[bdNOG] Yahoo Mail can't communicate with my domain servers
Jasim Alam
jasim21 at ymail.com
Wed Dec 23 22:44:09 BDT 2015
Thanks for you replies.
@Brain,I understand this not a proper implementation. But this setup is running from years, until this week we didn't face any similar problem . Infact another domain of ours having ns boxes in same subnet not facing any similar issue.
[root at Jasim ~]# host -t ns btraccl.combtraccl.com name server ns2.aknetbd.com.btraccl.com name server ns1.aknetbd.com.[root at Jasim ~]# host ns1.aknetbd.comns1.aknetbd.com has address 221.120.96.2[root at Jasim ~]# host ns2.aknetbd.comns2.aknetbd.com has address 221.120.96.3
https://www.whatsmydns.net/#A/btraccl.com
@Suman,No, we aren't using multiple zone files for different ip blocks.
Regards,Jasim
On Wednesday, December 23, 2015 3:40 PM, Brian Candler <brian at nsrc.org> wrote:
Unfortunately the checker at dns.squish.net appears to be broken.
Trying this manually from here (UK):
$ dig +norec @a.root-servers.net. btraccl.net. mx
.. referral to gtld servers
$ dig +norec @a.gtld-servers.net. btraccl.net. mx
;; AUTHORITY SECTION:
btraccl.net. 172800 IN NS ns1.btraccl.net.
btraccl.net. 172800 IN NS ns2.btraccl.net.
;; ADDITIONAL SECTION:
ns1.btraccl.net. 172800 IN A 103.9.185.229
ns2.btraccl.net. 172800 IN A 103.9.185.230
Ah: so your problem is that you are not following RFC 2182 (esp.
sections 3.1 to 3.3). It is almost entirely pointless having two
authoritative DNS servers if they are on the same subnet, for the very
reason that you have discovered: the Internet is not a fully-connected
network.
Get your secondary service on a different network, on a different
backbone AS and preferably in an entirely different country.
You may be able to find a similar-sized organisation in a different
country which is happy to swap secondary DNS service with you (i.e. they
act as your secondary, and vice versa). Otherwise, you can take a cheap
commercial DNS service (e.g. Godaddy Premium DNS). Or, if you already
have a cloud VM somewhere with a static IP (e.g. EC2 with Elastic IP)
you can run your secondary DNS on that.
Of course, if Yahoo cannot contact either of your DNS servers, and your
mail server is on the same subnet (103.9.185.227), then they're still
not going to be able to send mail to you. But at least the name will be
resolved, and you will get a more useful error message, and you can take
up the lack of SMTP connectivity separately.
Furthermore: if you have a remote VM under your control, you can make
this a secondary MX receiver for your domain, so that people who cannot
deliver mail directly to you will deliver to your secondary MX, which in
turn will relay to your main mail server.
Regards,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151223/a2ebc9e3/attachment-0001.html>
More information about the nog
mailing list