On Thu, May 14, 2009 at 10:43:54AM -0500, Eric wrote:
> I'm encountering a strange DNS / e-mail problem an a mail server
> running OpenBSD 4.3.
>
> Sometimes, DNS returns completely unexpected results. I get two
> completely different answers to the same DNS query with the incorrect
> answers being returned by the DNS server that is being used by the
> mail server.
It's not that strange.
d...@noc:~$ dig @dns1.name-services.com ruhl.in
; <<>> DiG 9.4.2-P2 <<>> @dns1.name-services.com ruhl.in
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6509
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ruhl.in. IN A
;; ANSWER SECTION:
ruhl.in. 1800 IN CNAME ghs.google.com.
;; Query time: 281 msec
;; SERVER: 98.124.192.1#53(98.124.192.1)
;; WHEN: Thu May 14 12:49:13 2009
;; MSG SIZE rcvd: 53
'ruhl.in' has a CNAME record. Technically, it shouldn't be advertising
any other records, but it is, and this is the source of the issue.
If your first query is for the MX record, then your resolver will cache
the the authoritative MX records from dnsN.name-services.com. If your
first query is for an A record or anything that will return and cache
the CNAME, then your resolver will cache that as the authoritative
answer and use that instead of making new MX queries.
##
## MX queried first (after flushing the cache)
##
d...@noc:~$ host -t mx ruhl.in # first query
ruhl.in mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 30 ALT2.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 40 ASPMX2.GOOGLEMAIL.COM.
ruhl.in mail is handled by 50 ASPMX3.GOOGLEMAIL.COM.
ruhl.in mail is handled by 10 ASPMX.L.GOOGLE.COM.
d...@noc:~$ host ruhl.in # second query
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
ghs.l.google.com has address 209.85.171.121
d...@noc:~$ host -t mx ruhl.in # cached
ruhl.in mail is handled by 50 ASPMX3.GOOGLEMAIL.COM.
ruhl.in mail is handled by 10 ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 30 ALT2.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 40 ASPMX2.GOOGLEMAIL.COM.
##
## MX queried second (after flushing the cache)
##
d...@noc:~$ host ruhl.in # first query
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
ghs.l.google.com has address 209.85.171.121
d...@noc:~$ host -t mx ruhl.in # second query
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
d...@noc:~$ host -t mx ruhl.in # cached
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
named-checkzone even complains if you setup a zone like this.
d...@noc:~$ cat example.txt
$TTL 1d
@ SOA noc.example.com. hostmaster.example.com. (
2009051400 ; serial
16384 ; refresh
2048 ; retry
1048576 ; expire
2560 ) ; minimum
@ NS ns1.example.com.
@ NS ns2.example.com.
@ CNAME ghs.google.com.
@ A 192.168.1.1
@ MX 10 mx0
@ MX 20 mx1
mx0 A 192.168.1.2
mx1 A 192.168.1.3
d...@noc:~$ named-checkzone example.com example.txt
dns_master_load: example.txt:17: example.com: CNAME and other data
dns_master_load: example.txt:17: example.com: CNAME and other data
dns_master_load: example.txt:17: example.com: CNAME and other data
zone example.com/IN: loading from master file example.txt failed: CNAME and
other data
For more info: http://www.zytrax.com/books/dns/ch8/cname.html
