Many thanks Mark, I was staring at this scratching my head, but that made it very clear, and I will pass this along. Glad to see it's not something I botched up on my side..
--- Howard Leadmon > -----Original Message----- > From: Mark Andrews [mailto:ma...@isc.org] > Sent: Friday, September 20, 2013 7:28 PM > To: Howard Leadmon > Cc: bind-us...@isc.org; dom...@paninigroup.com > Subject: Re: bind/sendmail resolving.. (NXDOMAIN) > > > In message <021501ceb653$ede37250$c9aa56f0$@leadmon.net>, "Howard > Leadmon" writ > es: > > This is probably easier than I am making it, but my googlefu seems to be > > failing me at the moment when I look around. I handle a batch of FreeBSD > > servers running sendmail, and I am having a site that is trying to deliver > > mail being rejected, but they swear their DNS is right, so I am not sure if > > we have an issue, or they do. > > > > I am seeing sendmail rejects like this: > > > > Sep 20 14:45:59 mail3 mail3-smtp[15388]: r8JE8kQg099367: > > to=<jmetey...@panini.co.uk>, delay=1+04:37:10, xdelay=00:00:31, > > mailer=esmtp, pri=5259883, relay=smtp2.panini.co.uk., dsn=4.0.0, > > stat=Deferred: Name server: smtp2.panini.co.uk.: host name lookup failure > > > > > > If I take and run a host lookup, I get a response like this: > > > > $ host panini.co.uk > > panini.co.uk mail is handled by 10 smtp.panini.co.uk. > > panini.co.uk mail is handled by 20 smtp2.panini.co.uk. > > > > > > Now if I try that on any of the hosts that should accept the mail, I see: > > > > $ host smtp.panini.co.uk > > smtp.panini.co.uk is an alias for smtp.panini.it. > > smtp.panini.it has address 151.12.160.24 > > Host smtp.panini.it not found: 3(NXDOMAIN) > > > > $ host smtp2.panini.co.uk > > smtp2.panini.co.uk is an alias for smtp2.panini.it. > > smtp2.panini.it has address 151.12.160.30 > > Host smtp2.panini.it not found: 3(NXDOMAIN) > > Firstly MX records are not supposed to point to CNAME records. The > MX records need to be updated. > > > So I get the IP address returned, but then an NXDOMAIN that follows. I > do > > have the BrokenAAAA config option in my sendmail, so know it's not that, > or > > I don't think so. Yet if I do a dig on the hosts, they seem to come back > > with an IP address as expected, and shown above. > > > > So if anyone can offer a clue on this, it would be appreciated.. > > Secondly and more importantly they have a misconfigured load balancer > that is returning bad answers. The last answer to "dig +trace > smtp2.panini.it aaaa" should be "smtp2.panini.it. 86400 IN SOA > paninirad1.panini.it. administrator.panini.it". > > Note the SOA record needs to be from the zone delegated (smtp2.panini.it) > to the load balancer. > > They need to contact their load balancer vendor for proper instructions > on how to configure it. > > Mark > > % dig +trace smtp2.panini.it aaaa > > ; <<>> DiG 9.10.0a1 <<>> +trace smtp2.panini.it aaaa > ;; global options: +cmd > . 518400 IN NS f.root-servers.net. > . 518400 IN NS c.root-servers.net. > . 518400 IN NS k.root-servers.net. > . 518400 IN NS d.root-servers.net. > . 518400 IN NS l.root-servers.net. > . 518400 IN NS i.root-servers.net. > . 518400 IN NS h.root-servers.net. > . 518400 IN NS b.root-servers.net. > . 518400 IN NS e.root-servers.net. > . 518400 IN NS m.root-servers.net. > . 518400 IN NS g.root-servers.net. > . 518400 IN NS a.root-servers.net. > . 518400 IN NS j.root-servers.net. > . 518400 IN RRSIG NS 8 0 518400 > 20130927000000 20130919230000 49656 . > U9k2KFpbNYnY4EfyKzla26XbharLoAQtkQG02oq3aHVnM3OlLp6lmBdT > wgMDcShAQJxIk50krHlIuoyOGHHuJ56P6ubFiGBRU0V4OOt2/V8emJZx > U6MRMDwDyTweZbfNZiiK20T5RVlUK/PLI3YbbcYxxtSCKzV2fThLxi3F /x4= > ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms > > it. 172800 IN NS a.dns.it. > it. 172800 IN NS c.dns.it. > it. 172800 IN NS m.dns.it. > it. 172800 IN NS r.dns.it. > it. 172800 IN NS dns.nic.it. > it. 172800 IN NS nameserver.cnr.it. > it. 86400 IN NSEC je. NS RRSIG NSEC > it. 86400 IN RRSIG NSEC 8 1 86400 > 20130927000000 20130919230000 49656 . > A01ecU1p6o7U4le9Jh8F2aQ4fl9XdPFMcERxLf2cZ6aiHkKsZdQsHiwN > eI/5VnC9N1sLgF9p8uD7H8adMjC/EFHDK/kXmbpJNps9Hi/VdYa846He > tu4iYxmQpaq0SgIpCqsRSRk0TjnL0l0B/VZueZREvpEQND6Zjjys7Zow ZvE= > ;; Received 610 bytes from 128.63.2.53#53(h.root-servers.net) in 352 ms > > panini.it. 10800 IN NS dns1.quadrante.com. > panini.it. 10800 IN NS dns2.quadrante.com. > ;; Received 108 bytes from 2001:678:4::16#53(c.dns.it) in 200 ms > > smtp2.panini.it. 3600 IN NS paninirad3.panini.it. > smtp2.panini.it. 3600 IN NS paninirad2.panini.it. > smtp2.panini.it. 3600 IN NS paninirad1.panini.it. > ;; Received 167 bytes from 83.103.76.83#53(dns2.quadrante.com) in 410 ms > > panini.it. 86400 IN SOA panini.it. > administrator.panini.it. 998545544 28800 7200 604800 86400 > ^^^^^^^^^^ is WRONG!!!!!!!!!!! > ;; Received 110 bytes from 83.216.164.178#53(paninirad3.panini.it) in 341 ms > > % > > > > --- > > Howard Leadmon > > > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > > from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
