Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AOL has hard time resolving to us.

1 view
Skip to first unread message

Cinense, Mark

unread,
Nov 9, 2001, 12:05:28 PM11/9/01
to

The problem is we can't deliver mail to AOL. Mail returns with a "503 Bad
command sequence" error. When you connect to one of AOL's mail servers on
port 25 it takes a long time (1.5 minutes) for the 220 response to come back
from that server, then when you put in ehlo and the domain name it returns
"peer name unknown" and then the 250 response. The final mail error when
doing it this way and waiting for all the responses from AOL's mail server
is "Service not available, Temporary DNS failure". AOL says that they cannot
resolve our domain name. We put a sniffer on the traffic coming in to our
domain and we see lots of packets from port 53 on one of AOL's DNS servers
destined for our DNS server on port 53, but the router that connects us to
our service provider is returning the packets saying "Time to live
expiring", "Time to live expired". The TTL in the IP packet is indeed 1 at
that router according to the sniffer. We routed our traffic through a
different service provider that had a different route and what looked like a
2 hop shorter hop count to AOL and still had the same results at the same
place. The mail has worked for brief periods during this outage, but we have
no idea what was different. Around the time the outage started we had a 12
hour DNS service disruption due to a bad record in the zone file, but that
has been fixed for approximately 3 weeks now. Other ISP's/organizations seem
to have no problem resolving our name. AOL has been able to deliver mail to
us, although there have been some reports of mail from AOL users failing.

$ telnet mailin-01.mx.aol.com 25
Trying 64.12.136.57...
Connected to mailin-01.mx.aol.com.
Escape character is '^]'.
220-rly-xa04.mx.aol.com ESMTP mail_relay_in-xa4.9; Fri, 09 Nov 2001 10:57:59
-0500
220-America Online (AOL) and its affiliated companies do not
220- authorize the use of its proprietary computers and computer
220- networks to accept, transmit, or distribute unsolicited bulk
220 e-mail sent from the internet.
ehlo sandia.gov
250-rly-xa04.mx.aol.com peer name unknown
250 HELP
Mail From: <mac...@sandia.gov <mailto:mac...@sandia.gov> >
421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE

anyone have any ideas as to why this is happening. I am trying to verify
that it is not a DNS issue, but maybe a network routing issue.

Thanks,

Mark


Len Conrad

unread,
Nov 9, 2001, 12:22:00 PM11/9/01
to

>ehlo sandia.gov
>250-rly-xa04.mx.aol.com peer name unknown
>250 HELP
>Mail From: <mac...@sandia.gov <mailto:mac...@sandia.gov> >
>421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE

look at these DNS delays:

mgw1# dig sandia.gov

; <<>> DiG 8.3 <<>> sandia.gov
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 6
;; QUERY SECTION:
;; sandia.gov, type = A, class = IN

;; ANSWER SECTION:
sandia.gov. 1H IN A 132.175.109.1

;; AUTHORITY SECTION:
sandia.gov. 1H IN NS ns1.sandia.gov.
sandia.gov. 1H IN NS ns2.sandia.gov.
sandia.gov. 1H IN NS ns3.sandia.gov.
sandia.gov. 1H IN NS ns4.sandia.gov.
sandia.gov. 1H IN NS ns5.sandia.gov.
sandia.gov. 1H IN NS ns0.sandia.gov.

;; ADDITIONAL SECTION:
ns1.sandia.gov. 1H IN A 132.175.1.3
ns2.sandia.gov. 1H IN A 132.175.249.6
ns3.sandia.gov. 1H IN A 134.253.181.25
ns4.sandia.gov. 1H IN A 134.253.16.5
ns5.sandia.gov. 1H IN A 134.253.181.115
ns0.sandia.gov. 1H IN A 132.175.249.1

;; Total query time: 4177 msec
;; FROM: mgw1.meiway.com to SERVER: default -- 212.73.210.69
;; WHEN: Fri Nov 9 18:14:42 2001
;; MSG SIZE sent: 28 rcvd: 248

mgw1# dig sandia.gov mx

; <<>> DiG 8.3 <<>> sandia.gov mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5
;; QUERY SECTION:
;; sandia.gov, type = MX, class = IN

;; ANSWER SECTION:
sandia.gov. 1H IN MX 10 mm02snlnto.sandia.gov.
sandia.gov. 1H IN MX 10 mm01snlnto.sandia.gov.

;; AUTHORITY SECTION:
sandia.gov. 1H IN NS ns0.sandia.gov.
sandia.gov. 1H IN NS ns1.sandia.gov.
sandia.gov. 1H IN NS ns2.sandia.gov.

;; ADDITIONAL SECTION:
mm01snlnto.sandia.gov. 1H IN A 132.175.109.20
mm02snlnto.sandia.gov. 1H IN A 132.175.109.21
ns0.sandia.gov. 1H IN A 132.175.249.1
ns1.sandia.gov. 1H IN A 132.175.1.3
ns2.sandia.gov. 1H IN A 132.175.249.6

;; Total query time: 3492 msec
;; FROM: mgw1.meiway.com to SERVER: default -- 212.73.210.69
;; WHEN: Fri Nov 9 18:14:55 2001
;; MSG SIZE sent: 28 rcvd: 216

... and with 3600 TTL, you're forcing DNS's to hammer through these long
delays and perhaps timeout. goto 86400.

Len


http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways


Len Conrad

unread,
Nov 9, 2001, 1:22:14 PM11/9/01
to

Errors
----------------------------------------------------------------------
o The server "nixon.llnl.gov." did not reply
The server "nixon.llnl.gov." did not reply when it was queried
for the name "sandia.gov.". This indicates that the server is not
running, or it is currently unreachable.

o The server "ns3.sandia.gov." did not reply
The server "ns3.sandia.gov." did not reply when it was queried
for the name "sandia.gov.". This indicates that the server is not
running, or it is currently unreachable.

o The server "ns4.sandia.gov." did not reply
The server "ns4.sandia.gov." did not reply when it was queried
for the name "sandia.gov.". This indicates that the server is not
running, or it is currently unreachable.

o The server "ns5.sandia.gov." did not reply
The server "ns5.sandia.gov." did not reply when it was queried
for the name "sandia.gov.". This indicates that the server is not
running, or it is currently unreachable.

o The name server "ns0.sandia.gov." is not listed in delegation data
The server "ns0.sandia.gov." is listed as being authoritative for
the zone according to the zone data, but there is no NS record for
that server in the delegation data. Delegation data and zone data
should always match.

o The primary mail server "mm02snlnto.sandia.gov." does not respond
The mail server "mm02snlnto.sandia.gov.", which is a primary mail
server for "sandia.gov.", does not seem to be working.

o Unable to verify the hostmaster address "mac...@sandia.gov".
None of the mail servers for "sandia.gov." recognized the
hostmaster address "mac...@sandia.gov".


Warnings
----------------------------------------------------------------------
o "ns0.sandia.gov." does not contain the latest version of the zone
"ns0.sandia.gov." contains an old version of the zone. The
latest version of the zone has the serial number "62073", but the
version contained at "ns0.sandia.gov." has the serial number
"60372".

0 new messages