slightly OT sendmail question
James A Griffin
agriffin at cpcug.org
Sat Jul 14 02:31:30 UTC 2001
Will Yardley wrote:
>
> I've been having some random problems with sendmail 8.12 beta that are
> somewhat DNS related and have had no response from the sendmail newsgroup.
> Is sendmail 8.12 more picky about DNS stuff than earlier versions (ie 8.11)?
> I'm getting 'domain does not resolve' errors when i can clearly resolve
> something on the machine itself. There are usually DNS errors of one type or
> another, but an A record and an MX record can be found generally (both
> through at least one of the sites' nameservers (often _one_ is timing out)
> and from the main nameserver in /etc/resolv.conf. is sendmail now picky
> about whether or not a repsonse is authoritative? does it query the
> authoritative server directly for _any_ records?
>
> turning off 'canonify' seems to help in some cases, but not always.
>
> here's another error:
> <address at removed>: Connected to 209.85.245.5 but sender was rejected.
> Remote host said: 451 4.1.8 <forbar at 2xtreme.net>... Domain of sender address
> forbar at 2xtreme.net does not resolve
>
> i can resolve 2xtreme.net through both nameservers directly, although both
> respond non-authoritatively.
>
> since we're having this problem with a lot of domains, I'm not quite sure
> what to do - is this a bug or a feature of sendmail? sending to the same
> domains works fine from my home machine (sendmail 8.11). i will downgrade if
> i have to, but i'd prefer not to.
[snip]
Will,
I have been reading the sendmail newsgroup too and have seen a number of
problems the are the result to imporperly, poorly, and flat out wrong
DNS configuration. In this case 2xtreme.net is malconfigured (to be
polite).
Doc-2.2.2: Starting test of 2xtreme.net. parent is net.
Doc-2.2.2: Test date - Fri Jul 13 22:15:09 EDT 2001
Note: Skipping parent domain testing
Found 2 NS and 2 glue records for 2xtreme.net. @a.gtld-servers.net.
(non-AUTH)
Using NSlist from parent domain server a.gtld-servers.net.
NS list summary for 2xtreme.net. from parent (net.) servers
== ns1.2xtreme.net. ns2.2xtreme.net.
soa @ns1.2xtreme.net. for 2xtreme.net. serial:
ERROR: no SOA record for 2xtreme.net. from ns1.2xtreme.net.
dig: Couldn't find server 'ns2.2xtreme.net.': Name or service not known
DIGERR (FORMAT_ERROR): dig @ns2.2xtreme.net. for SOA of 2xtreme.net.
failed
SYSerr: No servers for 2xtreme.net. returned SOAs ...
Summary:
YIKES: doc aborted while testing 2xtreme.net. parent net.
ERRORS found for 2xtreme.net. (count: 1)
Incomplete test for 2xtreme.net. (2)
Done testing 2xtreme.net. Fri Jul 13 22:15:34 EDT 2001
'sendmail' (depending upon how it is configured) is getting rather
particular about how domain name servers reply to its requests. Getting
non-authorative replies from what should be authoritative servers is one
thing that will cause it (sendmail) to defer relay.
Given the poor state of DNS management (see the DNS Health Survey at
http://www.menandmice.com/6000/61_recent_survey.html?DHS0501), it is not
surprising that there are many interment email relay problems. Novice
sendmail (and exchange) admins think it is their problem, when more
often than not deferred mail is a DNS (or possibly a network/routing)
problem.
Regards,
Jim
More information about the bind-users
mailing list