[dns-operations] weird DNS problem

alex flores alex at mordormx.net
Thu Jun 27 04:15:32 UTC 2013

Hi there
 This is Alejandro Flores from Mexis, an ISP in Mexico city
 We are having some weirs issues we would like to share with the list,
looking for some help or comment

 We have 2 authoritative DNS and
(ns1.infoacces.net and ns2.infoacces.net)

 In the last 2 weeks we have been receiving some users reports about
    problems to have email delivered from our mail server to external
    email servers (and from external servers to our server).

 As usual we verify the logs and we started to see problems related
    with reverse, however our reverse are correct, so we checked the
    DNS used by the remote provider, the result is that their dns is
    unable to reach our DNS

 We check any firewall policy that could be blocking the request but
    thats not the case.
 We checked our DNS, but these hasnt been changed in a long time

 Again, using an external affected DNS we enable the debug, and we
    noticed that the DNS was unable to get the TLD Servers  from the
    root servers, Thats a theory about the possible reason to the situation.

One more weird thing is that just as the problem appeared, just
dissapeared from the dns affected
and it start to work correctly, but now we received the report from
another dns....
So it looks like the condition that block the dns communication
dissapear and then apply to another dns.

In this moment for example aol.com is affected, if i try to send me an
email from aol the bounce error is

----- The delivery status notification errors -----

<alejandro.flores at mexis.net>: Host or domain name not found. Name service error
    for name=mexis.net type=MX: Host not found, try again

But if i use gmail or any other email service it works.

Any tip or idea to solve this situation?
The dns logs just dont show anything, cause the dns request never
reach the dns, in fact is the user in a server affected query our dns
he receive the correct response, so maybe the problem could be that
the dns query is unable to get the authoritative dns... may be.

Thanks for any comment
Alejandro Flores L.

More information about the dns-operations mailing list