/domain
> >
> > * To get a more detailed inquiry we placed nslookup in Debug Mode 2 and
> > asked the same query.
> >
> > > set d2
> > > usa.com
> > Server: dnsserver at ourdomain.com
> > Address: 127.0.0.2
> >
> > Our results were that debug level 2 was able to get the correct answer, and
> > after turning off debug, the name server continued to give the correct
> > result every time.
> >
> > * While this worked for our primary server, performing the exact same
> > operation on our secondary server did not resolve the problem
> > * When we completely stopped and restarted named on the secondary server, it
> > started to lookup MX records normally.
> >
> > ;; res_mkquery(0, usa.com, 1, 15)
> > ------------
> > SendRequest(), len 25
> > HEADER:
> > opcode = QUERY, id = 52383, rcode = NOERROR
> > header flags: query, want recursion
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > usa.com, type = MX, class = IN
> >
> > ------------
> > ------------
> > Got answer (379 bytes):
> > HEADER:
> > opcode = QUERY, id = 52383, rcode = NOERROR
> > header flags: response, want recursion, recursion avail.
> > questions = 1, answers = 3, authority records = 0, additional =
> > 16
> >
> > QUESTIONS:
> > usa.com, type = MX, class = IN
> > ANSWERS:
> > -> usa.com
> > type = MX, class = IN, dlen = 26
> > preference = 5, mail exchanger = mail-intake-1.mail.com
> > ttl = 3600 (1H)
> > -> usa.com
> > type = MX, class = IN, dlen = 18
> > preference = 10, mail exchanger = mail-intake-2.mail.com
> > ttl = 3600 (1H)
> > -> usa.com
> > type = MX, class = IN, dlen = 18
> > preference = 15, mail exchanger = mail-intake-3.mail.com
> > ttl = 3600 (1H)
> > ADDITIONAL RECORDS:
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.147
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.100
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.101
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.102
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.103
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.78
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.79
> > ttl = 3600 (1H)
> > -> mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.80
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.147
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.100
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.101
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.102
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.103
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.78
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.79
> > ttl = 3600 (1H)
> > -> mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.80
> > ttl = 3600 (1H)
> >
> > ------------
> > Non-authoritative answer:
> > usa.com
> > type = MX, class = IN, dlen = 26
> > preference = 5, mail exchanger = mail-intake-1.mail.com
> > ttl = 3600 (1H)
> > usa.com
> > type = MX, class = IN, dlen = 18
> > preference = 10, mail exchanger = mail-intake-2.mail.com
> > ttl = 3600 (1H)
> > usa.com
> > type = MX, class = IN, dlen = 18
> > preference = 15, mail exchanger = mail-intake-3.mail.com
> > ttl = 3600 (1H)
> >
> > Authoritative answers can be found from:
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.147
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.100
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.101
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.102
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.103
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.78
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.79
> > ttl = 3600 (1H)
> > mail-intake-1.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.80
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.147
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.100
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.101
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.102
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.4.103
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.78
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.79
> > ttl = 3600 (1H)
> > mail-intake-2.mail.com
> > type = A, class = IN, dlen = 4
> > internet address = 165.251.48.80
> > ttl = 3600 (1H)
> > > nod2
> > Server: dnsserver at ourdomain.com
> > Address: 127.0.0.2
> >
> > ;; res_mkquery(0, nod2.ourdomain.com, 1, 15)
> > ------------
> > SendRequest(), len 34
> > HEADER:
> > opcode = QUERY, id = 52384, rcode = NOERROR
> > header flags: query, want recursion
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > nod2.ourdomain.com, type = MX, class = IN
> >
> > ------------
> > ------------
> > Got answer (95 bytes):
> > HEADER:
> > opcode = QUERY, id = 52384, rcode = NXDOMAIN
> > header flags: response, auth. answer, want recursion, recursion
> > avail.
> > questions = 1, answers = 0, authority records = 1, additional = 0
> >
> > QUESTIONS:
> > nod2.ourdomain.com, type = MX, class = IN
> > AUTHORITY RECORDS:
> > -> ourdomain.com
> > type = SOA, class = IN, dlen = 38
> > ttl = 3600 (1H)
> > origin = ns1.ourdomain.com
> > mail addr = nic-admin.ourdomain.com
> > serial = 2000060803
> > refresh = 10800 (3H)
> > retry = 1800 (30M)
> > expire = 604800 (1W)
> > minimum ttl = 3600 (1H)
> >
> > ------------
> > ;; res_mkquery(0, nod2, 1, 15)
> > ------------
> > SendRequest(), len 22
> > HEADER:
> > opcode = QUERY, id = 52385, rcode = NOERROR
> > header flags: query, want recursion
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > nod2, type = MX, class = IN
> >
> > ------------
> > ------------
> > Got answer (95 bytes):
> > HEADER:
> > opcode = QUERY, id = 52385, rcode = NXDOMAIN
> > header flags: response, auth. answer, want recursion, recursion
> > avail.
> > questions = 1, answers = 0, authority records = 1, additional = 0
> >
> > QUESTIONS:
> > nod2, type = MX, class = IN
> > AUTHORITY RECORDS:
> > -> (root)
> > type = SOA, class = IN, dlen = 62
> > ttl = 86400 (1D)
> > origin = A.ROOT-SERVERS.NET
> > mail addr = hostmaster.internic.NET
> > serial = 2000061200
> > refresh = 1800 (30M)
> > retry = 900 (15M)
> > expire = 604800 (1W)
> > minimum ttl = 86400 (1D)
> >
> > ------------
> > *** dnsserver at ourdomain.com can't find nod2: Non-existent host/domain
> > > set nod2
> > d2 mode disabled; still in debug mode
> > > usa.com
> > Server: dnsserver at ourdomain.com
> > Address: 127.0.0.2
> >
> > ;; res_mkquery(0, usa.com, 1, 15)
> > ------------
> > Got answer:
> > HEADER:
> > opcode = QUERY, id = 52386, rcode = NOERROR
> > header flags: response, want recursion, recursion avail.
> > questions = 1, answers = 3, authority records = 2, additional = 2
> >
> > QUESTIONS:
> > usa.com, type = MX, class = IN
> > ANSWERS:
> > -> usa.com
> > preference = 15, mail exchanger = mail-intake-3.mail.com
> > ttl = 3507 (3507)
> > -> usa.com
> > preference = 5, mail exchanger = mail-intake-1.mail.com
> > ttl = 3507 (3507)
> > -> usa.com
> > preference = 10, mail exchanger = mail-intake-2.mail.com
> > ttl = 3507 (3507)
> > AUTHORITY RECORDS:
> > -> usa.com
> > nameserver = NS1.mail.com
> > ttl = 172410 (172410)
> > -> usa.com
> > nameserver = NS2.mail.com
> > ttl = 172410 (172410)
> > ADDITIONAL RECORDS:
> > -> NS1.mail.com
> > internet address = 165.251.1.2
> > ttl = 172410 (172410)
> > -> NS2.mail.com
> > internet address = 165.251.1.3
> > ttl = 172410 (172410)
> >
> > ------------
> > Non-authoritative answer:
> > usa.com
> > preference = 15, mail exchanger = mail-intake-3.mail.com
> > ttl = 3507 (3507)
> > usa.com
> > preference = 5, mail exchanger = mail-intake-1.mail.com
> > ttl = 3507 (3507)
> > usa.com
> > preference = 10, mail exchanger = mail-intake-2.mail.com
> > ttl = 3507 (3507)
> >
> > Authoritative answers can be found from:
> > usa.com
> > nameserver = NS1.mail.com
> > ttl = 172410 (172410)
> > usa.com
> > nameserver = NS2.mail.com
> > ttl = 172410 (172410)
> > NS1.mail.com
> > internet address = 165.251.1.2
> > ttl = 172410 (172410)
> > NS2.mail.com
> > internet address = 165.251.1.3
> > ttl = 172410 (172410)
> > > set no d2
> > Unrecognized command: set no d2
> > > set nodebug
> > > usa.com
> > Server: dnsserver at ourdomain.com
> > Address: 127.0.0.2
> >
> > Non-authoritative answer:
> > usa.com preference = 15, mail exchanger = mail-intake-3.mail.com
> > usa.com preference = 5, mail exchanger = mail-intake-1.mail.com
> > usa.com preference = 10, mail exchanger = mail-intake-2.mail.com
> >
> > Authoritative answers can be found from:
> > usa.com nameserver = NS1.mail.com
> > usa.com nameserver = NS2.mail.com
> > mail-intake-3.mail.com internet address = 165.251.4.101
> > mail-intake-3.mail.com internet address = 165.251.4.102
> > mail-intake-3.mail.com internet address = 165.251.4.103
> > mail-intake-3.mail.com internet address = 165.251.48.78
> > mail-intake-3.mail.com internet address = 165.251.48.79
> > mail-intake-3.mail.com internet address = 165.251.48.80
> > mail-intake-3.mail.com internet address = 165.251.4.147
> > mail-intake-3.mail.com internet address = 165.251.4.100
> > mail-intake-1.mail.com internet address = 165.251.4.147
> > mail-intake-1.mail.com internet address = 165.251.4.100
> > mail-intake-1.mail.com internet address = 165.251.4.101
> > mail-intake-1.mail.com internet address = 165.251.4.102
> > mail-intake-1.mail.com internet address = 165.251.4.103
> > mail-intake-1.mail.com internet address = 165.251.48.78
> > mail-intake-1.mail.com internet address = 165.251.48.79
> > mail-intake-1.mail.com internet address = 165.251.48.80
> > NS1.mail.com internet address = 165.251.1.2
> > NS2.mail.com internet address = 165.251.1.3
> > > server scooter
> > Default Server: dnsserver2 at ourdomain.com
> > Address: 127.0.0.3
> >
> > > usa.com
> > Server: dnsserver2 at ourdomain.com
> > Address: 127.0.0.3
> >
> > *** dnsserver2 at ourdomain.com can't find usa.com: Non-existent host/domain
> > > set debug
> > > usa.com
> > Server: dnsserver2 at ourdomain.com
> > Address: 127.0.0.3
> >
> > ;; res_mkquery(0, usa.com, 1, 15)
> > ------------
> > Got answer:
> > HEADER:
> > opcode = QUERY, id = 52391, rcode = SERVFAIL
> > header flags: response, want recursion, recursion avail.
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > usa.com, type = MX, class = IN
> >
> > ------------
> > ;; res_mkquery(0, usa.com.ourdomain.com, 1, 15)
> > ------------
> > Got answer:
> > HEADER:
> > opcode = QUERY, id = 52392, rcode = NXDOMAIN
> > header flags: response, auth. answer, want recursion, recursion
> > avail.
> > questions = 1, answers = 0, authority records = 1, additional = 0
> >
> > QUESTIONS:
> > usa.com.ourdomain.com, type = MX, class = IN
> > AUTHORITY RECORDS:
> > -> ourdomain.com
> > ttl = 3600 (1H)
> > origin = ns1.ourdomain.com
> > mail addr = nic-admin.ourdomain.com
> > serial = 2000060803
> > refresh = 10800 (3H)
> > retry = 1800 (30M)
> > expire = 604800 (1W)
> > minimum ttl = 3600 (1H)
> >
> > ------------
> > *** dnsserver2 at ourdomain.com can't find usa.com: Non-existent host/domain
> > > set d2
> > > usa.com
> > Server: dnsserver2 at ourdomain.com
> > Address: 127.0.0.3
> >
> > ;; res_mkquery(0, usa.com, 1, 15)
> > ------------
> > SendRequest(), len 25
> > HEADER:
> > opcode = QUERY, id = 52393, rcode = NOERROR
> > header flags: query, want recursion
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > usa.com, type = MX, class = IN
> >
> > ------------
> > ------------
> > Got answer (25 bytes):
> > HEADER:
> > opcode = QUERY, id = 52393, rcode = SERVFAIL
> > header flags: response, want recursion, recursion avail.
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > usa.com, type = MX, class = IN
> >
> > ------------
> > ;; res_mkquery(0, usa.com.ourdomain.com, 1, 15)
> > ------------
> > SendRequest(), len 37
> > HEADER:
> > opcode = QUERY, id = 52394, rcode = NOERROR
> > header flags: query, want recursion
> > questions = 1, answers = 0, authority records = 0, additional = 0
> >
> > QUESTIONS:
> > usa.com.ourdomain.com, type = MX, class = IN
> >
> > ------------
> > ------------
> > Got answer (98 bytes):
> > HEADER:
> > opcode = QUERY, id = 52394, rcode = NXDOMAIN
> > header flags: response, auth. answer, want recursion, recursion
> > avail.
> > questions = 1, answers = 0, authority records = 1, additional = 0
> >
> > QUESTIONS:
> > usa.com.ourdomain.com, type = MX, class = IN
> > AUTHORITY RECORDS:
> > -> ourdomain.com
> > type = SOA, class = IN, dlen = 38
> > ttl = 3600 (1H)
> > origin = ns1.ourdomain.com
> > mail addr = nic-admin.ourdomain.com
> > serial = 2000060803
> > refresh = 10800 (3H)
> > retry = 1800 (30M)
> > expire = 604800 (1W)
> > minimum ttl = 3600 (1H)
> >
> > ------------
> > *** dnsserver2 at ourdomain.com can't find usa.com: Non-existent host/domain
> > >
>
>
>
>
>
>
More information about the bind-users
mailing list