Name resolution and mail problem
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sat Oct 23 01:35:18 UTC 1999
As you have seen, the NS rrsets in the parent zone bear no
relation to those in the child zone. It is only BIND 4's
permissiveness that allows this to work. BIND 8 classifies
answers according to there source and won't replace ones
from a more credible source (the servers for the zone) with
ones from a less credible source (the parent zone).
This can lead to deadlocks occuring.
The nameservers in the parent zone should always agree with
those in the child zone except when the zone is being moved
to new servers. During that period the child should contain
both the old and new nameservers.
Mark
>
> I'm trying to debug mail delivery errors to a domain. The system that
> cannot deliver is running BIND 8.2.2 and sendmail 8.9.3. I also have a
> system running a BIND 4 (think it's 4.9.7) and sendmail 8.8.8 that has
> no problem delivering the same message.
>
> I want to think that the site has some DNS configuration problems and
> that the BIND 8 is less forgiving than the BIND 4 counterpart. Below are
> some of the checks I made.
>
> The thing I thought might be an error is that the name servers listed
> for whois are not given any NS records for the domain (or the SOA) when
> I get a dump for the primary nameserver (see the last section).
>
>
> -- [ here are the errors from sendmail that syslogd logged ] --
>
> Oct 22 08:09:40 6C:mx1 sendmail[156362]: MAA127462:
> to=<mguidry at usunwired.com>, delay=20:04:43,
> xdelay=00:00:00, mailer=esmtp, relay=usunwired.com., stat=Deferred: Name
> server: usunwired.com.: host name
> lookup failure
> Oct 22 08:19:05 6C:mx1 sendmail[163413]: HAA163588:
> to=<mguidry at usunwired.com>, delay=00:44:46,
> xdelay=00:00:15, mailer=esmtp, relay=usunwired.com., stat=Deferred: Name
> server: usunwired.com.: host name
> lookup failure
> Oct 22 08:20:14 6C:mx1 sendmail[163413]: MAA127462:
> to=<mguidry at usunwired.com>, delay=20:15:17,
> xdelay=00:00:00, mailer=esmtp, relay=usunwired.com., stat=Deferred: Name
> server: usunwired.com.: host name
> lookup failure
>
> -- [ I can resolve the domain name, FWIW ] --
>
> nslookup usunwired.com
> Server: mx1.nichols.com
> Address: 0.0.0.0
>
> Name: usunwired.com
> Address: 207.191.51.5
>
> -- [ dig finds the A record, but cannot get the MX records ] --
>
> root(mx1): dig usunwired.com
>
> ; <<>> DiG 8.2 <<>> usunwired.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; usunwired.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> usunwired.com. 23h59m34s IN A 207.191.51.5
>
> ;; AUTHORITY SECTION:
> usunwired.com. 23h59m34s IN NS ns3.usunwired.net.
> usunwired.com. 23h59m34s IN NS ns4.usunwired.net.
>
> ;; Total query time: 10 msec
> ;; FROM: mx1.nichols.com to SERVER: default -- 0.0.0.0
> ;; WHEN: Fri Oct 22 08:34:08 1999
> ;; MSG SIZE sent: 31 rcvd: 96
>
> root(mx1): dig usunwired.com mx
>
> ; <<>> DiG 8.2 <<>> usunwired.com mx
> ;; res options: init recurs defnam dnsrch
> ;; res_nsend[signed] to server default -- 0.0.0.0: Connection timed out
>
> -- [ same thing for host ] --
>
> root(mx1): host usunwired.com
> usunwired.com has address 207.191.51.5
> root(mx1):
>
> -- [ found their name servers ] --
>
> root(mx1): whois usunwired.com
>
> Registrant:
> US-Unwired (USUNWIRED-DOM)
> One Lakeshore Drive Ste 1900
> Lake Charles, LA 70602
> US
>
> Domain Name: USUNWIRED.COM
>
> Administrative Contact:
> U.S. Unwired Admin (US69-ORG) admin at USUNWIRED.COM
> (800) 673-2200
> Fax- (318) 497-3442
> Technical Contact, Zone Contact:
> US Unwired Admin (UU7-ORG) domain at USUNWIRED.NET
> (800) 673-2200
> Fax- (318) 497-3442
> Billing Contact:
> U.S. Unwired Admin (US69-ORG) admin at USUNWIRED.COM
> (800) 673-2200
> Fax- (318) 497-3442
>
> Record last updated on 11-May-1999.
> Record created on 07-Nov-1997.
> Database last updated on 21-Oct-1999 04:53:13 EDT.
>
> Domain servers in listed order:
>
> DNS1.USUNWIRED.NET 207.191.50.250
> DNS2.USUNWIRED.NET 207.191.51.250
>
> -- [ do an nslookup on the first server to look for MX and find two ] --
>
> root(mx1): nslookup
> Default Server: mx1.nichols.com
> Address: 0.0.0.0
>
> > server DNS1.USUNWIRED.NET
> Default Server: DNS1.USUNWIRED.NET
> Address: 207.191.50.250
>
> > ls -t mx USUNWIRED.COM.
> [DNS1.USUNWIRED.NET]
> $ORIGIN usunwired.com.
> @ 1D IN MX 20 backmail.usunwired.net.
> 1D IN MX 10 mail
>
> > mail.USUNWIRED.COM.
> Server: DNS1.USUNWIRED.NET
> Address: 207.191.50.250
>
> Name: mail.USUNWIRED.COM
> Address: 207.191.51.246
>
> > backmail.usunwired.net.
> Server: DNS1.USUNWIRED.NET
> Address: 207.191.50.250
>
> Non-authoritative answer:
> Name: backmail.usunwired.net
> Address: 207.191.51.251
>
> >
>
> -- [ however I cannot get a regular nslookup to resolve their first MX
> host ] --
>
> root(mx1): nslookup mail.usunwired.com
> Server: mx1.nichols.com
> Address: 0.0.0.0
>
> *** mx1.nichols.com can't find mail.usunwired.com: Non-existent
> host/domain
> root(mx1): nslookup backmail.usunwired.net
> Server: mx1.nichols.com
> Address: 0.0.0.0
>
> Non-authoritative answer:
> Name: backmail.usunwired.net
> Address: 207.191.51.251
>
> -- [ same thing for dig ] --
>
> root(mx1): dig mail.usunwired.com
>
> ; <<>> DiG 8.2 <<>> mail.usunwired.com
> ;; res options: init recurs defnam dnsrch
> ;; res_nsend[signed] to server default -- 0.0.0.0: Connection timed out
> root(mx1):
> root(mx1): dig backmail.usunwired.net
>
> ; <<>> DiG 8.2 <<>> backmail.usunwired.net
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; backmail.usunwired.net, type = A, class = IN
>
> ;; ANSWER SECTION:
> backmail.usunwired.net. 23h48m52s IN A 207.191.51.251
>
> ;; AUTHORITY SECTION:
> USUNWIRED.NET. 1d23h29m7s IN NS DNS1.USUNWIRED.NET.
> USUNWIRED.NET. 1d23h29m7s IN NS DNS2.USUNWIRED.NET.
>
> ;; ADDITIONAL SECTION:
> DNS1.USUNWIRED.NET. 1d23h29m7s IN A 207.191.50.250
> DNS2.USUNWIRED.NET. 1d23h29m7s IN A 207.191.51.250
>
> ;; Total query time: 12 msec
> ;; FROM: mx1.nichols.com to SERVER: default -- 0.0.0.0
> ;; WHEN: Fri Oct 22 09:04:30 1999
> ;; MSG SIZE sent: 40 rcvd: 139
>
> -- [ now I dump all their records and see a possible problem with the NS
> data ] --
>
> root(mx1): nslookup
> Default Server: mx1.nichols.com
> Address: 0.0.0.0
>
> > server DNS1.USUNWIRED.NET
> Default Server: DNS1.USUNWIRED.NET
> Address: 207.191.50.250
>
> > ls -t any USUNWIRED.COM.
> [DNS1.USUNWIRED.NET]
> $ORIGIN usunwired.com.
> @ 1D IN SOA ns1.usunwired.net.
> admin.usunwired.net. (
> 1999102101 ; serial
> 1H ; refresh
> 30M ; retry
> 1W ; expiry
> 1D ) ; minimum
>
> 1D IN NS ns3.usunwired.net.
> 1D IN NS ns4.usunwired.net.
> 1D IN A 207.191.51.5
> 1D IN MX 20 backmail.usunwired.net.
> 1D IN MX 10 mail
> newmail 1D IN A 207.191.3.73
> localhost 1D IN A 127.0.0.1
> mail 1D IN A 207.191.51.246
> www 1D IN A 207.191.51.5
> ftp 1D IN CNAME www
> @ 1D IN SOA ns1.usunwired.net.
> admin.usunwired.net. (
> 1999102101 ; serial
> 1H ; refresh
> 30M ; retry
> 1W ; expiry
> 1D ) ; minimum
>
> -- [ They list SOA=ns1.usunwired.net and NS=ns3.usunwired.net,
> NS=ns4.usunwired.net, but no NS records
> for DNS1.USUNWIRED.NET or DNS2.USUNWIRED.NET (from whois) ] --
>
> So my questions are - is this a malformed setup, and is this something
> that BIND 4 allows but BIND 8 doesn't? Or perhaps it is sendmail that
> is being more strict?
>
> I don't mind getting in touch with their admin to go over any problems,
> but I am not sure if the problem is theirs or not. That's why I am
> looking for some guru help...
>
> Thanks,
> Brian
>
> --
> Brian Sommers
> Nichols Research
> sommersb at nichols.com
>
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list