Loading ...
Sorry, an error occurred while loading the content.

DNS issue

Expand Messages
  • Howe, Paul H
    I m having problems delivering to bsfllp.com. Since there is an MX defined, why is postfix having problems delivering? Postfix says: Mar 14 15:43:00 j1xsas06
    Message 1 of 8 , Mar 14, 2006
    • 0 Attachment
      I'm having problems delivering to bsfllp.com. Since there is an MX
      defined, why is postfix having problems delivering?

      Postfix says:

      Mar 14 15:43:00 j1xsas06 postfix/smtp[18109]: [ID 197553 mail.info]
      45CCD255: to=<JD
      envir@...>, relay=none, delay=17342, status=deferred (Name
      service error for
      name=bsfllp.com type=MX: Host not found, try again)

      Nslookup from the postfix server says:

      > set type=mx
      > BSFLLP.com
      Server: j1xsas05
      Address: 0.0.0.0

      Non-authoritative answer:
      BSFLLP.com preference = 10, mail exchanger = mail5.BSFLLP.com
      BSFLLP.com preference = 15, mail exchanger = mail.BSFLLP.com
      BSFLLP.com preference = 5, mail exchanger = mail4.BSFLLP.com

      Authoritative answers can be found from:
      BSFLLP.com nameserver = ns1.aslan.net
      BSFLLP.com nameserver = ns1.BSFLLP.com
      mail5.BSFLLP.com internet address = 65.121.224.13
      mail.BSFLLP.com internet address = 65.121.227.25
      mail4.BSFLLP.com internet address = 65.121.225.140
      ns1.aslan.net internet address = 208.28.44.2
      ns1.BSFLLP.com internet address = 65.121.224.62

      A test mail via DNSstuff.com works:

      http://www.dnsstuff.com/tools/mail.ch?domain=postmaster@...
      Trying to connect to all mailservers:

      mail4.bsfllp.com. - 65.121.225.140 [Successful connect: Got a good
      response [250 2.1.5 postmaster@... ]] (took 6.140 seconds)
      mail5.bsfllp.com. - 65.121.224.13 [Successful connect: Got a good
      response [250 2.1.5 postmaster@... ]] (took 0.500 seconds)
      mail.bsfllp.com. - 65.121.227.25 [Could not connect: Could not
      connect to mail server (timed out).]
      [Note that if your mailserver takes over 30 seconds to respond, our
      test will timeout, even though real mailservers will wait longer]
    • Wietse Venema
      ... http://www.postfix.org/DEBUG_README.html#no_chroot and other suggestins in that same document. Wietse
      Message 2 of 8 , Mar 14, 2006
      • 0 Attachment
        Howe, Paul H:
        > I'm having problems delivering to bsfllp.com. Since there is an MX
        > defined, why is postfix having problems delivering?

        http://www.postfix.org/DEBUG_README.html#no_chroot

        and other suggestins in that same document.

        Wietse
      • Howe, Paul H
        I m not chroot, and it is intermittent. ... From: Wietse Venema [mailto:wietse@porcupine.org] Sent: Tuesday, March 14, 2006 4:29 PM To: Howe, Paul H Cc:
        Message 3 of 8 , Mar 14, 2006
        • 0 Attachment
          I'm not chroot, and it is intermittent.

          -----Original Message-----
          From: Wietse Venema [mailto:wietse@...]
          Sent: Tuesday, March 14, 2006 4:29 PM
          To: Howe, Paul H
          Cc: postfix-users@...
          Subject: Re: DNS issue


          Howe, Paul H:
          > I'm having problems delivering to bsfllp.com. Since there is an MX
          > defined, why is postfix having problems delivering?

          http://www.postfix.org/DEBUG_README.html#no_chroot

          and other suggestins in that same document.

          Wietse
        • Howe, Paul H
          ... From: Howe, Paul H Sent: Tuesday, March 14, 2006 4:34 PM To: Wietse Venema Cc: postfix-users@postfix.org Subject: RE: DNS issue I m not chroot, and it is
          Message 4 of 8 , Mar 14, 2006
          • 0 Attachment
            -----Original Message-----
            From: Howe, Paul H
            Sent: Tuesday, March 14, 2006 4:34 PM
            To: 'Wietse Venema'
            Cc: postfix-users@...
            Subject: RE: DNS issue


            I'm not chroot, and it is intermittent.

            -----Original Message-----
            From: Wietse Venema [mailto:wietse@...]
            Sent: Tuesday, March 14, 2006 4:29 PM
            To: Howe, Paul H
            Cc: postfix-users@...
            Subject: Re: DNS issue


            Howe, Paul H:
            > I'm having problems delivering to bsfllp.com. Since there is an MX
            > defined, why is postfix having problems delivering?

            http://www.postfix.org/DEBUG_README.html#no_chroot

            and other suggestins in that same document.

            Wietse
          • Wietse Venema
            ... Prove it. Show logs. Wietse
            Message 5 of 8 , Mar 14, 2006
            • 0 Attachment
              Howe, Paul H:
              > I'm not chroot, and it is intermittent.

              Prove it. Show logs.

              Wietse

              > -----Original Message-----
              > From: Wietse Venema [mailto:wietse@...]
              > Sent: Tuesday, March 14, 2006 4:29 PM
              > To: Howe, Paul H
              > Cc: postfix-users@...
              > Subject: Re: DNS issue
              >
              >
              > Howe, Paul H:
              > > I'm having problems delivering to bsfllp.com. Since there is an MX
              > > defined, why is postfix having problems delivering?
              >
              > http://www.postfix.org/DEBUG_README.html#no_chroot
              >
              > and other suggestins in that same document.
              >
              > Wietse
              >
              >
            • Scott Muller
              ... Also, what about a local DNS cache ?? What is DNS performance like from the server, are the other network issues ?? -- Scott Muller
              Message 6 of 8 , Mar 14, 2006
              • 0 Attachment
                Wietse Venema wrote:
                > Howe, Paul H:
                >> I'm not chroot, and it is intermittent.
                >
                > Prove it. Show logs.
                >
                > Wietse
                >

                Also, what about a local DNS cache ??
                What is DNS performance like from the server, are the
                other network issues ??


                --

                Scott Muller
                smuller@...
              • Ralf Hildebrandt
                I m seeing a DNS problem I cannot fathom: # host 65.171.152.29 Host 29.152.171.65.in-addr.arpa not found: 2(SERVFAIL) Hm. So who s authoritative? # host -t ns
                Message 7 of 8 , Nov 29, 2012
                • 0 Attachment
                  I'm seeing a DNS problem I cannot fathom:

                  # host 65.171.152.29
                  Host 29.152.171.65.in-addr.arpa not found: 2(SERVFAIL)

                  Hm. So who's authoritative?

                  # host -t ns 171.65.in-addr.arpa
                  171.65.in-addr.arpa name server ns1-auth.sprintlink.net.
                  171.65.in-addr.arpa name server ns3-auth.sprintlink.net.
                  171.65.in-addr.arpa name server ns2-auth.sprintlink.net.

                  Asking those yields:

                  # dig @.... 29.152.171.65.in-addr.arpa
                  ;; QUESTION SECTION:
                  ;29.152.171.65.in-addr.arpa. IN A

                  ;; ANSWER SECTION:
                  29.152.171.65.in-addr.arpa. 86400 IN CNAME 65.171.152.29.cust.bosto3.sprintlink.net.

                  # dig @.... 29.152.171.65.in-addr.arpa
                  ;; QUESTION SECTION:
                  ;29.152.171.65.in-addr.arpa. IN A

                  ;; ANSWER SECTION:
                  29.152.171.65.in-addr.arpa. 86400 IN CNAME 65.171.152.29.cust.bosto3.sprintlink.net.

                  # dig @.... 29.152.171.65.in-addr.arpa
                  ;; QUESTION SECTION:
                  ;29.152.171.65.in-addr.arpa. IN A

                  ;; ANSWER SECTION:
                  29.152.171.65.in-addr.arpa. 86400 IN CNAME 65.171.152.29.cust.bosto3.sprintlink.net.

                  But why am I getting a SERVFAIL?

                  # host 65.171.152.29.cust.bosto3.sprintlink.net.
                  Host 65.171.152.29.cust.bosto3.sprintlink.net not found: 2(SERVFAIL)

                  # host -t ns 65.171.152.29.cust.bosto3.sprintlink.net.
                  Host 65.171.152.29.cust.bosto3.sprintlink.net not found: 2(SERVFAIL)
                  # host -t ns 171.152.29.cust.bosto3.sprintlink.net.
                  Host 171.152.29.cust.bosto3.sprintlink.net not found: 2(SERVFAIL)
                  # host -t ns 152.29.cust.bosto3.sprintlink.net.
                  Host 152.29.cust.bosto3.sprintlink.net not found: 2(SERVFAIL)
                  # host -t ns 29.cust.bosto3.sprintlink.net.
                  Host 29.cust.bosto3.sprintlink.net not found: 2(SERVFAIL)
                  # host -t ns cust.bosto3.sprintlink.net.
                  Host cust.bosto3.sprintlink.net not found: 2(SERVFAIL)

                  Huh?

                  # host -t ns bosto3.sprintlink.net.
                  Host bosto3.sprintlink.net not found: 2(SERVFAIL)
                  # host -t ns sprintlink.net.
                  sprintlink.net name server ns2-auth.sprintlink.net.
                  sprintlink.net name server ns3-auth.sprintlink.net.
                  sprintlink.net name server ns1-auth.sprintlink.net.

                  Ah!

                  # dig @.... 65.171.152.29.cust.bosto3.sprintlink.net.

                  ;; QUESTION SECTION:
                  ;65.171.152.29.cust.bosto3.sprintlink.net. IN A

                  ;; AUTHORITY SECTION:
                  cust.bosto3.sprintlink.net. 7200 IN SOA ns1-auth.sprintlink.net. dns-admin.sprint.net. 2006080301 43200 3600 2419200 7200


                  # dig @....
                  65.171.152.29.cust.bosto3.sprintlink.net.

                  ;; QUESTION SECTION:
                  ;65.171.152.29.cust.bosto3.sprintlink.net. IN A

                  ;; AUTHORITY SECTION:
                  cust.bosto3.sprintlink.net. 7200 INSOAns1-auth.sprintlink.net.
                  dns-admin.sprint.net. 2006080301 43200 3600 2419200 7200

                  # dig @.... 65.171.152.29.cust.bosto3.sprintlink.net.

                  ;; QUESTION SECTION:
                  ;65.171.152.29.cust.bosto3.sprintlink.net. IN A

                  ;; AUTHORITY SECTION:
                  cust.bosto3.sprintlink.net. 7200 IN SOA ns1-auth.sprintlink.net. dns-admin.sprint.net. 2006080301 43200 3600 2419200 7200
                • Jim Reid
                  ... Well, there s part of your problem right there. Never, ever use host or nslookup to query the DNS. Use dig. [Or drill if you re into debugging DNSSEC.]
                  Message 8 of 8 , Nov 29, 2012
                  • 0 Attachment
                    On 29 Nov 2012, at 10:49, Ralf Hildebrandt <r@...> wrote:

                    > I'm seeing a DNS problem I cannot fathom:
                    >
                    > # host 65.171.152.29

                    Well, there's part of your problem right there. Never, ever use host or nslookup to query the DNS. Use dig. [Or drill if you're into debugging DNSSEC.] Accept no substitutes. dig shows you what's actually in the DNS packets. host and nslookup don't/can't do that. Which mean they're mostly useless for DNS debugging. In some cases, nslookup is actually a hindrance.

                    Too bad you edited out the dig output which showed the DNS header info. That would have shown the aa bit (Authoritative Answer) wasn't set on replies that should have had this. BTW, a dig +trace is an easy way of finding where a DNS delegation is broken. It uses the same resolving code BIND9 uses, so this pretty much mimics what your name server would be doing.

                    RFC2317-style delegation is being used for the reverse DNS entry for this IP address. 29.152.171.65.in-addr.arpa is a CNAME which points at 65.171.152.29.cust.bosto3.sprintlink.net.
                    However the delegation for cust.bosto3.sprintlink.net was broken. None of the name servers it's delegated to were answering authoritatively for that zone. This is why you got SERVFAILs. Your resolving name server was saying "I give up on this lookup because something is badly broken".

                    Something or someone at sprintlink.net has goofed. It looks to have been a transient error because the name servers in question are now behaving properly. I re-checked the sprintlink servers just before posting this and found that the broken delegation had been repaired.

                    You may want to flush the cache and/or restart your resolving name server to get rid of its memory of the SERVFAILs instead of waiting for that to expire from the cache.
                  Your message has been successfully submitted and would be delivered to recipients shortly.