[bdNOG] Yahoo Mail can't communicate with my domain servers
brian at nsrc.org
Wed Dec 23 15:40:48 BDT 2015
Unfortunately the checker at dns.squish.net appears to be broken.
Trying this manually from here (UK):
$ dig +norec @a.root-servers.net. btraccl.net. mx
.. referral to gtld servers
$ dig +norec @a.gtld-servers.net. btraccl.net. mx
;; AUTHORITY SECTION:
btraccl.net. 172800 IN NS ns1.btraccl.net.
btraccl.net. 172800 IN NS ns2.btraccl.net.
;; ADDITIONAL SECTION:
ns1.btraccl.net. 172800 IN A 220.127.116.11
ns2.btraccl.net. 172800 IN A 18.104.22.168
Ah: so your problem is that you are not following RFC 2182 (esp.
sections 3.1 to 3.3). It is almost entirely pointless having two
authoritative DNS servers if they are on the same subnet, for the very
reason that you have discovered: the Internet is not a fully-connected
Get your secondary service on a different network, on a different
backbone AS and preferably in an entirely different country.
You may be able to find a similar-sized organisation in a different
country which is happy to swap secondary DNS service with you (i.e. they
act as your secondary, and vice versa). Otherwise, you can take a cheap
commercial DNS service (e.g. Godaddy Premium DNS). Or, if you already
have a cloud VM somewhere with a static IP (e.g. EC2 with Elastic IP)
you can run your secondary DNS on that.
Of course, if Yahoo cannot contact either of your DNS servers, and your
mail server is on the same subnet (22.214.171.124), then they're still
not going to be able to send mail to you. But at least the name will be
resolved, and you will get a more useful error message, and you can take
up the lack of SMTP connectivity separately.
Furthermore: if you have a remote VM under your control, you can make
this a secondary MX receiver for your domain, so that people who cannot
deliver mail directly to you will deliver to your secondary MX, which in
turn will relay to your main mail server.
More information about the nog