kaze on 30 Jul 2004 06:08:04 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] BIND zone oddity causing SendMail 451 Name server timeout errors?


Have fine long working BIND servers; have fine long working domain which
sends and receives email - referred to below as example.com.

Recently needed to rush add another domain to host their email (and DNS).
Many annoying and weird things happening with email to and from this new
(temporarily) hosted domain, one being _some_ servers sending to it get
error "451 example.com: Name server timeout". This is the most useful thing
I think I found so far:
http://www.ntmail.co.uk/support/user_groups/discuss/message.htm?ID=274 Yes,
the reverse lookup for hostedexample.com does not match as hostedexample.com
basically CNAMEs to example.com, which in tern has a valid reverse lookup.
(Hope this is not to dense due to the late night post.)

Question: I know many mailserver do reverse lookups on incoming email to
thwart spam, but do they also do it as part of the outgoing mail DNS lookup?

Below are the bulks of the example.com.zone and hostedexample.com.zone
files. (Just removed higher MX value records and some misc www sites.) (I
can send the real zone files off-list, just don't want them on the archive
forever...) (Note also that the IPs are while they look strange are right as
Cisco NAT NATs them to real routable IPs.)

Question: Is there a better way I should structure my DNS to smooth
everything out?

For example would I be better server to have hostedexample.com's MX be
email.example.com. instead of email.hostedexample.com.? Should I just
dedicate an additional IP address on the mail server for
email.hostedexample.com. so it can have it's own reverse lookup and be
totally separate? The reason I did it this way was to try to avoid having
hostedexample.com's email's headers show example.com.

- Zake


[root@ns3 named]# cat example.com.zone
$TTL 86400
@       IN      SOA     ns3.example.com.  dnsadmin.example.com. (
                        2004072201 ; serial
                        28800 ; refresh
                        7200 ; retry
                        604800 ; expire
                        86400 ; ttl
                        )

        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.
        IN      NS      ns3.example.com.

@       IN      MX      10      email.example.com.

@       IN      A       10.1.1.51

email   IN      A       10.1.1.53

ns1     IN      A       10.10.10.211
ns2     IN      A       10.10.10.212
ns3     IN      A       10.10.10.213

www     IN      CNAME   example.com.
ftp     IN      CNAME   example.com.

smtp    IN      CNAME   email.example.com.
pop     IN      CNAME   email.example.com.
imap    IN      CNAME   email.example.com.
webmail IN      CNAME   email.example.com.


[root@ns3 named]# cat hostedexample.com.zone
$TTL 86400
@       IN      SOA     ns3.example.com.  dnsadmin.example.com. (
                        2004071901 ; serial
                        28800 ; refresh
                        7200 ; retry
                        604800 ; expire
                        86400 ; ttl
                        )


        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.
        IN      NS      ns3.example.com.

@       IN      MX      10      email.hostedexample.com.

@       IN      A       10.1.1.22

email   IN      A       10.1.1.53
webmail IN      CNAME   email.hostedexample.com.
imap    IN      CNAME   email.hostedexample.com.
smtp    IN      CNAME   email.hostedexample.com.

www     IN      CNAME   hostedexample.com.


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug