Doesn't the PTR have to match the forward?
It should, but the err msg from sendmail is not talking about the reverse domain, it says it cannot resolve the envelope sender.domain, "domain does not exist", which is clearly false, since both his NSs are on-line and answering, to me, under 100 ms.
Todd could fix his PTRs to match the A record, but I really don't think that is what sendmail is complaining about.
I bet there's some network problem again, like we saw a couple of weeks ago, where I couldn't query an NS, but other could. backbone network got fixed, and I could query.
If he had query logging on his NS, he could send mail to these domains, and then see from which ip the queries come from, and then traceroute from his DNS to those DNS IPs.
also, the see that the err is "undeliverable 553", which is a fatal error (don't try this msg again).
If it were a DNS timeout, then sendmail should return a 4xx in case the error was not DNS but connectivity. After the 4xx, the msg will be retried and if a transient connectivity pb, sendmail should get a DNS response (this is how postfix handles DNS timeouts, maybe sendmail can be foreced to return 5xx for DNS timeout, bad practice).
I can see one sendmail admin screwing up his config, but not so many different sendmails for largish org's.
if re-booting really fixed that one site's rejections, they there may be some cache poisoning going on somewhere. re-booting the DNS would have cleared the poisoned cache.
Len
_____________________________________________________________________ http://MenAndMice.com/DNS-training: Seattle; Chicago; San Jose; Wash DC IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
