MX misbehavior

Wed Dec 12 00:36:33 UTC 2001

The reason some nameservers just give you back a list of root nameservers is because they
aren't configured to allow your source address to use them recursively. This is generally a
good practice, from a security standpoint, and something you might want to consider doing
yourself (although admittedly your open recursion policy turns out to be useful in
troubleshooting this particular problem :-)

The reason the query didn't work from Verio is because sucky old nslookup (use dig
instead) aborted when the reverse lookup of 204.91.99.140 failed. Why it failed for you is
anyone's guess; I can reverse-resolve it just fine.

So this leaves us with the problem that ns2.netchemistry.com can't seem to resolve certain
domains. I think this is a routing or a firewall problem, since it can resolve most domain
names, just not certain ones. It can't resolve www.netgates.co.uk, for instance, which is
served by the same set of nameservers as angelbourse.com. It seems like it just can't talk
to that set of nameservers (which all appear to be on the same subnet or at least
closely-located subnets).

- Kevin

George Robinson II wrote:

>          I'm having some trouble sending mail to angelbourse.com.  One of my nameservers,
> ns1.netchemistry.com, has no problems looking up the mx record.  However, when I
> try the same thing with my secondary, ns2.netchemistry.com, it times out and
> doesn't work.  For perspective, I try this same thing on ns1.best.com, and I get
> back the list of root servers.  On the other servers I tried, they would not
> play nicely with me.  Could some one give me some ideas on what to check or what
> to read up on?  Yes, I have read the man pages and read through many faqs and
> the oreilly books.
>
> ---Example---
>
> % nslookup -querytype=mx angelbourse.com ns1.netchemistry.com
> Server:  ns1.netchemistry.com
> Address:  63.241.3.35
>
> Non-authoritative answer:
> angelbourse.com preference = 50, mail exchanger = mail.gemsoft.net
> angelbourse.com preference = 10, mail exchanger = mail.kaliba.net
>
> Authoritative answers can be found from:
> angelbourse.com nameserver = DNS.NETGATES.CO.UK
> angelbourse.com nameserver = DNS2.NETGATES.CO.UK
> angelbourse.com nameserver = NS3.NETGATES.net
> mail.gemsoft.net        internet address = 195.10.254.5
> DNS2.NETGATES.CO.UK     internet address = 194.105.64.181
> NS3.NETGATES.net        internet address = 194.105.73.7
>
> % nslookup -querytype=mx angelbourse.com ns2.netchemistry.com
> Server:  ns2.netchemistry.com
> Address:  216.198.72.236
>
> *** ns2.netchemistry.com can't find angelbourse.com: Non-existent host/domain
>
> % nslookup -querytype=mx angelbourse.com ns1.verio.net
> *** Can't find server name for address 204.91.99.140: Query refused
> *** Default servers are not available
>
> % nslookup -querytype=mx angelbourse.com ns1.best.com
> Server:  dns1.ba.best.net
> Address:  209.24.149.41
>
> Authoritative answers can be found from:
> com     nameserver = A.GTLD-SERVERS.NET
> com     nameserver = G.GTLD-SERVERS.NET
> com     nameserver = C.GTLD-SERVERS.NET
> com     nameserver = I.GTLD-SERVERS.NET
> com     nameserver = B.GTLD-SERVERS.NET
> com     nameserver = D.GTLD-SERVERS.NET
> com     nameserver = L.GTLD-SERVERS.NET
> com     nameserver = F.GTLD-SERVERS.NET
> com     nameserver = J.GTLD-SERVERS.NET
> com     nameserver = K.GTLD-SERVERS.NET
> com     nameserver = E.GTLD-SERVERS.NET
> com     nameserver = M.GTLD-SERVERS.NET
> A.GTLD-SERVERS.NET      internet address = 192.5.6.30
> G.GTLD-SERVERS.NET      internet address = 198.41.3.101
> C.GTLD-SERVERS.NET      internet address = 192.26.92.30
> I.GTLD-SERVERS.NET      internet address = 192.36.144.133
> B.GTLD-SERVERS.NET      internet address = 203.181.106.5
> D.GTLD-SERVERS.NET      internet address = 208.206.240.5
> L.GTLD-SERVERS.NET      internet address = 192.41.162.30
> F.GTLD-SERVERS.NET      internet address = 192.35.51.30
> J.GTLD-SERVERS.NET      internet address = 210.132.100.101
> K.GTLD-SERVERS.NET      internet address = 213.177.194.5
> E.GTLD-SERVERS.NET      internet address = 207.200.81.69
> M.GTLD-SERVERS.NET      internet address = 202.153.114.101
>
> % nslookup -querytype=mx angelbourse.com ns.san2.aens.net
> Server:  ns.san2.aens.net
> Address:  63.241.10.4
>
> *** ns.san2.aens.net can't find angelbourse.com: Non-existent host/domain