HPE Community
Operating System - Linux
1832335 Members
2239 Online
110041 Solutions
New Discussion

Re: DNS Problem

 
Bejoy C Alias
Respected Contributor

‎03-08-2005 05:28 PM

‎03-08-2005 05:28 PM

DNS Problem

We are having our domain registered as centuryenka.com and hosted our primary/secondary dns and email and web on our on servers. We are using a 64 kbps 1:1 leased line link for our servers. Now the pblm is that some of our customers are complaining that they are not able to send mails to our domain. They are not able to resolve our domain and getting the MX record not found errors ( But around 90 % of customers are able to send mails ) . And this problem is intermittend, this pblm was there before two three weeks and got solved automatically , this may get solved automatically in the coming days. But i am not understanding why this pblm comes again . Whether the link speed should be increased or some other problems ? At the same time I am able to send mails to our domain from most of the web based mails like yahoo hotmail rediff indiatimes etc .
Be Always Joy ......
0 Kudos
8 REPLIES 8
Florian Heigl (new acc)
Honored Contributor

‎03-08-2005 10:19 PM

‎03-08-2005 10:19 PM

Re: DNS Problem

You could consider running a secondary DNS outside of Your network (i.e. a cheap dedicated server). DNS queries and responses are done through UDP, so if Your line is highly loaded, they might eventually be lost.

You might be able to get rid of that by doing bandwidth allocations on Your external interface, if the router supports that (cisco systems should be np)

but I can't say for sure that this really is the issue - it would be really great if You could let Your customers supply more exact data of when the problem occurs, so You could compare it to the load on Your line at that time.

Also consider running named in debug mode if the problem persists. the log file is called named.run if I remember correctly and collects quite usefull data.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Vitaly Karasik_1
Honored Contributor

‎03-09-2005 12:16 AM

‎03-09-2005 12:16 AM

Re: DNS Problem

Bejoy,
As for now, you DNS seems to be OK [http://www.dnsstuff.com/tools/lookup.ch?name=centuryenka.com+&type=MX],
but I agree with previous advice - you should add another DNS server [you may ask your friends or your ISP to do this]
0 Kudos
Steven E. Protter
Exalted Contributor

‎03-09-2005 12:52 AM

‎03-09-2005 12:52 AM

Re: DNS Problem

Its probably not a DNS issue.

There are a lot of security upgrades to stop spam that can unwittingly effect inbound mail.

My servers, like aol and others won't accept mail from senders that don't have valid reverse lookup addresses. You'd be suprised how many people don't have that.

The course of action is this:

On the server that accepts/rejects the mail:

fail -f /var/log/maillog

Then have the complaining customer send a mail. See what the reject message is. If its a configuration problem on your server, correct it. If the customer needs assistance in correcting the problem, perhaps their technical support people will help. Or direct them here.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Dave Falloon
Trusted Contributor

‎03-09-2005 05:06 AM

‎03-09-2005 05:06 AM

Re: DNS Problem

To add to SEP's point you should speak with the company that owns your IP, the people you are leasing the line from. They should delegate control to you, ie, allow you to manage the reverse records for your IP(s). If they have handed control to your name servers you'll need to setup a zone and allow them to do zone transfers.

Here's a page with lots of info:

http://homepages.tesco.net/~J.deBoynePollard/FGA/avoid-rfc-2317-delegation-example-1.html

Looks like the people you'll need to talk to are:

Bharat Sanchar Nigam Limited

according to apnic ( http://www.apnic.net/apnic-bin/whois.pl?210.212.163.178 )

--Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Dave Falloon
Trusted Contributor

‎03-09-2005 05:09 AM

‎03-09-2005 05:09 AM

Re: DNS Problem

Nevermind, I just checked you have reverse records setup properly.

--Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Bejoy C Alias
Respected Contributor

‎03-13-2005 06:37 PM

‎03-13-2005 06:37 PM

Re: DNS Problem

The problem seems to be with the firewall rules configured in our server. It was like this
anywhere to anywhere sport 53 dport 1024:65535 accept
anywhere to anywhere dport 53 sport 1024:65535 accept
reject all other udp packets.
When i done a tcpdump -pqti eth1 icmp , it was showing a lot of messages like "ns1.centuryenka.com icmp udp port domain unreachable" . So i made changes in the firewall rules and set it like
anywhere to anywhere sport 53 accept
anywhere to anywhere dport 53 accept.
and reject all other udp packets. This stopped the above messages from coming in the tcpdump . And now those customers who all are unable to send mails are now able to send mails to this doamin .
But iam not understanding why the previous rule was not accepting queries and at the same time most of the customers were able to query and send mails to our domain. Even i was able to use dnsstuff.com and dsnsreport.com to check our domains without any pblms previously.
Be Always Joy ......
0 Kudos
Bejoy C Alias
Respected Contributor

‎03-14-2005 06:37 PM

‎03-14-2005 06:37 PM

Re: DNS Problem

Hi guys...
I got the solution...
Sorry to inform that i forgot one thing to tell u. two weeks before i made changes to the firewall rules so that it will accept dns queries from a port above 1024 . Before that the rule was to accept queries from any port to my server's dns port. This prevented those customers from querying my server because thier queries were coming from the dns port 53 to my server's dns port 53. I found this after checking the tcpdump output. My server was sending " icmp udp port domain unreachable " message to those servers. Now the rules are set to accept queries from 53 or any port above 1024 . I hope no one is using other than these ports for querying dns servers.....
Thanks for your suggestions...
Be Always Joy ......
0 Kudos
Bejoy C Alias
Respected Contributor

‎03-14-2005 06:39 PM

‎03-14-2005 06:39 PM

Re: DNS Problem

Closing the thread....
Be Always Joy ......
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.