[dns-operations] weird DNS problem
alex flores
alex at mordormx.net
Thu Jun 27 04:15:32 UTC 2013
Hi there
This is Alejandro Flores from Mexis, an ISP in Mexico city
We are having some weirs issues we would like to share with the list,
looking for some help or comment
We have 2 authoritative DNS 207.249.67.253 and 207.249.77.253.
(ns1.infoacces.net and ns2.infoacces.net)
In the last 2 weeks we have been receiving some users reports about
problems to have email delivered from our mail server to external
email servers (and from external servers to our server).
As usual we verify the logs and we started to see problems related
with reverse, however our reverse are correct, so we checked the
DNS used by the remote provider, the result is that their dns is
unable to reach our DNS
We check any firewall policy that could be blocking the request but
thats not the case.
We checked our DNS, but these hasnt been changed in a long time
Again, using an external affected DNS we enable the debug, and we
noticed that the DNS was unable to get the TLD Servers from the
root servers, Thats a theory about the possible reason to the situation.
One more weird thing is that just as the problem appeared, just
dissapeared from the dns affected
and it start to work correctly, but now we received the report from
another dns....
So it looks like the condition that block the dns communication
dissapear and then apply to another dns.
In this moment for example aol.com is affected, if i try to send me an
email from aol the bounce error is
----- The delivery status notification errors -----
<alejandro.flores at mexis.net>: Host or domain name not found. Name service error
for name=mexis.net type=MX: Host not found, try again
But if i use gmail or any other email service it works.
Any tip or idea to solve this situation?
The dns logs just dont show anything, cause the dns request never
reach the dns, in fact is the user in a server affected query our dns
he receive the correct response, so maybe the problem could be that
the dns query is unable to get the authoritative dns... may be.
Thanks for any comment
Alejandro Flores L.
More information about the dns-operations
mailing list