[bdNOG] Yahoo Mail can't communicate with my domain servers

Suman Kumar Saha suman at amberit.com.bd
Wed Dec 23 17:13:52 BDT 2015


btraccl.net NS not answered to query from UK though I can reach your NS
from UK . And I can get answer from BD.Hopefully the dig output will
help you to find the solution.It may happen if you use multiple zone
file for different IP block. 


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> +trace
btraccl.net MX
;; global options: +cmd
. 3599955 IN NS k.root-servers.net.
. 3599955 IN NS c.root-servers.net.
. 3599955 IN NS m.root-servers.net.
. 3599955 IN NS j.root-servers.net.
. 3599955 IN NS h.root-servers.net.
. 3599955 IN NS e.root-servers.net.
. 3599955 IN NS f.root-servers.net.
. 3599955 IN NS l.root-servers.net.
. 3599955 IN NS g.root-servers.net.
. 3599955 IN NS a.root-servers.net.
. 3599955 IN NS d.root-servers.net.
. 3599955 IN NS i.root-servers.net.
. 3599955 IN NS b.root-servers.net.
;; Received 241 bytes from in 12 ms 

net. 172800 IN NS m.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS a.gtld-servers.net.
;; Received 486 bytes from in 62 ms 

btraccl.net. 172800 IN NS ns1.btraccl.net.
btraccl.net. 172800 IN NS ns2.btraccl.net.
;; Received 97 bytes from in 6011 ms 

;; connection timed out; no servers could be reached 


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> @ns1.btraccl.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached 


; <<>> DiG 9.8.3-P1 <<>> @ns1.btraccl.net btraccl.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3190
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available 

;btraccl.net. IN A 

btraccl.net. 14400 IN A 

btraccl.net. 86400 IN NS ns2.btraccl.net.
btraccl.net. 86400 IN NS ns1.btraccl.net. 

ns1.btraccl.net. 14400 IN A
ns2.btraccl.net. 14400 IN A 

;; Query time: 94 msec
;; WHEN: Wed Dec 23 16:03:05 2015
;; MSG SIZE rcvd: 113 



Amber IT 

On 2015-12-23 15:40, Brian Candler wrote: 

> Unfortunately the checker at dns.squish.net appears to be broken.
> Trying this manually from here (UK):
> $ dig +norec @a.root-servers.net. btraccl.net. mx
> .. referral to gtld servers
> $ dig +norec @a.gtld-servers.net. btraccl.net. mx
> btraccl.net. 172800 IN NS ns1.btraccl.net.
> btraccl.net. 172800 IN NS ns2.btraccl.net.
> ns1.btraccl.net. 172800 IN A
> ns2.btraccl.net. 172800 IN A
> Ah: so your problem is that you are not following RFC 2182 (esp. sections 3.1 to 3.3). It is almost entirely pointless having two authoritative DNS servers if they are on the same subnet, for the very reason that you have discovered: the Internet is not a fully-connected network.
> Get your secondary service on a different network, on a different backbone AS and preferably in an entirely different country.
> You may be able to find a similar-sized organisation in a different country which is happy to swap secondary DNS service with you (i.e. they act as your secondary, and vice versa). Otherwise, you can take a cheap commercial DNS service (e.g. Godaddy Premium DNS). Or, if you already have a cloud VM somewhere with a static IP (e.g. EC2 with Elastic IP) you can run your secondary DNS on that.
> Of course, if Yahoo cannot contact either of your DNS servers, and your mail server is on the same subnet (, then they're still not going to be able to send mail to you. But at least the name will be resolved, and you will get a more useful error message, and you can take up the lack of SMTP connectivity separately.
> Furthermore: if you have a remote VM under your control, you can make this a secondary MX receiver for your domain, so that people who cannot deliver mail directly to you will deliver to your secondary MX, which in turn will relay to your main mail server.
> Regards,
> Brian.
