Kory Krofft <[EMAIL PROTECTED]> [2003:12:22:20:24:44-0500] scribed: <snip />
> I believe as Ray has mentioned that the major issue may be a reverse > lookup that qmail is doing which causes the timeout error on the mail > client. I am still looking into what dns settings I need to change to > fix that possibility. Indeed, that is a very serious problem -- not so much because qmail requires a dns server (it does not); but, from tcpdump it is clear that it cannot find PTR for 1.1.168.192.in-addr.arpa. In a previous message, you asked for comments on your /etc/tinydns-private/root/data -- I strongly suggest that you try the following, and forget about your DMZ for now: =localhost:127.0.0.1 .localhost:127.0.0.1:a .1.0.0.127.in-addr.arpa:127.0.0.1:a .kroffts.home:127.0.0.1:a .1.168.192.in-addr.arpa:127.0.0.1:a =markii.kroffts.home:192.168.1.254 =coventry.kroffts.home:192.168.1.1 [EMAIL PROTECTED]:192.168.10.1:mail.kroffts.com [EMAIL PROTECTED]::mail.kroffts.com The last two (2) lines are problematic. With the `-' as first character, they will *not* be used now. Currently, you are *NOT* authoritative and *CANNOT* assume authority for the kroffts.com domain: # dnsqr any kroffts.com 255 kroffts.com: 101 bytes, 1+4+0+0 records, response, noerror query: 255 kroffts.com answer: kroffts.com 170446 NS ns1.dnsexit.com answer: kroffts.com 170446 NS ns2.dnsexit.com answer: kroffts.com 170446 NS ns1.dnsexit.com answer: kroffts.com 170446 NS ns2.dnsexit.com # dnsqr mx kroffts.com 15 kroffts.com: 45 bytes, 1+1+0+0 records, response, noerror query: 15 kroffts.com answer: kroffts.com 120 MX 5 kroffts.com # dnsqr a kroffts.com 1 kroffts.com: 45 bytes, 1+1+0+0 records, response, noerror query: 1 kroffts.com answer: kroffts.com 109 A 24.210.193.152 # dnsqr soa kroffts.com 6 kroffts.com: 91 bytes, 1+1+0+0 records, response, noerror query: 6 kroffts.com answer: kroffts.com 120 SOA ns1.dnsexit.com jchen.netdorm.com 2000060701 1200 1200 604800 1200 # dnsqr any mail.kroffts.com 255 mail.kroffts.com: 48 bytes, 1+1+0+0 records, response, noerror query: 255 mail.kroffts.com answer: mail.kroffts.com 120 CNAME kroffts.com You cannot assert that 192.168.10.1 is mail.kroffts.com with authority, unless you either: [a] Change DNS configuration at ns{1,2}.dnsexit.com; or [b] Replace DNS authority at ns{1,2}.dnsexit.com with your own DNS server for kroffts.com. I highly, highly, highly urge your to *NOT* configure your DMZ hosts in the kroffts.com domain -- especially, since your DMZ is running on an RFC 1918 network -- unless you get ns{1,2}.dnsexit.com to delegate a sub-domain to you. And that is problematic, too, because of the private network. For now, try my suggested tinydns data changes, and see whether or not we get any closer. hth -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
pgp00000.pgp
Description: PGP signature