Strange domain issues - waterco.com.my
Clenna Lumina
savagebeaste at yahoo.com
Mon Jun 4 06:12:57 UTC 2007
I get this:
$ dig @ns1.waterco.com.my waterco.com.my mx
;; reply from unexpected source: 60.51.231.186#1077, expected
60.51.231.186#53
;; reply from unexpected source: 60.51.231.186#1077, expected
60.51.231.186#53
;; reply from unexpected source: 60.51.231.186#1077, expected
60.51.231.186#53
; <<>> DiG 9.3.4 <<>> @ns1.waterco.com.my waterco.com.my mx
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
It seems to me the problem is the query goes to ns1.waterco.com.my
[60.51.231.186] port 53, BUT comes back from the same host on port 1077.
The moral: Bind doesn't like port to/from mismatches. This is probably a
host behind a router/firewall.
Adding this to the options { } block should fix it, if the NAT is
configured to preserve the original source port of an outgoing packet:
options {
query-source: address * port 53;
};
The address can be an ip of a specific interface too.
Dawn Connelly wrote:
> Try digging at the IP address of their DNS server rather than at it's
> name. That appears to be working. I was noticing a lot of
> latency...at least from where I was querying. It might be that when
> you query against the name rather than the IP it's taking too long to
> resolve that and to resolve the query you are making so it's timing
> out.
> What exactly does the bounce back say? It might be that it's
> rejecting the inbound email because you don't have a PTR record or
> something like that. There are lots of things that email could be
> looking at when it comes to DNS.
>
> On 5/24/07, Elias <elias at streamyx.com> wrote:
>>
>> Hi guys,
>> We've been unable to send mails to waterco.com.my and mails always
>> bounce back saying that its a DNS issue. Digging further, we can get
>> a response via 'dig waterco.com.my' but no responses via 'dig
>> @ns1.waterco.com.my waterco.com.my mx' or 'dig @ns2.waterco.com.my
>> waterco.com.my mx'. Is
>> there any logic to this? We seem to think that its probably some
>> weird firewall issue but have no experience troubleshooting these
>> cases.
>>
>> # dig waterco.com.my mx
>>
>> ; <<>> DiG 9.4.0 <<>> waterco.com.my mx
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1197
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>>
>> ;; QUESTION SECTION:
>> ;waterco.com.my. IN MX
>>
>> ;; ANSWER SECTION:
>> waterco.com.my. 3600 IN MX 10 mx.waterco.com.my.
>>
>> ;; AUTHORITY SECTION:
>> waterco.com.my. 3597 IN NS ns2.waterco.com.my.
>> waterco.com.my. 3597 IN NS ns1.waterco.com.my.
>>
>> ;; ADDITIONAL SECTION:
>> mx.waterco.com.my. 3600 IN A 60.51.231.187
>>
>> ;; Query time: 14 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Thu May 24 20:16:10 2007
>> ;; MSG SIZE rcvd: 103
>>
>>
>> # dig @ns1.waterco.com.my waterco.com.my mx
>>
>> ; <<>> DiG 9.4.0 <<>> @ns1.waterco.com.my waterco.com.my mx
>> ; (1 server found)
>> ;; global options: printcmd
>> ;; connection timed out; no servers could be reached
>>
>>
>> I've contacted the domain owner but they seem to say that
>> everything's alright at their end. Can anybody help verify if you
>> guys are also seing the same thing? Any assistance rendered is
>> greatly appreciated. Thanks!
--
. Alfred Z. Newmane .
More information about the bind-users
mailing list