Kory Krofft <[EMAIL PROTECTED]> [2003:12:22:20:24:44-0500] scribed: <snip />
> I believe as Ray has mentioned that the major issue may be a reverse
> lookup that qmail is doing which causes the timeout error on the mail
> client. I am still looking into what dns settings I need to change to
> fix that possibility.
Indeed, that is a very serious problem -- not so much because qmail
requires a dns server (it does not); but, from tcpdump it is clear that
it cannot find PTR for 1.1.168.192.in-addr.arpa.
In a previous message, you asked for comments on your
/etc/tinydns-private/root/data -- I strongly suggest that you try the
following, and forget about your DMZ for now:
=localhost:127.0.0.1
.localhost:127.0.0.1:a
.1.0.0.127.in-addr.arpa:127.0.0.1:a
.kroffts.home:127.0.0.1:a
.1.168.192.in-addr.arpa:127.0.0.1:a
=markii.kroffts.home:192.168.1.254
=coventry.kroffts.home:192.168.1.1
[EMAIL PROTECTED]:192.168.10.1:mail.kroffts.com
[EMAIL PROTECTED]::mail.kroffts.com
The last two (2) lines are problematic. With the `-' as first
character, they will *not* be used now.
Currently, you are *NOT* authoritative and *CANNOT* assume authority for
the kroffts.com domain:
# dnsqr any kroffts.com
255 kroffts.com:
101 bytes, 1+4+0+0 records, response, noerror
query: 255 kroffts.com
answer: kroffts.com 170446 NS ns1.dnsexit.com
answer: kroffts.com 170446 NS ns2.dnsexit.com
answer: kroffts.com 170446 NS ns1.dnsexit.com
answer: kroffts.com 170446 NS ns2.dnsexit.com
# dnsqr mx kroffts.com
15 kroffts.com:
45 bytes, 1+1+0+0 records, response, noerror
query: 15 kroffts.com
answer: kroffts.com 120 MX 5 kroffts.com
# dnsqr a kroffts.com
1 kroffts.com:
45 bytes, 1+1+0+0 records, response, noerror
query: 1 kroffts.com
answer: kroffts.com 109 A 24.210.193.152
# dnsqr soa kroffts.com
6 kroffts.com:
91 bytes, 1+1+0+0 records, response, noerror
query: 6 kroffts.com
answer: kroffts.com 120 SOA ns1.dnsexit.com jchen.netdorm.com 2000060701 1200 1200
604800 1200
# dnsqr any mail.kroffts.com
255 mail.kroffts.com:
48 bytes, 1+1+0+0 records, response, noerror
query: 255 mail.kroffts.com
answer: mail.kroffts.com 120 CNAME kroffts.com
You cannot assert that 192.168.10.1 is mail.kroffts.com with authority,
unless you either:
[a] Change DNS configuration at ns{1,2}.dnsexit.com; or
[b] Replace DNS authority at ns{1,2}.dnsexit.com with your own DNS
server for kroffts.com.
I highly, highly, highly urge your to *NOT* configure your DMZ hosts in
the kroffts.com domain -- especially, since your DMZ is running on an
RFC 1918 network -- unless you get ns{1,2}.dnsexit.com to delegate a
sub-domain to you. And that is problematic, too, because of the
private network.
For now, try my suggested tinydns data changes, and see whether or not
we get any closer.
hth
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
pgp00000.pgp
Description: PGP signature
