Name resolution and mail problem

Barry Margolin barmar at bbnplanet.com
Fri Oct 22 15:19:33 UTC 1999 

In article <38107BE0.1A8F8552 at nichols.com>,
Brian Sommers <sommersb at nichols.com> wrote:
>
>I'm trying to debug mail delivery errors to a domain. The system that
>cannot deliver is running BIND 8.2.2 and sendmail 8.9.3. I also have a
>system running a BIND 4 (think it's 4.9.7) and sendmail 8.8.8 that has
>no problem delivering the same message.
>
>I want to think that the site has some DNS configuration problems and
>that the BIND 8 is less forgiving than the BIND 4 counterpart. Below are
>some of the checks I made.
>
>The thing I thought might be an error is that the name servers listed
>for whois are not given any NS records for the domain (or the SOA) when
>I get a dump for the primary nameserver (see the last section).

I think that's the problem as well.

....

>So my questions are - is this a malformed setup, and is this something
>that BIND 4 allows but BIND 8 doesn't?  Or perhaps it is sendmail that
>is being more strict?

I've heard that recent versions of sendmail are very strict about DNS
settings.  Someone even once told me that it does its own resolving, rather
than just using the system resolver, although I'm not sure I believe him (I
haven't checked).

But in general, you should expect the NS records that come from the
authoritative server to be preferred over the NS records in delegation
records on the parent domain server (the root servers in this case).  The
DNS specification contains "credibility" levels that are associated with
data from different sources, and authoritative data is more credible than
delegation records (DNS administrators frequently forget to inform upstream
administrators when they make changes like this).

Since the two nameservers listed in the NS records in the zone file don't
respond, problems are not unexpected.  You should add NS records for the
servers that *do* respond.  And if ns3 and ns4 are expected to be down for
a while, it would be a good idea to remove them from the NS records
completely, to avoid wasting time trying to query them.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list