bind/sendmail resolving.. (NXDOMAIN)

Howard Leadmon howard at leadmon.net
Fri Sep 20 23:30:50 UTC 2013 

 Many thanks Mark, I was staring at this scratching my head, but that made
it very clear, and I will pass this along.   Glad to see it's not something
I botched up on my side..


---
Howard Leadmon 


> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]
> Sent: Friday, September 20, 2013 7:28 PM
> To: Howard Leadmon
> Cc: bind-users at isc.org; domain at paninigroup.com
> Subject: Re: bind/sendmail resolving.. (NXDOMAIN)
> 
> 
> In message <021501ceb653$ede37250$c9aa56f0$@leadmon.net>, "Howard
> Leadmon" writ
> es:
> >   This is probably easier than I am making it, but my googlefu seems to
be
> > failing me at the moment when I look around.   I  handle a batch of
FreeBSD
> > servers running sendmail, and I am having a site that is trying to
deliver
> > mail being rejected, but they swear their DNS is right, so I am not sure
if
> > we have an issue, or they do.
> >
> >  I am seeing sendmail rejects like this:
> >
> > Sep 20 14:45:59 mail3 mail3-smtp[15388]: r8JE8kQg099367:
> > to=<jmeteyard at panini.co.uk>, delay=1+04:37:10, xdelay=00:00:31,
> > mailer=esmtp, pri=5259883, relay=smtp2.panini.co.uk., dsn=4.0.0,
> > stat=Deferred: Name server: smtp2.panini.co.uk.: host name lookup
failure
> >
> >
> >  If I take and run a host lookup, I get a response like this:
> >
> > $ host panini.co.uk
> > panini.co.uk mail is handled by 10 smtp.panini.co.uk.
> > panini.co.uk mail is handled by 20 smtp2.panini.co.uk.
> >
> >
> > Now if I try that on any of the hosts that should accept the mail, I
see:
> >
> > $ host smtp.panini.co.uk
> > smtp.panini.co.uk is an alias for smtp.panini.it.
> > smtp.panini.it has address 151.12.160.24
> > Host smtp.panini.it not found: 3(NXDOMAIN)
> >
> > $ host smtp2.panini.co.uk
> > smtp2.panini.co.uk is an alias for smtp2.panini.it.
> > smtp2.panini.it has address 151.12.160.30
> > Host smtp2.panini.it not found: 3(NXDOMAIN)
> 
> Firstly MX records are not supposed to point to CNAME records.  The
> MX records need to be updated.
> 
> >  So I get the IP address returned, but then an NXDOMAIN that follows.
I
> do
> > have the BrokenAAAA config option in my sendmail, so know it's not that,
> or
> > I don't think so.    Yet if I do a dig on the hosts, they seem to come
back
> > with an IP address as expected, and shown above.
> >
> >  So if anyone can offer a clue on this, it would be appreciated..
> 
> Secondly and more importantly they have a misconfigured load balancer
> that is returning bad answers.  The last answer to "dig +trace
> smtp2.panini.it aaaa" should be "smtp2.panini.it. 86400 IN SOA
> paninirad1.panini.it. administrator.panini.it".
> 
> Note the SOA record needs to be from the zone delegated (smtp2.panini.it)
> to the load balancer.
> 
> They need to contact their load balancer vendor for proper instructions
> on how to configure it.
> 
> Mark
> 
> % dig +trace smtp2.panini.it aaaa
> 
> ; <<>> DiG 9.10.0a1 <<>> +trace smtp2.panini.it aaaa
> ;; global options: +cmd
> .			518400	IN	NS	f.root-servers.net.
> .			518400	IN	NS	c.root-servers.net.
> .			518400	IN	NS	k.root-servers.net.
> .			518400	IN	NS	d.root-servers.net.
> .			518400	IN	NS	l.root-servers.net.
> .			518400	IN	NS	i.root-servers.net.
> .			518400	IN	NS	h.root-servers.net.
> .			518400	IN	NS	b.root-servers.net.
> .			518400	IN	NS	e.root-servers.net.
> .			518400	IN	NS	m.root-servers.net.
> .			518400	IN	NS	g.root-servers.net.
> .			518400	IN	NS	a.root-servers.net.
> .			518400	IN	NS	j.root-servers.net.
> .			518400	IN	RRSIG	NS 8 0 518400
> 20130927000000 20130919230000 49656 .
> U9k2KFpbNYnY4EfyKzla26XbharLoAQtkQG02oq3aHVnM3OlLp6lmBdT
> wgMDcShAQJxIk50krHlIuoyOGHHuJ56P6ubFiGBRU0V4OOt2/V8emJZx
> U6MRMDwDyTweZbfNZiiK20T5RVlUK/PLI3YbbcYxxtSCKzV2fThLxi3F /x4=
> ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
> 
> it.			172800	IN	NS	a.dns.it.
> it.			172800	IN	NS	c.dns.it.
> it.			172800	IN	NS	m.dns.it.
> it.			172800	IN	NS	r.dns.it.
> it.			172800	IN	NS	dns.nic.it.
> it.			172800	IN	NS	nameserver.cnr.it.
> it.			86400	IN	NSEC	je. NS RRSIG NSEC
> it.			86400	IN	RRSIG	NSEC 8 1 86400
> 20130927000000 20130919230000 49656 .
> A01ecU1p6o7U4le9Jh8F2aQ4fl9XdPFMcERxLf2cZ6aiHkKsZdQsHiwN
> eI/5VnC9N1sLgF9p8uD7H8adMjC/EFHDK/kXmbpJNps9Hi/VdYa846He
> tu4iYxmQpaq0SgIpCqsRSRk0TjnL0l0B/VZueZREvpEQND6Zjjys7Zow ZvE=
> ;; Received 610 bytes from 128.63.2.53#53(h.root-servers.net) in 352 ms
> 
> panini.it.		10800	IN	NS	dns1.quadrante.com.
> panini.it.		10800	IN	NS	dns2.quadrante.com.
> ;; Received 108 bytes from 2001:678:4::16#53(c.dns.it) in 200 ms
> 
> smtp2.panini.it.	3600	IN	NS	paninirad3.panini.it.
> smtp2.panini.it.	3600	IN	NS	paninirad2.panini.it.
> smtp2.panini.it.	3600	IN	NS	paninirad1.panini.it.
> ;; Received 167 bytes from 83.103.76.83#53(dns2.quadrante.com) in 410 ms
> 
> panini.it.		86400	IN	SOA	panini.it.
> administrator.panini.it. 998545544 28800 7200 604800 86400
> ^^^^^^^^^^ is WRONG!!!!!!!!!!!
> ;; Received 110 bytes from 83.216.164.178#53(paninirad3.panini.it) in 341
ms
> 
> %
> 
> 
> > ---
> > Howard Leadmon
> >
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe
> >  from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list