DevHeads.net

Strange issue

Mail service is working except for delivery to a single host, which is
reporting a strange error:

postfix/smtp[13722]: 629D7A7DF9: to=< ... at kpbsd dot k12.ak.us>,
relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
(Host or domain name not found. Name service error for
name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)

root:# host kpbsd.k12.ak.us
kpbsd.k12.ak.us has address 74.123.240.28
kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.

root:# host mx4.kpbsd.k12.ak.us
mx4.kpbsd.k12.ak.us has address 74.123.240.23

Any help is appreciated!

Comments

Re: Strange issue

By Viktor Dukhovni at 11/06/2018 - 14:55

There is no evidence of systemic DNS issues with that domain:

<a href="http://dnsviz.net/d/kpbsd.k12.ak.us/dnssec/" title="http://dnsviz.net/d/kpbsd.k12.ak.us/dnssec/">http://dnsviz.net/d/kpbsd.k12.ak.us/dnssec/</a>

This looks like an issue at the OP's local resolver. Perhaps
flushing the cache will help. This assumes there's no dedicated
transport for this domain, with its master.cf entry specifying
chroot, while other domains use a non-chroot transport.

Re: Strange issue

By Wietse Venema at 11/06/2018 - 13:04

Some DNS server replied to the MX request, with a list of
servers that include mx4.kpbsd.k12.ak.us.

Some DNS server replied to the MX request, with a list of
servers that does not include mx4.kpbsd.k12.ak.us.

$ host -t ns kpbsd.k12.ak.us
kpbsd.k12.ak.us name server ns1.acsalaska.net.
kpbsd.k12.ak.us name server xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us name server ns2.acsalaska.net.
$ host -t mx kpbsd.k12.ak.us ns1.acsalaska.net.
Using domain server:
Name: ns1.acsalaska.net.
Address: 204.17.139.1#53
Aliases:

kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
$ host -t mx kpbsd.k12.ak.us ns2.acsalaska.net.
Using domain server:
Name: ns2.acsalaska.net.
Address: 209.112.128.1#53
Aliases:

kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.

Wietse

Re: Strange issue

By Wietse Venema at 11/06/2018 - 13:53

Wietse Venema:
Sorry, I missed that it was listed in the response.

$ host mx4.kpbsd.k12.ak.us xdns.kpbsd.k12.ak.us.
Using domain server:
Name: xdns.kpbsd.k12.ak.us.
Address: 74.123.240.3#53
Aliases:

mx4.kpbsd.k12.ak.us has address 74.123.240.23

This took a several seconds to respond to my
query from NY state. Not sure what is going on.

Wietse

RE: Strange issue

By Kevin Miller at 11/06/2018 - 14:35

Doing a couple of quick "digs" on the MX records, I noticed that in the "ADDITIONAL SECTION" that the ACS servers report more hosts than the kpbsd.k12.ak.us entry. Do you have access to that DNS server? I suspect the SOA may be a bit off from the others. I presume that one of the three is your "master" and the other two are slaves? I'd make sure they're all in sync and all name servers are listed in the SOA. Also, ask ACS tech support to add glue records for your servers. That could explain some of the latency.

Run the report at https://www.dnsstuff.com/tools#dnsReport|type=domain&&value=kpbsd.k12.ak.us and fix the things it notes.

mkm@mis-mkm-lnx:~$ dig MX kpbsd.k12.ak.us @xdns.kpbsd.k12.ak.us

; <<>> DiG 9.10.3-P4-Debian <<>> MX kpbsd.k12.ak.us @xdns.kpbsd.k12.ak.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41461
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kpbsd.k12.ak.us. IN MX

;; ANSWER SECTION:
kpbsd.k12.ak.us. 300 IN MX 10 mx1.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN MX 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN MX 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN MX 30 mx3.kpbsd.k12.ak.us.

;; AUTHORITY SECTION:
kpbsd.k12.ak.us. 300 IN NS ns1.acsalaska.net.
kpbsd.k12.ak.us. 300 IN NS xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN NS ns2.acsalaska.net.

;; ADDITIONAL SECTION:
mx1.kpbsd.k12.ak.us. 300 IN A 74.123.240.23
mail-gw.kpbsd.k12.ak.us. 300 IN A 74.123.240.22
mx3.kpbsd.k12.ak.us. 300 IN A 74.123.240.23
mx4.kpbsd.k12.ak.us. 300 IN A 74.123.240.23
xdns.kpbsd.k12.ak.us. 300 IN A 74.123.240.3

;; Query time: 20 msec
;; SERVER: 74.123.240.3#53(74.123.240.3)
;; WHEN: Tue Nov 06 09:24:49 AKST 2018
;; MSG SIZE rcvd: 276

mkm@mis-mkm-lnx:~$
mkm@mis-mkm-lnx:~$
mkm@mis-mkm-lnx:~$ dig MX kpbsd.k12.ak.us @ns2.acsalaska.neT

; <<>> DiG 9.10.3-P4-Debian <<>> MX kpbsd.k12.ak.us @ns2.acsalaska.neT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55133
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 8
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kpbsd.k12.ak.us. IN MX

;; ANSWER SECTION:
kpbsd.k12.ak.us. 300 IN MX 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN MX 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN MX 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN MX 10 mx1.kpbsd.k12.ak.us.

;; AUTHORITY SECTION:
kpbsd.k12.ak.us. 300 IN NS ns1.acsalaska.net.
kpbsd.k12.ak.us. 300 IN NS xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us. 300 IN NS ns2.acsalaska.net.

;; ADDITIONAL SECTION:
mx1.kpbsd.k12.ak.us. 300 IN A 74.123.240.23
mail-gw.kpbsd.k12.ak.us. 300 IN A 74.123.240.22
mx3.kpbsd.k12.ak.us. 300 IN A 74.123.240.23
mx4.kpbsd.k12.ak.us. 300 IN A 74.123.240.23
ns1.acsalaska.net. 600 IN A 204.17.139.1
ns2.acsalaska.net. 600 IN A 209.112.128.1
xdns.kpbsd.k12.ak.us. 300 IN A 74.123.240.3

;; Query time: 118 msec
;; SERVER: 209.112.128.1#53(209.112.128.1)
;; WHEN: Tue Nov 06 09:25:00 AKST 2018
;; MSG SIZE rcvd: 308

...Kevin

RE: Strange issue

By Kevin Miller at 11/06/2018 - 13:51

I didn't see the errors Wietse did, but when I ran your domain through the report at <a href="http://www.dnsstuff.com" title="www.dnsstuff.com">www.dnsstuff.com</a> it noted this (among a few other minor things):
transitioning domain of kpbsd.k12.ak.us does not designate 74.123.240.23 as permitted sender | softfail | 74.123.240.23

Need to update your SPF record...

...Kevin