* John Wittenberg <[EMAIL PROTECTED]> [2004:02:28:14:46:17-0800] scribed: > A few weeks back, our ISP decided that they were going to upgrade the mail > servers. On the day they were upgraded we could no longer access the mail > servers. My wife, who was and still may be extremely pissed, spent two > days with the Technicians who could not help. At the end of the second > day, my wife mentioned that we had a router and was told that was the > problem. That evening I removed the LEAF router and the mail connection > was _all well_ as the Windows XP box could connect to the mail server. > Thinking that the problem was with my setup of the LEAF box, I am using > Dachstein CD V1.0.2, I set up the box to use the default Dach settings. > This still did not allow connection to the mail server. At this time I was > beginning to believe that DNS could be that problem. About a year and a > half ago, the ISP changed the mail server name. Using XP's built in > _firewall_ I discovered the IP address for the mail server and using that > instead of a the FQN, I was able to get access to the mail server through > the LEAF box with the XP Box. > > So thinking that since the XP box could connect to the mail server without > the LEAF box using the FQN, I changed the LEAF box, at least I think I did, > to use my ISP's DNS instead of dnscache in the LEAF box. But alass this > _still did not_ work. I added my ISPs servers to DNS0 and DNS1 and set > CONFIG_DNS to YES. Soooo, on a hunch I changed my mail Client to access > the original mail server name and it works! Original server name = > mail.cablespeed.com and the one that was working before the change = > mail.bllvwa.cablespeed.com. > > The real question becomes, why when using the mail server name when > connected direct from XP it works, where as having the LEAF box connected > using the mail server name does not work. Is there some difference when > using the ISP DNS versus going through the LEAF box with the ISP DNSs > identified. > > Thanks for any and all help in advance and sorry about the convoluted > message.
Bottomline, your ISP's, cablespeed.com, DNS is b0rken ;> Furthermore, based on my cursory analysis, that DNS is being managed by people ignorant of DNS standards. I will use djbdns tools -- I am sure, with knowledgeable usage, other tools will demonstrate similar results. This is what the toplevel domain servers see regarding the domain cablespeed.com. This is what you can count on seeing from any arbitrary point on the Internet: # dnsqr any cablespeed.com 255 cablespeed.com: 68 bytes, 1+2+0+0 records, response, noerror query: 255 cablespeed.com answer: cablespeed.com 172416 NS ns1.cablespeed.com answer: cablespeed.com 172416 NS ns2.cablespeed.com Here is what `the Internet' thinks are your SMTP mail servers: # dnsqr mx cablespeed.com 15 cablespeed.com: 83 bytes, 1+2+0+0 records, response, noerror query: 15 cablespeed.com answer: cablespeed.com 2251 MX 10 mail2.evdloh.cablespeed.com answer: cablespeed.com 2251 MX 10 mail1.evdloh.cablespeed.com # dnsqr any mail1.evdloh.cablespeed.com 255 mail1.evdloh.cablespeed.com: 61 bytes, 1+1+0+0 records, response, noerror query: 255 mail1.evdloh.cablespeed.com answer: mail1.evdloh.cablespeed.com 71 A 216.15.205.76 # dnsqr any mail2.evdloh.cablespeed.com 255 mail2.evdloh.cablespeed.com: 61 bytes, 1+1+0+0 records, response, noerror query: 255 mail2.evdloh.cablespeed.com answer: mail2.evdloh.cablespeed.com 121 A 216.15.205.76 # dnsqr a mail.bllvwa.cablespeed.com 1 mail.bllvwa.cablespeed.com: timed out Notice that last one: the toplevel domain servers *CANNOT* find a path to an A record for the mail server you know works !?!? # dnsqr a mail.cablespeed.com 1 mail.cablespeed.com: 53 bytes, 1+1+0+0 records, response, noerror query: 1 mail.cablespeed.com answer: mail.cablespeed.com 252 A 216.15.205.76 Nor can `the Internet' establish any CNAME's for for these three (3) mail servers, that all happen to have A records pointing to the exact same IP address ;< # dnsqr cname mail.cablespeed.com 5 mail.cablespeed.com: timed out So, let us query cablespeed.com's nameservers directly: # dnsqr ns cablespeed.com 2 cablespeed.com: 68 bytes, 1+2+0+0 records, response, noerror query: 2 cablespeed.com answer: cablespeed.com 172607 NS ns1.cablespeed.com answer: cablespeed.com 172607 NS ns2.cablespeed.com # dnsip ns1.cablespeed.com 24.35.0.40 # dnsip ns2.cablespeed.com 24.35.0.35 There they are, according to `the Internet'; now, let us query that first one: # dnsq mx cablespeed.com ns1.cablespeed.com 15 cablespeed.com: timed out You see? One of your ISP's nameservers is b0rken ;< So, let's query the second nameserver: # dnsq mx cablespeed.com ns2.cablespeed.com 15 cablespeed.com: 148 bytes, 1+2+0+2 records, response, authoritative, noerror query: 15 cablespeed.com answer: cablespeed.com 3600 MX 10 mail2.evdloh.cablespeed.com answer: cablespeed.com 3600 MX 10 mail1.evdloh.cablespeed.com additional: mail2.evdloh.cablespeed.com 300 A 216.15.205.76 additional: mail1.evdloh.cablespeed.com 300 A 216.15.205.76 # dnsq a mail1.evdloh.cablespeed.com ns2.cablespeed.com 1 mail1.evdloh.cablespeed.com: 61 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 mail1.evdloh.cablespeed.com answer: mail1.evdloh.cablespeed.com 300 A 216.15.205.76 # dnsq cname mail1.evdloh.cablespeed.com ns2.cablespeed.com 5 mail1.evdloh.cablespeed.com: 105 bytes, 1+0+1+0 records, response, authoritative, noerror query: 5 mail1.evdloh.cablespeed.com authority: cablespeed.com 3600 SOA ns1.cablespeed.com abuse.cablespeed.com 2002082710 3600 3600 604800 3600 NO answer, then no CNAME . . . # dnsq a mail2.evdloh.cablespeed.com ns2.cablespeed.com 1 mail2.evdloh.cablespeed.com: 61 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 mail2.evdloh.cablespeed.com answer: mail2.evdloh.cablespeed.com 300 A 216.15.205.76 # dnsq cname mail2.evdloh.cablespeed.com ns2.cablespeed.com 5 mail2.evdloh.cablespeed.com: 105 bytes, 1+0+1+0 records, response, authoritative, noerror query: 5 mail2.evdloh.cablespeed.com authority: cablespeed.com 3600 SOA ns1.cablespeed.com abuse.cablespeed.com 2002082710 3600 3600 604800 3600 NO answer, then no CNAME . . . # dnsq a mail.cablespeed.com ns2.cablespeed.com 1 mail.cablespeed.com: 53 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 mail.cablespeed.com answer: mail.cablespeed.com 300 A 216.15.205.76 # dnsq cname mail.cablespeed.com ns2.cablespeed.com 5 mail.cablespeed.com: 97 bytes, 1+0+1+0 records, response, authoritative, noerror query: 5 mail.cablespeed.com authority: cablespeed.com 3600 SOA ns1.cablespeed.com abuse.cablespeed.com 2002082710 3600 3600 604800 3600 NO answer, then no CNAME . . . However, using the non-b0rken nameserver from your ISP, we verify that it thinks the configured mailservers are at 216.15.205.76 -- even though that address has at least THREE (3) names, and ZERO CNAME's ;< Worse still, your ISP's own nameserver *CANNOT* identify the mail server that you know _works_: # dnsq a mail.bllvwa.cablespeed.com ns2.cablespeed.com 1 mail.bllvwa.cablespeed.com: 120 bytes, 1+0+2+2 records, response, noerror query: 1 mail.bllvwa.cablespeed.com authority: bllvwa.cablespeed.com 3600 NS ns2.bllvwa.cablespeed.com authority: bllvwa.cablespeed.com 3600 NS ns1.bllvwa.cablespeed.com additional: ns2.bllvwa.cablespeed.com 3600 A 66.235.59.7 additional: ns1.bllvwa.cablespeed.com 3600 A 66.235.59.6 We have to use an additional pair of nameservers to resolve that host: # dnsq a mail.bllvwa.cablespeed.com ns1.bllvwa.cablespeed.com 1 mail.bllvwa.cablespeed.com: 60 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 mail.bllvwa.cablespeed.com answer: mail.bllvwa.cablespeed.com 300 A 216.15.205.76 # dnsq a mail.bllvwa.cablespeed.com ns2.bllvwa.cablespeed.com 1 mail.bllvwa.cablespeed.com: 60 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 mail.bllvwa.cablespeed.com answer: mail.bllvwa.cablespeed.com 300 A 216.15.205.76 Moreover, your ISP has not configured any reverse DNS: # dnsqr ptr 76.205.15.216.in-addr.arpa 12 76.205.15.216.in-addr.arpa: 44 bytes, 1+0+0+0 records, response, authoritative, nxdomain query: 12 76.205.15.216.in-addr.arpa # dnsqr ptr 205.15.216.in-addr.arpa 12 205.15.216.in-addr.arpa: 41 bytes, 1+0+0+0 records, response, noerror query: 12 205.15.216.in-addr.arpa # dnsqr ptr 15.216.in-addr.arpa 12 15.216.in-addr.arpa: 37 bytes, 1+0+0+0 records, response, noerror query: 12 15.216.in-addr.arpa # dnsqr ptr 216.in-addr.arpa 12 216.in-addr.arpa: 34 bytes, 1+0+0+0 records, response, noerror query: 12 216.in-addr.arpa # dnsq ptr 76.205.15.216.in-addr.arpa ns1.cablespeed.com 12 76.205.15.216.in-addr.arpa: timed out # dnsq ptr 76.205.15.216.in-addr.arpa ns2.cablespeed.com 12 76.205.15.216.in-addr.arpa: temporary failure # dnsq ptr 76.205.15.216.in-addr.arpa ns2.cablespeed.com 12 76.205.15.216.in-addr.arpa: temporary failure # dnsq ptr 76.205.15.216.in-addr.arpa ns1.bllvwa.cablespeed.com 12 76.205.15.216.in-addr.arpa: temporary failure # dnsq ptr 76.205.15.216.in-addr.arpa ns2.bllvwa.cablespeed.com 12 76.205.15.216.in-addr.arpa: temporary failure I cannot telnet into any of these hosts on tcp 25, probably because I am not on your network. That is as it should be; but, I cannot tell you much more about this problem, other than the DNS analyses above. Clearly, though, the problems you are having are *NOT* due to an ineptitude of dnscache; rather, your ISP has an interesting DNS configuration that defies all RFC's and standards. HTH & Good Luck ;> -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
signature.asc
Description: Digital signature
