Can't resolve mx for cder.fda.gov

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Apr 13 23:01:09 UTC 2000 

	The server octest.fda.gov has a old copy of the fda.gov zone
	which has a old delgation for cder.fda.gov.  It looks like
	this copy of the zone has expired on the server as it is handing
	out non-authatative answers for the fda.gov zone.
	Ns1 and ns2 have serials 2000032201, octest has 2000021702.  The
	expiry timer started out at 5w6d16h so it is likely given those
	serials to have triggered.

	Also having all the server for cder.fda.gov and fda.gov within the
	same class B does not lead me to believe that there is effective
	redundancy in the servering of these zones.  i.e. there is likely
	to be a single point of failure that makes all the  nameservers
	unreachable.

	Your MTA should be treating the inability to get a answer to a MX
	query as a soft error.  If it is not then you need to get it fixed.

	Mark

> 
> 
> We have an external and internal nameservers.  The internal server will forwa
> rd
> any external query to our external server sitting on our DMZ.  Lately, a stra
> nge
> thing is happening to our external server.  Here is what we see:
> 
> Both servers are Solaris 2.6 running Bind 8.2.2 with level patch5.  Our inter
> net
> mail gateway  resolves using our internal nameserver for routing.  The past 2
> weeks, the internal server failed to resolve the mx record for cder.fda.gov
> twice.   What stumped me is that this is only domain our  nameserver was havi
> ng
> trouble with.  When I used dig to query for the mx record for cder.fda.gov, i
> t
> hanged and then timed out.  When I specified with the no recursion option, di
> g
> returned the ns record for fda.gov, but no mx record.   My solution for both
> times was to reboot my external nameserver.   BTW, I've checked my firewall's
> rule base and everything seemed normal.
> 
> Had anybody experienced anything like this before?
> 
> Thanks
> Frank Hui
> Systems Engineer
> Pharmacia Corp
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list