In message <021501ceb653$ede37250$c9aa56f0$@leadmon.net>, "Howard Leadmon" writ es: > This is probably easier than I am making it, but my googlefu seems to be > failing me at the moment when I look around. I handle a batch of FreeBSD > servers running sendmail, and I am having a site that is trying to deliver > mail being rejected, but they swear their DNS is right, so I am not sure if > we have an issue, or they do. > > I am seeing sendmail rejects like this: > > Sep 20 14:45:59 mail3 mail3-smtp[15388]: r8JE8kQg099367: > to=<jmetey...@panini.co.uk>, delay=1+04:37:10, xdelay=00:00:31, > mailer=esmtp, pri=5259883, relay=smtp2.panini.co.uk., dsn=4.0.0, > stat=Deferred: Name server: smtp2.panini.co.uk.: host name lookup failure > > > If I take and run a host lookup, I get a response like this: > > $ host panini.co.uk > panini.co.uk mail is handled by 10 smtp.panini.co.uk. > panini.co.uk mail is handled by 20 smtp2.panini.co.uk. > > > Now if I try that on any of the hosts that should accept the mail, I see: > > $ host smtp.panini.co.uk > smtp.panini.co.uk is an alias for smtp.panini.it. > smtp.panini.it has address 151.12.160.24 > Host smtp.panini.it not found: 3(NXDOMAIN) > > $ host smtp2.panini.co.uk > smtp2.panini.co.uk is an alias for smtp2.panini.it. > smtp2.panini.it has address 151.12.160.30 > Host smtp2.panini.it not found: 3(NXDOMAIN)
Firstly MX records are not supposed to point to CNAME records. The MX records need to be updated. > So I get the IP address returned, but then an NXDOMAIN that follows. I do > have the BrokenAAAA config option in my sendmail, so know it's not that, or > I don't think so. Yet if I do a dig on the hosts, they seem to come back > with an IP address as expected, and shown above. > > So if anyone can offer a clue on this, it would be appreciated.. Secondly and more importantly they have a misconfigured load balancer that is returning bad answers. The last answer to "dig +trace smtp2.panini.it aaaa" should be "smtp2.panini.it. 86400 IN SOA paninirad1.panini.it. administrator.panini.it". Note the SOA record needs to be from the zone delegated (smtp2.panini.it) to the load balancer. They need to contact their load balancer vendor for proper instructions on how to configure it. Mark % dig +trace smtp2.panini.it aaaa ; <<>> DiG 9.10.0a1 <<>> +trace smtp2.panini.it aaaa ;; global options: +cmd . 518400 IN NS f.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN RRSIG NS 8 0 518400 20130927000000 20130919230000 49656 . U9k2KFpbNYnY4EfyKzla26XbharLoAQtkQG02oq3aHVnM3OlLp6lmBdT wgMDcShAQJxIk50krHlIuoyOGHHuJ56P6ubFiGBRU0V4OOt2/V8emJZx U6MRMDwDyTweZbfNZiiK20T5RVlUK/PLI3YbbcYxxtSCKzV2fThLxi3F /x4= ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms it. 172800 IN NS a.dns.it. it. 172800 IN NS c.dns.it. it. 172800 IN NS m.dns.it. it. 172800 IN NS r.dns.it. it. 172800 IN NS dns.nic.it. it. 172800 IN NS nameserver.cnr.it. it. 86400 IN NSEC je. NS RRSIG NSEC it. 86400 IN RRSIG NSEC 8 1 86400 20130927000000 20130919230000 49656 . A01ecU1p6o7U4le9Jh8F2aQ4fl9XdPFMcERxLf2cZ6aiHkKsZdQsHiwN eI/5VnC9N1sLgF9p8uD7H8adMjC/EFHDK/kXmbpJNps9Hi/VdYa846He tu4iYxmQpaq0SgIpCqsRSRk0TjnL0l0B/VZueZREvpEQND6Zjjys7Zow ZvE= ;; Received 610 bytes from 128.63.2.53#53(h.root-servers.net) in 352 ms panini.it. 10800 IN NS dns1.quadrante.com. panini.it. 10800 IN NS dns2.quadrante.com. ;; Received 108 bytes from 2001:678:4::16#53(c.dns.it) in 200 ms smtp2.panini.it. 3600 IN NS paninirad3.panini.it. smtp2.panini.it. 3600 IN NS paninirad2.panini.it. smtp2.panini.it. 3600 IN NS paninirad1.panini.it. ;; Received 167 bytes from 83.103.76.83#53(dns2.quadrante.com) in 410 ms panini.it. 86400 IN SOA panini.it. administrator.panini.it. 998545544 28800 7200 604800 86400 ^^^^^^^^^^ is WRONG!!!!!!!!!!! ;; Received 110 bytes from 83.216.164.178#53(paninirad3.panini.it) in 341 ms % > --- > Howard Leadmon > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
