[Mimedefang] NS records for a sub-domain

James E. Pratt jpratt at norwich.edu
Wed Mar 19 14:46:22 EDT 2008 

> -----Original Message-----
> From: mimedefang-bounces at lists.roaringpenguin.com [mailto:mimedefang-
> bounces at lists.roaringpenguin.com] On Behalf Of WBrown at e1b.org
> Sent: Wednesday, March 19, 2008 2:24 PM
> To: MIMEDefang,
> Subject: [Mimedefang] NS records for a sub-domain
> 
> I have a site, a school district, that is a sub-domain from our main
> domain.   We have one zone file for everything in the wnyric.org
> domain,
> including the appropriate entries for sherman.wnyric.org.  They are
> trying
> to communicate with a vendor that outsources their mail to a company
> "bluetie.com"  That company is refusing to accept mail because
> sherman.wnyric.org does not have an NS record.  wnyric.org has NS
> records
> defined.
> 
> Has anyone heard of such a requirement before?
> 

If you are referring to lack of a reverse-dns pointer record (PTR -
in.addr-arpa), yes, many sites will refuse mail without one, else they
would be deluged with spammers/bogus email... (not that we aren't
already lol) 

I'm not sure exactly what you mean when you say the host has no NS
record(s), however, looking up that address from here gives no "A"
record, which means it effectively cannot be found in the DNS. (So to
answer your question, I can't blame them. Lack of a PTR record is one
thing, .. but no "A" record at all out there is um... well.. kinda
worthless unless they whitelist your ip address on their server(s)... 

Dns... so let's dig and see what we find>


dig sherman.wnyric.org

; <<>> DiG 9.2.4 <<>> sherman.wnyric.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3680
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sherman.wnyric.org.            IN      A

;; Query time: 40 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 19 14:32:05 2008
;; MSG SIZE  rcvd: 36

 ------------------------
Oouch. No A record... :(

Question - Why don't you send your email out via your designated MX's?
- Rdns is working there it appears... :\

Show mx records for wnyric.org:
-----------------------------
dig wnyric.org mx

; <<>> DiG 9.2.4 <<>> wnyric.org mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43885
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;wnyric.org.                    IN      MX

;; ANSWER SECTION:
wnyric.org.             1600    IN      MX      10 milton3.wnyric.org.
wnyric.org.             1600    IN      MX      10 milton4.wnyric.org.
wnyric.org.             1600    IN      MX      10 milton2.wnyric.org.

;; AUTHORITY SECTION:
wnyric.org.             1120    IN      NS      ns4.wnyric.org.
wnyric.org.             1120    IN      NS      ns3.wnyric.org.

;; ADDITIONAL SECTION:
ns3.wnyric.org.         172320  IN      A       168.169.8.21
ns4.wnyric.org.         172320  IN      A       168.169.8.22

;; Query time: 61 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 19 14:35:46 2008
;; MSG SIZE  rcvd: 168


Super. So what's milton3.wnyric.org's IP?
----------------------------------

nslookup milton3.wnyric.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   milton3.wnyric.org
Address: 168.169.4.146
------------------

Ok. Is RDNS configured for this MX? (yes!)
----------------------------------
dig -x 168.169.4.146

; <<>> DiG 9.2.4 <<>> -x 168.169.4.146
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35988
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

;; QUESTION SECTION:
;146.4.169.168.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
146.4.169.168.in-addr.arpa. 86400 IN    PTR     milton3.wnyric.org.
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
;; AUTHORITY SECTION:
.                       277679  IN      NS      D.ROOT-SERVERS.NET.
.                       277679  IN      NS      E.ROOT-SERVERS.NET.
.                       277679  IN      NS      F.ROOT-SERVERS.NET.
.                       277679  IN      NS      G.ROOT-SERVERS.NET.
.                       277679  IN      NS      H.ROOT-SERVERS.NET.
.                       277679  IN      NS      I.ROOT-SERVERS.NET.
.                       277679  IN      NS      J.ROOT-SERVERS.NET.
.                       277679  IN      NS      K.ROOT-SERVERS.NET.
.                       277679  IN      NS      L.ROOT-SERVERS.NET.
.                       277679  IN      NS      M.ROOT-SERVERS.NET.
.                       277679  IN      NS      A.ROOT-SERVERS.NET.
.                       277679  IN      NS      B.ROOT-SERVERS.NET.
.                       277679  IN      NS      C.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
G.ROOT-SERVERS.NET.     602690  IN      A       192.112.36.4

;; Query time: 57 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 19 14:39:57 2008
;; MSG SIZE  rcvd: 303

----
 



Regards,
Jamie

More information about the MIMEDefang mailing list