• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Problem with obfuscated domain resolving

Started by anackin, January 15, 2011, 03:52:42 PM

Previous topic - Next topic

anackin

Hello,

at 16 jan 2011, midnight, I'm having this issue::
8.8.8.8 (google dns public server) doesn't resolve my mx record,
so I try dig @ns<n>.he.net servers, and I found that only ns3.he.net resolve the mx;

I did some tries and I had mx only from ns3. 

(snipped some unuseful lines and replaced domain with mydomain.xxx)


[stefano@stefano ~]$ dig mx mydomain.xxx @8.8.8.8
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[stefano@stefano ~]$ dig mx mydomain.xxx @ns1.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[stefano@stefano ~]$ dig mx mydomain.xxx @ns2.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


same for ns4 ns5..


[stefano@stefano ~]$ dig mx mydomain.xxx @ns3.he.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.xxx.         IN   MX

;; ANSWER SECTION:
mydomain.xxx.      86400   IN   MX   10 host1.mydomain.xxx.





broquea

#1
Obfuscating the domain is not really useful to try and troubleshoot. Please provide actual data/information and we can try and look into an issue.

Also has nothing to do with the thread you posted in, so made it a new one.

anackin

 :-[ Excuse me, you are twice right, domain anackin6.net,  here is 16 Jan 1.56 a.m. CET and unfortunately I mess up something and I posted in the wrong place.

Thank you,
Anackin

comptech

#3
Edit: I found the problem, see next post.

Looks like I may have a similar issue unless it just takes a while for MX records to take effect.

I added these two MX records for Google Apps email to work:

x.info MX 86400 10 ASPMX.L.GOOGLE.COM
x.info MX 86400 20 ALT1.ASPMX.L.GOOGLE.COM


This is what I get from all five nameservers:

; <<>> DiG 9.5.1-P2.1 <<>> mx x.info @ns1.he.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43610
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.info.                      IN      MX

;; AUTHORITY SECTION:
x.info.               86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011011522 10800 1800 604800 86400

;; Query time: 75 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Sun Jan 16 02:26:05 2011
;; MSG SIZE  rcvd: 83

comptech

#4
It looks like you might have the same problem I just had.

;; ANSWER SECTION:
anackin6.net.           86380   IN      CNAME   host1.anackin6.net.
host1.anackin6.net.     86380   IN      A       184.104.59.56


Since you have a CNAME pointing to host1.anackin6.net for anackin6.net you probably did the same thing as me. Set MX records with the same name as the CNAME record anackin6.net.  Apparently this isn't allowed by BIND and won't work.  Change the name(s) of your MX records to the host your CNAME points to and it should start working (i.e. host1.anackin6.net).

What my domain looks like now after I changed fixed it:
; <<>> DiG 9.5.1-P2.1 <<>> mx x.info @ns2.he.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16559
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;x.info.                      IN      MX

;; ANSWER SECTION:
x.info.               86400   IN      CNAME   xenon.x.info.
xenon.x.info.         86400   IN      MX      10 ASPMX.L.GOOGLE.COM.
xenon.x.info.         86400   IN      MX      20 ALT1.ASPMX.L.GOOGLE.COM.


Edit: Apparently having a CNAME and a SOA record with the same name is also not a great idea.

I figured this out thanks to the quick response from Gary Shaver at dnsadmin@he.net.

snarked

Quoteanackin6.net.           86380   IN      CNAME   host1.anackin6.net.
One also cannot set an alias for a zone to point at a subzone of itself.

(Presumedly, anackin6.net will also have an SOA record, which disqualifies the valid existence of the CNAME record.)

anackin

I think now It's clear.

I deleted the record "anackin6.net CNAME host1.anackin6.net" and it works.
This is now in my raw zone:


host1.anackin6.net. 86400 IN A xxx.xxx.xxx.xxx
host1.anackin6.net. 86400 IN AAAA 2001:xxx:xxx:xxx:xxx:1
www.anackin6.net. 86400 IN CNAME host1.anackin6.net.
anackin6.net. 86400 IN MX 10 host1.anackin6.net.


So if I want to resolve anackin6.net, I must set it as A record and the other names as CNAMEs, and mx record will become something like
"anackin6.net  86400 IN MX 10 anackin6.net", correct?

Thank you.

snarked

Yes, although the MX record you show above pointing at host1 is also correct.