[geeks] speaking of proper setup..

Greg A. Woods woods at weird.com
Thu Mar 14 21:11:45 CST 2002 

[ On Thursday, March 14, 2002 at 20:09:44 (-0600), Bill Bradford wrote: ]
> Subject: [geeks] speaking of proper setup..
>
> No MX record for ohno.mrbill.net?  Strange..
> 
> bash-2.03$ dig mrbill.net mx
> <snip>
> 
> ;; ANSWER SECTION:
> mrbill.net.             86400   IN      MX      0 ohno.mrbill.net.
> ;; ADDITIONAL SECTION:
> ohno.mrbill.net.        86400   IN      A       207.200.6.75


One of the most important things a DNS administrator must learn to do
when debugging DNS problems is to query not just some local
authoritative nameserver, but also other caching (recursive) nameservers
to be sure they can fetch the desired answers from the authoritative
nameserver (and to do so more than once if you suspect the parent zone
has a different list of NS records than those found within the zone on
an authoritative nameserver).

Turns out that because 'ohno.mrbill.net' is not just a mail server name,
but also the name of an NS record, my nameserver had cached an older set
of records for that name and due to quirks in the way resolvers work, it
doesn't have to go looking for more records when it already has what it
thinks are all the relevant records.

	$ host -v -t mx ohno.mrbill.net most                
	Server: most.weird.com
	Address: 204.92.254.2
	
	Query about ohno.mrbill.net for record types MX
	Trying ohno.mrbill.net ...
	Query for MX records failed, 0 answers, status: no error
	Authority information:
	mrbill.net              1336    IN      SOA     ohno.mrbill.net hostmaster.mrbill.net (
	                        2001060128      ;serial number (version)
	                        10800   ;slave refresh period (3 hours)
	                        3600    ;slave retry interval (1 hour)
	                        604800  ;slave expire time (1 week)
	                        86400   ;negative response ttl (1 day)
	                        )
	ohno.mrbill.net MX record currently not present at most.weird.com

What's really curious is why you changed your zone very recently without
following your own SOA serial numbering scheme.  You'll see above that
my nameserver has a copy of the SOA for 'mrbill.net' with the serial
number 2001060128.  That named process has only been running for a bit
over a week, so there's no way it could have cached information from
last year:

	$ ps -auxc | fgrep named
	dns      27857  0.4  0.3  6864  200 ??  SNs   3Mar02  324:05.84 named

Meanwhile if I query your nameserver directly for the SOA I see a "new"
serial number:

	$ host -v -t soa mrbill.net ohno.mrbill.net
	Server: ohno.mrbill.net
	Address: 207.200.6.75
	
	Query about mrbill.net for record types SOA
	Trying mrbill.net ...
	Query for SOA records done, 1 answer, authoritative, status: no error
	mrbill.net              86400   IN      SOA     ohno.mrbill.net hostmaster.mrbill.net (
	                        2001060130      ;serial number (version)
	                        10800   ;slave refresh period (3 hours)
	                        3600    ;slave retry interval (1 hour)
	                        604800  ;slave expire time (1 week)
	                        86400   ;negative response ttl (1 day)
	                        )
	Authority information:
	mrbill.net              86400   IN      NS      davidoff.sunsam.net
	mrbill.net              86400   IN      NS      ohno.mrbill.net
	Additional information:
	ohno.mrbill.net         86400   IN      A       207.200.6.75
	davidoff.sunsam.net     83763   IN      A       207.200.4.46

I don't know if you've tried to fake out the SOA to make it look like
you haven't changed it in a very long time or whether you've just given
up on changing the number to make it look like a date, or if you're now
using software to generate your zone files and it's just incrementing
the number it found.  In any case it would seem you did make a change to
your DNS within the last day.

It seems that if I restart my nameserver to ensure it has a clean cache
and must therefore re-fetch any records for your zone, it has no trouble
giving an answer equivalent to the one you show above, pretty much
proving you made a change within the last day which may have included
adding this record:

	$ host -t mx mrbill.net most    
	mrbill.net              MX      0 ohno.mrbill.net

> Oh, he IS really anal, he wants MX for EACH AND EVERY HOST!

Nope -- you've mis-interpreted what you've seen so far of my mailer's
behaviour.

What in fact my mailer requires is that there be an MX for the domain
name used in the SMTP envelope sender address.  It's done this for many
years now, actually.  If I'm not mistaken AOL still have a similar
requirement, and if not now then they sure did once upon a time.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods at acm.org>;  <g.a.woods at ieee.org>;  <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>

More information about the geeks mailing list