Quantcast

Very strange DNS Problem; MX not found

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Very strange DNS Problem; MX not found

Georg Sotsas
Hello,
we are encountering a very strange problem on our Postfix (2.11.0-1ubuntu1) Mail Relay.

The mails sent to [hidden email] remain in the queue with this error:
Host or domain name not found. Name service error for name=guilford.com type=MX: Host not found, try again

The DNS resolution is working fine (and all the other Emails leave the mail relay without any problems):
https://gist.github.com/anonymous/a282b54e74c3cbbbe31c2b0391fc0c97

I've tried to run postfix (smtp/submission) with and without chroot.

But finally I have no clue on what is going wrong with this domain.

Some help is very welcome-
Thanks in advance
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Wietse Venema
Georg Sotsas:
> Hello,
> we are encountering a very strange problem on our Postfix (2.11.0-1ubuntu1)
> Mail Relay.
>
> The mails sent to [hidden email] remain in the queue with this
> error:
> Host or domain name not found. Name service error for name=guilford.com
> type=MX: Host not found, try again

Looks like a local problem. it resolves fine here.

> The DNS resolution is working fine (and all the other Emails leave the mail
> relay without any problems):
> https://gist.github.com/anonymous/a282b54e74c3cbbbe31c2b0391fc0c97

Did you notice smtp.notes.na.collabserv.com resolves to 28 address
records? That requires either using TCP or using a large UDP datagram.

Perhaps you have a DNS resolver (local or up-stream) that can't
handle that, or some 'security' system that blocks such queries.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Viktor Dukhovni
In reply to this post by Georg Sotsas

> On May 5, 2017, at 8:48 AM, Georg Sotsas <[hidden email]> wrote:
>
> The mails sent to [hidden email] remain in the queue with this error:
> Host or domain name not found. Name service error for name=guilford.com type=MX: Host not found, try again

This sounds like an error with *outbound* mail, please show the unredacted
log entries (from the mail log, not "mailq" output), not just the error
message.  You can obfuscate email addresses, while otherwise leaving the
error message intact.

[ Wietse, this error was not related to the largish IP address count of
  the MX   host, it was the actual MX RRset lookup that servfailed.
  Perhaps something stale in the OP's DNS cache, or chroot issues.

         src/dns/dns_lookup.c(481):
                vstring_sprintf(why, "Host or domain name not found. "
                                "Name service error for name=%s type=%s: %s",
                            name, dns_strtype(type), dns_strerror(h_errno));
]

> The DNS resolution is working fine (and all the other Emails leave the mail relay without any problems):
> https://gist.github.com/anonymous/a282b54e74c3cbbbe31c2b0391fc0c97

Why pollute github with junk unrelated to software development?  And make
readers of the list jump through hoops chasing link.  Please post relevant
data with your message.

> I've tried to run postfix (smtp/submission) with and without chroot.

These handle *inbound* mail, assuming you're referring to "smtp inet ... smtpd",
and "submission inet ... smtpd".  The relevant service for outbound email is
"smtp unix ... smtp".

> But finally I have no clue on what is going wrong with this domain.

Perhaps a chroot issue anyway.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Wietse Venema
Viktor Dukhovni:

>
> > On May 5, 2017, at 8:48 AM, Georg Sotsas <[hidden email]> wrote:
> >
> > The mails sent to [hidden email] remain in the queue with this error:
> > Host or domain name not found. Name service error for name=guilford.com type=MX: Host not found, try again
>
> This sounds like an error with *outbound* mail, please show the unredacted
> log entries (from the mail log, not "mailq" output), not just the error
> message.  You can obfuscate email addresses, while otherwise leaving the
> error message intact.
>
> [ Wietse, this error was not related to the largish IP address count of
>   the MX   host, it was the actual MX RRset lookup that servfailed.

There is only one MX record for guilford.com, an that reply with
authority and additional records takes only 139 bytes.

I would not exclude the possibility that the OP is using a greedy
resolver that tries to look up A records when asked for MX, and
then reports an MX lookup problem when it was actually the A query
that failed because of the large response to that query.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Viktor Dukhovni

> On May 5, 2017, at 11:31 AM, Wietse Venema <[hidden email]> wrote:
>
> I would not exclude the possibility that the OP is using a greedy
> resolver that tries to look up A records when asked for MX, and
> then reports an MX lookup problem when it was actually the A query
> that failed because of the large response to that query.

Perhaps, but I would not have expected this.  The additional records
in this case are not "in bailiwick", and would be ignored by any
downstream recursive resolver in a chain of resolvers, so including
such additional records would be often pointless.

Also, while there are many A records, there are not so many that I
would expect UDP issues.  The entire A RRset fits in 505 bytes, with
EDNS0:

$ dig +novc +nosearch +dnssec +noans +nocl +nottl +nosplit +norecur -t a smtp.notes.na.collabserv.com @169.50.133.132
...
;; MSG SIZE  rcvd: 505

Or without EDNS0 in 494 bytes, however, without EDNS0 I do see a truncated response
from the authoritative server and dig then performs a TCP retry (which works).

$ dig +noedns +nosearch +nodnssec +noans +nocl +nottl +nosplit +norecur -t a smtp.notes.na.collabserv.com @169.50.133.132
;; Truncated, retrying in TCP mode.
...
;; MSG SIZE  rcvd: 494

If the OP's resolver is having trouble with this, it is a rather poorly
implemented resolver, no EDNS0 support, chokes on TCP retries, fails when
it can't obtain additional records, that's quite a collection of issues.

   http://dilbert.com/strip/1995-06-24

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Wietse Venema
Viktor Dukhovni:

>
> > On May 5, 2017, at 11:31 AM, Wietse Venema <[hidden email]> wrote:
> >
> > I would not exclude the possibility that the OP is using a greedy
> > resolver that tries to look up A records when asked for MX, and
> > then reports an MX lookup problem when it was actually the A query
> > that failed because of the large response to that query.
>
> Perhaps, but I would not have expected this.  The additional records
> in this case are not "in bailiwick", and would be ignored by any
> downstream recursive resolver in a chain of resolvers, so including
> such additional records would be often pointless.
>
> Also, while there are many A records, there are not so many that I
> would expect UDP issues.  The entire A RRset fits in 505 bytes, with
> EDNS0:

I was seeing ';; Truncated, retrying in TCP mode' with the host(1)
and dig(1) command-line utilities on my aging server.

Still wondering, though, whether some resolver isn't returning
failure because some unsolicited lookup didn't work out.

There is some prior art for this. Some SunOS versions used to have
a gethostbyaddr() implementation that would return failure if the
forward lookup result did not match, as a defense against spoofing.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Jörg Backschues
In reply to this post by Georg Sotsas
On 05.05.2017 at 14:48h Georg Sotsas wrote:

> The mails sent to [hidden email] <mailto:[hidden email]>
> remain in the queue with this error:
> Host or domain name not found. Name service error for name=guilford.com
> <http://guilford.com> type=MX: Host not found, try again

Just working here:

user@host:~$ postconf mail_version
mail_version = 2.11.0

May  5 22:33:14 mx0.backschues.net postfix/smtp[3794]: 3wKNrR6HSqz3Q:
to=<[hidden email]>,
relay=smtp.notes.na.collabserv.com[158.85.210.111]:25, delay=2.6,
delays=0.02/0.01/2/0.59, dsn=2.0.0, status=sent (250 OK
<17050520-8244-0000-0000-0000DBF7FB26>)

--
Regards Jörg

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Very strange DNS Problem; MX not found

Georg Sotsas
Hello and thanks for your answers,
allowing TCP queries to our internal resolver fixed the problem.

Kind regards


2017-05-05 22:41 GMT+02:00 Jörg Backschues <[hidden email]>:
On 05.05.2017 at 14:48h Georg Sotsas wrote:

The mails sent to [hidden email] <mailto:[hidden email]>
remain in the queue with this error:
Host or domain name not found. Name service error for name=guilford.com
<http://guilford.com> type=MX: Host not found, try again

Just working here:

user@host:~$ postconf mail_version
mail_version = 2.11.0

May  5 22:33:14 mx0.backschues.net postfix/smtp[3794]: 3wKNrR6HSqz3Q: to=<[hidden email]>, relay=smtp.notes.na.collabserv.com<a href="tel:%5B158.85.210.111" value="+15885210111" target="_blank">[158.85.210.111]:25, delay=2.6, delays=0.02/0.01/2/0.59, dsn=2.0.0, status=sent (250 OK <17050520-8244-0000-0000-0000DBF7FB26>)

--
Regards Jörg


Loading...