Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Problem with obfuscated domain resolving  (Read 4134 times)

anackin

  • Newbie
  • *
  • Posts: 12
Problem with obfuscated domain resolving
« on: January 15, 2011, 03:52:42 PM »

Hello,

at 16 jan 2011, midnight, I'm having this issue::
8.8.8.8 (google dns public server) doesn't resolve my mx record,
so I try dig @ns<n>.he.net servers, and I found that only ns3.he.net resolve the mx;

I did some tries and I had mx only from ns3. 

(snipped some unuseful lines and replaced domain with mydomain.xxx)


[stefano@stefano ~]$ dig mx mydomain.xxx @8.8.8.8
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[stefano@stefano ~]$ dig mx mydomain.xxx @ns1.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[stefano@stefano ~]$ dig mx mydomain.xxx @ns2.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


same for ns4 ns5..


[stefano@stefano ~]$ dig mx mydomain.xxx @ns3.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.xxx.         IN   MX

;; ANSWER SECTION:
mydomain.xxx.      86400   IN   MX   10 host1.mydomain.xxx.




Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1723
Re: Problem with obfuscated domain resolving
« Reply #1 on: January 15, 2011, 04:11:41 PM »

Obfuscating the domain is not really useful to try and troubleshoot. Please provide actual data/information and we can try and look into an issue.

Also has nothing to do with the thread you posted in, so made it a new one.
« Last Edit: January 15, 2011, 04:21:35 PM by broquea »
Logged

anackin

  • Newbie
  • *
  • Posts: 12
Re: Problem with obfuscated domain resolving
« Reply #2 on: January 15, 2011, 05:04:41 PM »

 :-[ Excuse me, you are twice right, domain anackin6.net,  here is 16 Jan 1.56 a.m. CET and unfortunately I mess up something and I posted in the wrong place.

Thank you,
Anackin
Logged

comptech

  • Newbie
  • *
  • Posts: 31
Re: Problem with obfuscated domain resolving
« Reply #3 on: January 16, 2011, 12:27:25 AM »

Edit: I found the problem, see next post.

Looks like I may have a similar issue unless it just takes a while for MX records to take effect.

I added these two MX records for Google Apps email to work:

Code: [Select]
x.info MX 86400 10 ASPMX.L.GOOGLE.COM
x.info MX 86400 20 ALT1.ASPMX.L.GOOGLE.COM

This is what I get from all five nameservers:
Code: [Select]
; <<>> DiG 9.5.1-P2.1 <<>> mx x.info @ns1.he.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43610
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.info.                      IN      MX

;; AUTHORITY SECTION:
x.info.               86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011011522 10800 1800 604800 86400

;; Query time: 75 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Sun Jan 16 02:26:05 2011
;; MSG SIZE  rcvd: 83
« Last Edit: December 02, 2011, 06:23:54 PM by comptech »
Logged

comptech

  • Newbie
  • *
  • Posts: 31
Re: Problem with obfuscated domain resolving
« Reply #4 on: January 16, 2011, 06:31:26 PM »

It looks like you might have the same problem I just had.

Code: [Select]
;; ANSWER SECTION:
anackin6.net.           86380   IN      CNAME   host1.anackin6.net.
host1.anackin6.net.     86380   IN      A       184.104.59.56

Since you have a CNAME pointing to host1.anackin6.net for anackin6.net you probably did the same thing as me. Set MX records with the same name as the CNAME record anackin6.net.  Apparently this isn't allowed by BIND and won't work.  Change the name(s) of your MX records to the host your CNAME points to and it should start working (i.e. host1.anackin6.net).

What my domain looks like now after I changed fixed it:
Code: [Select]
; <<>> DiG 9.5.1-P2.1 <<>> mx x.info @ns2.he.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16559
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.info.                      IN      MX

;; ANSWER SECTION:
x.info.               86400   IN      CNAME   xenon.x.info.
xenon.x.info.         86400   IN      MX      10 ASPMX.L.GOOGLE.COM.
xenon.x.info.         86400   IN      MX      20 ALT1.ASPMX.L.GOOGLE.COM.

Edit: Apparently having a CNAME and a SOA record with the same name is also not a great idea.

I figured this out thanks to the quick response from Gary Shaver at dnsadmin@he.net.
« Last Edit: December 02, 2011, 06:23:10 PM by comptech »
Logged

snarked

  • Hero Member
  • *****
  • Posts: 766
Re: Problem with obfuscated domain resolving
« Reply #5 on: January 17, 2011, 11:47:33 AM »

Quote
anackin6.net.           86380   IN      CNAME   host1.anackin6.net.
One also cannot set an alias for a zone to point at a subzone of itself.

(Presumedly, anackin6.net will also have an SOA record, which disqualifies the valid existence of the CNAME record.)
Logged

anackin

  • Newbie
  • *
  • Posts: 12
Re: Problem with obfuscated domain resolving
« Reply #6 on: January 17, 2011, 12:40:02 PM »

I think now It's clear.

I deleted the record "anackin6.net CNAME host1.anackin6.net" and it works.
This is now in my raw zone:

Code: [Select]
host1.anackin6.net. 86400 IN A xxx.xxx.xxx.xxx
host1.anackin6.net. 86400 IN AAAA 2001:xxx:xxx:xxx:xxx:1
www.anackin6.net. 86400 IN CNAME host1.anackin6.net.
anackin6.net. 86400 IN MX 10 host1.anackin6.net.

So if I want to resolve anackin6.net, I must set it as A record and the other names as CNAMEs, and mx record will become something like
"anackin6.net  86400 IN MX 10 anackin6.net", correct?

Thank you.
Logged

snarked

  • Hero Member
  • *****
  • Posts: 766
Re: Problem with obfuscated domain resolving
« Reply #7 on: January 18, 2011, 02:17:47 PM »

Yes, although the MX record you show above pointing at host1 is also correct.
Logged