Re: Can anyone tell me what's wrong with this domain?

I haven't checked all of the servers that are supposed to server the
"literacytent.org" domain, but I have found one interesting thing while
trying to query dns-auth1.crocker.com for an MX record associated with
this literacytent.org domain.

Trying to query this server using TCP rather than UDP returns a
"connection refused" response from the server. Someone is trying to
"enhance" their ability to provide services by denying services!
Everyone thinks that shutting off DNS queries using TCP won't have any
impact because "everyone knows that DNS only uses UDP".

I searched the MARC archives of the bind-users mailing list for
"exchange tcp" and received a reply from Mark Andrews for a question
about the Microsoft Exchange Server. (You can get this message at
<http://marc.theaimsgroup.com/?l=bind-users&m=105391525331498&w=2>.)
The question and blunt response was:

> Are microsoft's ExchangeServer always uses TCP to query DNS record?
Yes.

So, if your servers/firewalls are truly configured to reject DNS
queries made over TCP ***and*** you expect to have to converse with
people that use MS Exchange, then from Mark's reply you are bound to
fail.

Anyway, good luck.

Bill Larson

On Monday, July 7, 2003, at 07:12 PM, Steve Linberg wrote:

>
> On Monday, July 7, 2003, at 07:05 PM, Bill Larson wrote:
>
>> Have you considered that since you have delegated this domain to two
>> name servers on the same network, if there is ANY connectivity
>> problems - even brief - then the mail servers trying to send mail to
>> your domain cannot obtain any DNS information?
>>
>> Suggestion - Don't have all of your name servers on the same network.
>> Whenever there is any problem with accessing this network, then all
>> queries will fail.
>
> That's a good suggestion. I only run one machine right now, so my
> options are a bit limited, but I can see how network failures would
> cause this kind of outage.
>
> I still think I have a different problem, though, because there are
> some servers that always reject mail to the domain I detailed with the
> "sender not found in DNS" error. Since I get the rejection notices,
> that reduces the chance that it's a recurring network error or routing
> issue - something about the way I have the domain set up appears to be
> incorrect or incomplete according to at least some criteria. What I
> was hoping to find was that I left out something important in the zone
> file or made some other locally-correctible mistake.
>
> If it does turn out to be network/routing related and not a
> misconfiguration in my BIND setup for the domain, then a whole
> different problem-solving approach kicks in, but for now I'm still
> going on the assumption that I made an error in the BIND specification
> and just can't see it.
>
> - Steve
>
>
>>
>> Bill Larson
>>
>> On Monday, July 7, 2003, at 04:01 PM, Steve Linberg wrote:
>>
>>> In article <becpu9$qb8$1@sf1.isc.org>,
>>> "Paul & Susan" <pswheele@swbell.net> wrote:
>>>
>>>> did you look at you sendmail files to see if they are looking into
>>>> you dns
>>>> servers?
>>>
>>> Outgoing mail is fine (and I use qmail). The errors are coming from
>>> *some* destination mailservers who apparently try to look the domain
>>> up
>>> in their DNS and can't find it, or can't find the record type they're
>>> looking for. I've got both an "IN A" and "MX" for that domain,
>>> which is
>>> what confuses me.
>>>
>>> 98-99% of my outgoing mail arrives where it's going just fine, but
>>> there
>>> are some domains it fails for with the above error. I'm assuming
>>> this
>>> is due to a BIND configuration error on my end.
>>>
>>
>