sendmail/bind question

ed plate eplate at excite.com
Wed Oct 29 22:53:17 UTC 2003 

Hello everyone:

I've run into a weird problem and I can't say whether it's a bind
problem or a sendmail problem.

Here are the facts: We're running bind 8.1.2 and sendmail 8.9.3 on
Solaris 7. I know these are old versions but it's what I have to use
right now. :-(

As near as I can tell, we're not having a systemic DNS or sendmail
problem. Most mail is getting sent and delivered.

But, we can't send email to a company named 'graniteinvestment.com'. I
get a host map lookup deferred in the mailq. The message stays that
way until it gets removed from the queue by old age. All of this is
fairly normal.

Thinking they might be having a problem, I used my webmail accounts to
send test messages to them. I got bounce messages from their server
right away. So it looks like their server is OK.

Now for the weird part: if I go to our bind/sendmail server, run
nslookup, set my server to GraniteInvestment.com's name server,
ns1.dns-root.com, set type=mx, I get the mx record. If I then exit
nslookup and run the mail queue with

/usr/lib/sendmail -v -qR at graniteinvestment.com

the mail gets delivered from our queue. For 10 minutes it gets
delivered. After the ten minutes are up, I'm back to mail not getting
delivered again.

The only thing I've noticed is the ttl for the domain
'graniteinvestment.com' has a longer ttl than the mx record itself.
Here's the dig output for ANY and MX:

; <<>> DiG 2.1 <<>> @ns1.dns-root.com graniteinvestment.com ANY  
; (1 server found) 
;; res options: init recurs defnam dnsrch 
;; got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 
;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2 
;; QUESTIONS: 
;; graniteinvestment.com, type = ANY, class = IN 
 
;; ANSWERS: 
graniteinvestment.com. 168395 NS ns1.root-dns.com.  
graniteinvestment.com. 168395 NS ns2.root-dns.com.  
 
;; AUTHORITY RECORDS: 
graniteinvestment.com. 168395 NS ns1.root-dns.com.  
graniteinvestment.com. 168395 NS ns2.root-dns.com.  
 
;; ADDITIONAL RECORDS: 
ns1.root-dns.com. 168395 A 64.7.210.2  
ns2.root-dns.com. 168395 A 64.7.210.3  
 
;; Total query time: 2 msec 
;; FROM: us.mirror.menandmice.com to SERVER: default -- 0.0.0.0 
;; WHEN: Tue Oct 28 16:15:17 2003 
;; MSG SIZE sent: 39 rcvd: 144 

================================================
 
; <<>> DiG 2.1 <<>> @ns1.dns-root.com graniteinvestment.com MX  
; (1 server found) 
;; res options: init recurs defnam dnsrch 
;; got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 
;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 0, Addit: 1 
;; QUESTIONS: 
;; graniteinvestment.com, type = MX, class = IN 
 
;; ANSWERS: 
graniteinvestment.com. 600 MX 100 Exchange.GraniteInvestment.com.  
 
;; ADDITIONAL RECORDS: 
Exchange.GraniteInvestment.com. 600 A 66.127.136.68  
 
;; Total query time: 28 msec 
;; FROM: us.mirror.menandmice.com to SERVER: default -- 0.0.0.0 
;; WHEN: Tue Oct 28 15:02:16 2003 
;; MSG SIZE sent: 39 rcvd: 152 

As you can see the mx record only has a ttl of 600 but the domain
itself has a ttl significantly longer. Perhaps this is just a blind
alley but the fact mail will be delivered for the 10 minutes of the
ttl is suspicious.

I've run sendmail in debug mode using -d8.20 and it doesn't even ask
for an MX record when it's not delivering mail. Any ideas where I can
look?

TIA

Ed Plate
eplate at excite.com

More information about the bind-users mailing list