Re: [PLUG] eMail Delivery/Domain Name Problem

[Darren Nickerson <darren.nickerson@ifax.com>]

I may be wrong here, but I think the heart of the matter is why the .org nameservers are returning invalid glue records for the IPs of your delegated nameservers. I would ask the registrar with whom you registered this domain for assistance, ... and spend a bit of extra time in their web interface in the section where you setup the nameservers for this domain. Sometimes they allow you to enter in both the hostname and the IP of your authoritative nameservers, and include these records at the .ORG zone file level. 

By the way, you probably want to restrict zone transfers on your nameservers to allow only your secondary servers (or primary servers if you're running a stealth primary). I was able to transfer both the nerdworld.org and chescoliberty.org zone files, ... and learn a lot about your internal network arrangement in the process.

-d


On Jan 7, 2011, at 5:52 AM, Casey Bralla wrote:

> Darren, this is fantastic info, but I'm not sure how to use it.
> 
> NerdWorld.org's DNS is hosted on ZoneEdit.com.   All the IP's point to my 
> single valid IP of 71.22.6.96.   Both of their name servers are listed 
> properly in my Register.com domain registration.
> 
> The IP's listed in b0.org.afalias-nst.org are not mine.  (although one of them 
> looks familiar.)
> 
> 
> Since I have a "Dynamic" IP, it has changed once or twice over the years, but 
> it has been stable for 2+ years, so any cache would have long-since been 
> flushed.
> 
> 
> 
> On Thursday 06 January 2011 9:59:02 pm Darren Nickerson wrote:
>> Seems to me you have some DNS inconsistencies. Whois reports your
>> nameservers for chescoliberty.org as:
>> 
>> 	Name Server:DNS2.NERDWORLD.ORG
>> 	Name Server:DNS1.NERDWORLD.ORG
>> 
>> In  your data for chescoliberty.org (which I was able to transfer from
>> 71.224.6.96) you have the following:
>> 
>> 	;; ADDITIONAL SECTION:
>> 	DNS1.NerdWorld.org.	7200	IN	A	71.224.6.96
>> 	DNS2.NerdWorld.org.	7200	IN	A	71.224.6.96
>> 
>> 
>> HOWEVER, if you follow the DNS delegation for these nerworld.org hosts from
>> the .org TLD, it looks like:
>> 
>> darren:~ darren$ dig org ns
>> 
>> ; <<>> DiG 9.6.0-APPLE-P2 <<>> org ns
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58961
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
>> 
>> ;; QUESTION SECTION:
>> ;org.				IN	NS
>> 
>> ;; ANSWER SECTION:
>> org.			86400	IN	NS	a0.org.afilias-nst.info.
>> org.			86400	IN	NS	a2.org.afilias-nst.info.
>> org.			86400	IN	NS	b0.org.afilias-nst.org.
>> org.			86400	IN	NS	b2.org.afilias-nst.org.
>> org.			86400	IN	NS	c0.org.afilias-nst.info.
>> org.			86400	IN	NS	d0.org.afilias-nst.org.
>> 
>> ;; Query time: 37 msec
>> ;; SERVER: 10.0.20.1#53(10.0.20.1)
>> ;; WHEN: Thu Jan  6 21:45:36 2011
>> ;; MSG SIZE  rcvd: 159
>> 
>> 
>> Choosing one of these nameservers at random, querying them for your zone's
>> nameservers, we get:
>> 
>> 
>> darren:~ darren$ dig @b0.org.afilias-nst.org chescoliberty.org ns
>> 
>> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @b0.org.afilias-nst.org chescoliberty.org ns
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27591
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>> ;; WARNING: recursion requested but not available
>> 
>> ;; QUESTION SECTION:
>> ;chescoliberty.org.		IN	NS
>> 
>> ;; AUTHORITY SECTION:
>> chescoliberty.org.	86400	IN	NS	dns1.nerdworld.org.
>> chescoliberty.org.	86400	IN	NS	dns2.nerdworld.org.
>> 
>> ;; ADDITIONAL SECTION:
>> dns1.nerdworld.org.	86400	IN	A	71.224.4.252
>> dns2.nerdworld.org.	86400	IN	A	206.99.145.1
>> 
>> ;; Query time: 102 msec
>> ;; SERVER: 199.19.54.1#53(199.19.54.1)
>> ;; WHEN: Thu Jan  6 21:46:08 2011
>> ;; MSG SIZE  rcvd: 115
>> 
>> 
>> The problem is in the dns1.nerdworld.org and dns2 records above in bold ...
>> these are called glue records and it could be you have changed them
>> recently and they have not propagated yet, or it could be you need to fix
>> your DNS for nerdworld.org, because they don't match the information we
>> saw earlier, and they also don't respond:
>> 
>> darren:~ darren$ dig @206.99.145.1 chescoliberty.org ns
>> 
>> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @206.99.145.1 chescoliberty.org ns
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; connection timed out; no servers could be reached
>> darren:~ darren$ dig @71.224.4.252 chescoliberty.org ns
>> 
>> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @71.224.4.252 chescoliberty.org ns
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; connection timed out; no servers could be reached
>> darren:~ darren$
>> 
>> Hope that helps!
>> 
>> -d
>> 
>> On Jan 6, 2011, at 7:42 PM, Casey Bralla wrote:
>>> I've got a weird eMail delivery problem that I cannot figure out.  Could
>>> somebody please offer some asistance?
>>> 
>>> 
>>> 
>>> __SOME__ people (notably yahoo) cannot send eMail to anyone at this
>>> domain. It times out with a "domain not known" error:
>>> 
>>> 
> -- 
> 
> Casey Bralla
> Chief Nerd in Residence
> The NerdWorld Organisation
> http://www.NerdWorld.org
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug