• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Problem with obfuscated domain resolving

Started by anackin, January 15, 2011, 03:52:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

anackin

January 15, 2011, 03:52:42 PM
Hello,

at 16 jan 2011, midnight, I'm having this issue::
8.8.8.8 (google dns public server) doesn't resolve my mx record,
so I try dig @ns<n>.he.net servers, and I found that only ns3.he.net resolve the mx;

I did some tries and I had mx only from ns3. 

(snipped some unuseful lines and replaced domain with mydomain.xxx)


[stefano@stefano ~]$ dig mx mydomain.xxx @8.8.8.8
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[stefano@stefano ~]$ dig mx mydomain.xxx @ns1.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[stefano@stefano ~]$ dig mx mydomain.xxx @ns2.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


same for ns4 ns5..


[stefano@stefano ~]$ dig mx mydomain.xxx @ns3.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.xxx.         IN   MX

;; ANSWER SECTION:
mydomain.xxx.      86400   IN   MX   10 host1.mydomain.xxx.




broquea

#1
January 15, 2011, 04:11:41 PM Last Edit: January 15, 2011, 04:21:35 PM by broquea
Obfuscating the domain is not really useful to try and troubleshoot. Please provide actual data/information and we can try and look into an issue.

Also has nothing to do with the thread you posted in, so made it a new one.

anackin

#2
January 15, 2011, 05:04:41 PM
 :-[ Excuse me, you are twice right, domain anackin6.net,  here is 16 Jan 1.56 a.m. CET and unfortunately I mess up something and I posted in the wrong place.

Thank you,
Anackin

comptech

#3
January 16, 2011, 12:27:25 AM Last Edit: December 02, 2011, 06:23:54 PM by comptech
Edit: I found the problem, see next post.

Looks like I may have a similar issue unless it just takes a while for MX records to take effect.

I added these two MX records for Google Apps email to work:

Code Select
x.info MX 86400 10 ASPMX.L.GOOGLE.COM
x.info MX 86400 20 ALT1.ASPMX.L.GOOGLE.COM

This is what I get from all five nameservers:
Code Select

; <<>> DiG 9.5.1-P2.1 <<>> mx x.info @ns1.he.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43610
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.info.                      IN      MX

;; AUTHORITY SECTION:
x.info.               86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011011522 10800 1800 604800 86400

;; Query time: 75 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Sun Jan 16 02:26:05 2011
;; MSG SIZE  rcvd: 83

comptech

#4
January 16, 2011, 06:31:26 PM Last Edit: December 02, 2011, 06:23:10 PM by comptech
It looks like you might have the same problem I just had.

Code Select
;; ANSWER SECTION:
anackin6.net.           86380   IN      CNAME   host1.anackin6.net.
host1.anackin6.net.     86380   IN      A       184.104.59.56


Since you have a CNAME pointing to host1.anackin6.net for anackin6.net you probably did the same thing as me. Set MX records with the same name as the CNAME record anackin6.net.  Apparently this isn't allowed by BIND and won't work.  Change the name(s) of your MX records to the host your CNAME points to and it should start working (i.e. host1.anackin6.net).

What my domain looks like now after I changed fixed it:
Code Select
; <<>> DiG 9.5.1-P2.1 <<>> mx x.info @ns2.he.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16559
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.info.                      IN      MX

;; ANSWER SECTION:
x.info.               86400   IN      CNAME   xenon.x.info.
xenon.x.info.         86400   IN      MX      10 ASPMX.L.GOOGLE.COM.
xenon.x.info.         86400   IN      MX      20 ALT1.ASPMX.L.GOOGLE.COM.


Edit: Apparently having a CNAME and a SOA record with the same name is also not a great idea.

I figured this out thanks to the quick response from Gary Shaver at dnsadmin@he.net.

snarked

#5
January 17, 2011, 11:47:33 AM
Quoteanackin6.net.           86380   IN      CNAME   host1.anackin6.net.
One also cannot set an alias for a zone to point at a subzone of itself.

(Presumedly, anackin6.net will also have an SOA record, which disqualifies the valid existence of the CNAME record.)

anackin

#6
January 17, 2011, 12:40:02 PM
I think now It's clear.

I deleted the record "anackin6.net CNAME host1.anackin6.net" and it works.
This is now in my raw zone:

Code Select

host1.anackin6.net. 86400 IN A xxx.xxx.xxx.xxx
host1.anackin6.net. 86400 IN AAAA 2001:xxx:xxx:xxx:xxx:1
www.anackin6.net. 86400 IN CNAME host1.anackin6.net.
anackin6.net. 86400 IN MX 10 host1.anackin6.net.


So if I want to resolve anackin6.net, I must set it as A record and the other names as CNAMEs, and mx record will become something like
"anackin6.net  86400 IN MX 10 anackin6.net", correct?

Thank you.

snarked

#7
January 18, 2011, 02:17:47 PM
Yes, although the MX record you show above pointing at host1 is also correct.
Print
Go Up Pages1
User actions