Secondary DNS question...

John Miller johnmill at brandeis.edu
Fri Jun 21 03:49:58 UTC 2013 

Hi Jeff,

You've pointed out two separate problems (incoming e-mail not coming in &
outgoing e-mail not going out), so some more details about your environment
would probably be useful here:

- are you combining both authoritative and recursive DNS on the same
servers?
- Are you using different MXes for incoming and outgoing e-mail?
- How is name resolution configured on each? For example, are your MXes
running local caching NS?  Are they forwarding to another NS?  What's their
nameserver order?

Not sure if you're posting from the same domain that had the outage, so
won't make any assumptions there.

That said, some general info: outside MXes use authoritative DNS to send to
you; your incoming MX servers use recursive DNS to do any reverse lookups
on sender IPs, to query DNSBLs, and to get SPF/DKIM/DMARC info; outgoing
MXes use recursive DNS to find outside MXes.

John



On Thu, Jun 20, 2013 at 11:02 PM, SH Development <
listaccount at starionline.com> wrote:

> Our secondary DNS machine went down (and unnoticed for 24 hours).
>
> Today, we had multiple people calling about email that hadn't come in, and
> trouble with outgoing emails not going out.
>
> Our primary DNS was up the whole time.  So my question is, why would my
> secondary being down, and only my primary being up cause so many problems?
>  I thought the whole idea behind having two DNS servers on different
> networks was to never have a failure like this.
>
> My understanding was that when DNS is queried, the one that responds
> fastest is the information that is used.  If the secondary is down, then
> the primary would by default always be fastest (and only).
>
> I think I reasonably understand basic DNS and the setup, but this has me
> thinking that something isn't set up right.
>
> Can anyone shed any light on what might have happened here?  Could my
> primary not be responding as it should?  All the tests I have run on it
> show that it is responding normally.
>
> Jeff
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
John Miller
Systems Engineer
Brandeis University
johnmill at brandeis.edu
(781) 736-4619
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130620/bd4809b1/attachment-0001.html>

More information about the bind-users mailing list