bind-8.1.2, lost MX's

Steinar Haug sthaug at nethelp.no
Thu Jun 10 08:39:14 UTC 1999 

[torben fjerdingstad]

|   Sometimes mail fails, apparently because bind-8.1.2 gives
|   wrong information about MX's.

No, from what I can see the administrators of the dfu.min.dk brought
this upon themselves. It is not a BIND problem.

|   Our mail server is a precedence, say, 20 MX for some customers
|   who have their own mail server as precedence 10.
|   
|   Sometimes, mail bounces because bind either says
|   our mail server has the highest precedence, or
|   there are no MX's for the domain name.
|   
|   It is hard to prove. Here is what I have (2 cases):
|   
|   1) This error was on my mail server, mail.net.uni-c.dk, which is
|   using ns.darenet.dk for the resolver (bind-8.1.2):
|   
|   qmail error report:
|   <ca at dfu.min.dk>:
|   Sorry. Although I'm listed as a best-preference MX or A for that host,
|   it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)
|   
|   In the above case, I am NOT the best preference MX, so bind must
|   have delivered bogus data. The truth is:
|   dfu.min.dk      preference = 15, mail exchanger = hfi02.dfu.min.dk
|   dfu.min.dk      preference = 25, mail exchanger = mail.net.uni-c.dk

Using dig you see the problem immediately:

;; ANSWERS:
dfu.min.dk.     3600    MX      15 hfi02.dfu.min.dk.
dfu.min.dk.     3600    MX      25 mail.net.uni-c.dk.

;; ADDITIONAL RECORDS:
hfi02.dfu.min.dk.       0       A       130.226.135.2
mail.net.uni-c.dk.      21407   A       130.226.1.3

Notice TTL 0 for hfi02.dfu.min.dk! This will result in the RR not being
returned at all sometimes, and then mail *cannot* be delivered to the
highest preference MX.

dfu.min.dk has only name server (hfi01.dfu.min.dk, 130.226.135.4), and
this name server is seriously screwed up:

- returns A records for both itself and hfi02.dfu.min.dk with a TTL of
0 if you ask it directly for A records:

% dig a hfi01.dfu.min.dk @130.226.135.4
;; flags: qr aa rd ra
;; ANSWERS:
hfi01.dfu.min.dk.       0       A       130.226.135.4

- returns a *different* A record for itself, with TTL 1 hour, if you
ask it for SOA:

% dig soa dfu.min.dk @130.226.135.4
;; flags: qr aa rd ra; Ques: 1, Ans: 1, Auth: 0, Addit: 1
;; ANSWERS:
dfu.min.dk.     3600    SOA     hfi01.dfu.min.dk. administrator.dfu.min.dk. (
                        44      ; serial
                        3600    ; refresh (1 hour)
                        600     ; retry (10 mins)
                        86400   ; expire (1 day)
                        3600 )  ; minimum (1 hour)

;; ADDITIONAL RECORDS:
hfi01.dfu.min.dk.       3600    A       147.29.128.7

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the bind-users mailing list