I posted this to the postfix users list:
One of my users had problems receiving from Yahoo a couple days ago. The sender
(in FLA) got this:
>> From: "mailer-dae...@yahoo.com" <mailer-dae...@yahoo.com>
>> To: xx...@yahoo.com
>> Sent: Sun, March 7, 2010 5:51:09 PM
>> Subject: failure notice
>>
>> Hi. This is the qmail-send program at yahoo.com.
>> I'm afraid I wasn't able to deliver your message to the following addresses.
>> This is a permanent error; I've given up. Sorry it didn't work out.
>>
>> <xx...@slsware.com>:
>> CNAME lookup failed temporarily. (#4.4.3)
>> I'm not going to try again; this message has been in the queue too long.
I got responses saying that the problem was that my DNS ignores
'dig @ns1.slsware.com -t any slsware.com' (or 'dig +trace -t any slsware.com')
and indeed it does, from outside. From inside it's fine, and '-t MX' works from
anywhere. Yahoo's MTA (qmail) does T_ANY lookups, so it thinks there's nobody
home at my nameserver. But I can't get anybody over on the postfix list to
suggest what might be wrong. I spent the morning with google, and couldn't find
anything that looked like it might be the answer.
The obvious answer is firewalling, but I don't think that's it. A query from
inside goes through the same PIX firewall as would a query from outside; the
pix is configured "no fixup protocol dns"; I don't think IOS in the router
knows anything about what type of DNS query is coming in; and the same query to
the other nameserver ('dig @ns1.richeyrentals.com -t any slsware.com') also
fails. That one's also behind a PIX, but has a non-IOS router.
Both servers are Debian lenny, 'named -v' says BIND 9.5.1-P3, and bind's config
check says it's OK. But it has nothing to do with any of that, I think, because
the query works from inside.
Any ideas?
--
Glenn English
g...@slsware.com
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
