DNS help with mx records
Ricardo Fitzgerald
Hi,
I have a problem setting up my mail server, I had followed the
tutorial DNS how to , and apparently everything worked fine, but
something must be wrong because the mail server is not working. After
careful examination I found out the problem must be in the way I
configured mx in my zone files.
Setup: linux server with 2 NICs 200.61.76.88 --> Internet and
192.168.0.1 -->Internal net win PCs.
my ermitagemontevideo.com zone is:
$TTL 3D
@ IN SOA ns.ermitagemontevideo.com. root.ermitagemontevideo.com. (
2002031806 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1 ) ; minimum
NS ns
MX 10 mail
localhost A 127.0.0.1
gw A 200.61.76.65
ns A 200.61.76.88
MX 10 mail
www CNAME ns
ftp CNAME ns
mail CNAME ns --> Here is where I´m not sure. mail is under the same
IP, but I don't know if I have to write the record as a CNAME or this
other way:
mail A 200.61.78.88
MX 10 mail
Which is the correct way ? If I have mail and ns under the same ip
200.61.76.88,
should I configure mail as CNAME or as an A record as shown above ?
Right now is configured as the first case.
Another question: linux is the gateway to the internal network, this
computer
linux A 192.168.0.1
MX 10 mail
ermitage A 192.168.0.2
MX 10 mail
facturacion A 192.168.0.3
MX 10 mail
recepcion A 192.168.0.4
MX 10 mail
telefono A 192.168.0.5
MX 10 mail
internet A 192.168.0.6
MX 10 mail
-----------------------------------------------------------------------
my 200.61.76 zone:
$TTL 3D
@ IN SOA ns.ermitagemontevideo.com. root.ermitagemontevideo.com. (
2002031806 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ) ; minimum
65 PTR gw.ermitagemontevideo.com.
88 PTR ns.ermitagemontevideo.com.
88 PTR mail.ermitagemontevideo.com. <---- I'm not sure about this!
-------------------------------------------------------------------------------
my 192.168.0 zone
$TTL 3D
@ IN SOA ns.ermitagemontevideo.com. root.ermitagemontevideo.com. (
2002031806 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ) ; minimum
1 PTR linux.ermitagemontevideo.com.
2 PTR ermitage.ermitagemontevideo.com.
3 PTR facturacion.ermitagemontevideo.com.
4 PTR recepcion.ermitagemontevideo.com.
5 PTR telefono.ermitagemontevideo.com.
6 PTR internet.ermitagemontevideo.com.
I'm using Bind 9.2
Any help will be greatly appreciated ...
Regards,
Rick
Barry Margolin
MX records are required to point to A records, not CNAME records. So you
should either change all the MX records to point to "ns", or change the
record for mail to be an A record.
However, most mail implementations are pretty tolerant of this common
mistake. If you're having problems, there's probably something else wrong
as well.
>Another question: linux is the gateway to the internal network, this
>computer
You didn't finish this question.
>-----------------------------------------------------------------------
>
>my 200.61.76 zone:
>
>$TTL 3D
>@ IN SOA ns.ermitagemontevideo.com. root.ermitagemontevideo.com. (
> 2002031806 ; serial
> 8H ; refresh
> 2H ; retry
> 4W ; expiry
> 1D ) ; minimum
>
> NS ns.ermitagemontevideo.com.
>
>65 PTR gw.ermitagemontevideo.com.
>88 PTR ns.ermitagemontevideo.com.
>88 PTR mail.ermitagemontevideo.com. <---- I'm not sure about this!
If "mail" is a CNAME record then it shouldn't appear in a PTR record. If
you use two A records, it's OK to have two PTR records, but you don't
usually need both of them, and they can cause confusion.
--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
p...@icke-reklam.ipsec.nu
Ricardo Fitzgerald <ax...@movinet.com.uy> wrote:
> Hi,
> I have a problem setting up my mail server, I had followed the
> tutorial DNS how to , and apparently everything worked fine, but
> something must be wrong because the mail server is not working. After
> careful examination I found out the problem must be in the way I
> configured mx in my zone files.
Yes, your MX has a CNAME as RHS. That illegal.
> Setup: linux server with 2 NICs 200.61.76.88 --> Internet and
> 192.168.0.1 -->Internal net win PCs.
> my ermitagemontevideo.com zone is:
> $TTL 3D
> @ IN SOA ns.ermitagemontevideo.com. root.ermitagemontevideo.com. (
> 2002031806 ; serial
> 8H ; refresh
> 2H ; retry
> 4W ; expiry
> 1 ) ; minimum
> NS ns
> MX 10 mail
> localhost A 127.0.0.1
> gw A 200.61.76.65
> ns A 200.61.76.88
> MX 10 mail
Why don't you just write :
IN MX 10 ns.ermitagemontevideo.com. ???
> -----------------------------------------------------------------------
> my 200.61.76 zone:
> NS ns.ermitagemontevideo.com.
You only need one PTR, and as 'mail' is unneeded drop it.
> -------------------------------------------------------------------------------
> my 192.168.0 zone
>
> $TTL 3D
> @ IN SOA ns.ermitagemontevideo.com. root.ermitagemontevideo.com. (
> 2002031806 ; serial
> 8H ; refresh
> 2H ; retry
> 4W ; expiry
> 1D ) ; minimum
> NS ns.ermitagemontevideo.com.
> 1 PTR linux.ermitagemontevideo.com.
> 2 PTR ermitage.ermitagemontevideo.com.
> 3 PTR facturacion.ermitagemontevideo.com.
> 4 PTR recepcion.ermitagemontevideo.com.
> 5 PTR telefono.ermitagemontevideo.com.
> 6 PTR internet.ermitagemontevideo.com.
> I'm using Bind 9.2
> Any help will be greatly appreciated ...
> Regards,
> Rick
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
Rocci
CNAME. Don't do it!!.
Your second method is better, but I'd try declaring the MX record for mail
first then the A record last, like this:
IN NS ns1.yourdomain.com.au ;your 1st name server
IN MX 10 mail ;your mail
server
ns1 IN A "your servers ip address"
mail IN A "your servers ip address"
If this doesn't work, try using the name of your DNS server directly for
mail, that is IN MX 10 ns , and see if that works, then go from there.
Hope this helps.
Rocci.
"Ricardo Fitzgerald" <ax...@movinet.com.uy> wrote in message
news:ac3j4c$61hb$1...@isrv4.isc.org...
Ricardo Fitzgerald
Hi rocci,
Thanks for replying my zone now is exactly like you told me, but I
can't reach the mail !!!
How do I know if it's working ?
I did:
# dig mx www.ermitagemontevideo.com
and got :
;; ANSWER SECTION:
www.ermitagemontevideo.com. 259200 IN CNAME ns.ermitagemontevideo.com.
ns.ermitagemontevideo.com. 259200 IN MX 10 mail.ermitagemontevideo.com.
;; AUTHORITY SECTION:
ermitagemontevideo.com. 259200 IN NS ns.ermitagemontevideo.com.
;; ADDITIONAL SECTION:
mail.ermitagemontevideo.com. 259200 IN A 200.61.76.88
ns.ermitagemontevideo.com. 259200 IN A 200.61.76.88
Does it mean it's working
?
Then why can't I connect to the mail server ?
Regards,
Rick
"Rocci" <ro...@rocknetworks.net> wrote in
message news:<ac515c$6nc8$1...@isrv4.isc.org>...
> Firstly, it is considered VERY bad practice to point an MX record to
a
> CNAME. Don't do it!!.
> Your second method is better, but I'd try declaring the MX record
for mail
> first then the A record last, like thHi rocci,
Thanks for replying my zone now is exactly like you told me, but I
can't reach the mail !!!
"Rocci" <ro...@rocknetworks.net> wrote in
message news:<ac515c$6nc8$1...@isrv4.isc.org>...
p...@icke-reklam.ipsec.nu
Ricardo Fitzgerald <ax...@movinet.com.uy> wrote:
> Hi rocci,
> Thanks for replying my zone now is exactly like you told me, but I
> can't reach the mail !!!
> How do I know if it's working ?
Is is working :
> telnet mail.ermitagemontevideo.com. 25
Trying 200.61.76.88...
Connected to mail.ermitagemontevideo.com.
Escape character is '^]'.
220 linux.ermitagemontevideo.com ESMTP Sendmail 8.11.6/8.11.6/SuSE Linux 0.5; Sun, 19 May 2002 15:54:06 -0300
helo me
250 linux.ermitagemontevideo.com Hello zap.manet.nu [62.20.110.231], pleased to
meet you
quit
221 2.0.0 linux.ermitagemontevideo.com closing connection
Connection closed by foreign host.
Ricardo Fitzgerald
hmmm, if it's working then why I'll get this: 553 5.3.5
mail.ermitagemontevideo.com. config error: mail loops back to me (MX
problem?) 554 5.3.5 Local configuration error ??? I'm using
Bind 9.2r10 my modified ermitagemontevideo.com zone (relevant parts
only): NS ns MX 10 mail
200.61.76.65 ns A 200.61.76.88
Pete Ehlke
On Sun, May 19, 2002 at 09:19:58PM -0700, Ricardo Fitzgerald wrote:
>
> hmmm, if it's working then why I'll get this: 553 5.3.5
> mail.ermitagemontevideo.com. config error: mail loops back to me (MX
> problem?) 554 5.3.5 Local configuration error ??? I'm using
This is not a BIND problem. You have not told your mail server to accept
mail for mail.ermitagemontevideo.com. A quick google search for the
string "config error: mail loops back to me" produces 11,000 results.
The answer to your question is contained in most of them ;)
-Pete
Fred Viles
<aca4cd$8uks$1...@isrv4.isc.org>:
> hmmm, if it's working then why I'll get this: 553 5.3.5
> mail.ermitagemontevideo.com. config error: mail loops back to me
> (MX problem?)
Someone addressed a message to <US...@mail.ermitagemontevideo.com>,
but your mailer is not configured to deliver mail for that domain
locally.
> 554 5.3.5 Local configuration error ??? I'm
> using Bind 9.2r10 my modified ermitagemontevideo.com zone
> (relevant parts only):
How do you know what's relevant? However, after demangling:
NS ns
MX 10 mail
localhost A 127.0.0.1
gw A 200.61.76.65
ns A 200.61.76.88
MX 10 mail
mail A 200.61.76.88
MX 10 mail
www CNAME ns
ftp CNAME ns
Looks fine from a DNS standpoint. You just have to configure your
mailserver to accept mail for the domain names you have listed it as
the MX host for.
- Fred
Ricardo Fitzgerald
Pete Ehlke <p...@ehlke.net> wrote in message news:<acanj5$95fd$1...@isrv4.isc.org>...
> This is not a BIND problem. You have not told your mail server to accept
> mail for mail.ermitagemontevideo.com. A quick google search for the
> string "config error: mail loops back to me" produces 11,000 results.
> The answer to your question is contained in most of them ;)
>
> -Pete
Hi,
This is my zone ermitamontevideo.com (latest review)
$TTL 3D
@ IN SOA ns.ermitagemontevideo.com.
root.ermitagemontevideo.com. (
2002031806 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1 ) ; minimum
NS ns
MX 10 mail.ermitagemontevideo.com.
localhost A 127.0.0.1
gw A 200.61.76.65
ns A 200.61.76.88
MX 10 mail.ermitagemontevideo.com.
mail A 200.61.76.88
MX 10 mail.ermitagemontevideo.com.
www CNAME ns
ftp CNAME ns
linux A 192.168.0.1
MX 10 mail.ermitagemontevideo.com.
ermitage A 192.168.0.2
MX 10 mail.ermitagemontevideo.com.
facturacion A 192.168.0.3
MX 10 mail.ermitagemontevideo.com.
recepcion A 192.168.0.4
MX 10 mail.ermitagemontevideo.com.
telefono A 192.168.0.5
MX 10 mail.ermitagemontevideo.com.
internet A 192.168.0.6
MX 10 mail.ermitagemontevideo.com.
Is that ok ? I'm using Bind 9.2r10.
If zone is ok then when I send a test message I got this error:
The original message was received at Mon, 20 May 2002 22:33:52 -0300
from correo.movinet.com.uy [200.40.54.13]
----- The following addresses had permanent fatal errors -----
<in...@ermitagemontevideo.com>
(expanded from: <in...@ermitagemontevideo.com>)
----- Transcript of session follows -----
554 5.0.0 MX list for mail.ermitagemontevideo.com. points back to
linux.ermitagemontevideo.com
554 5.3.5 Local configuration error
--->Is the error above caused by bind misconfig or sendmail ?
Content-Type: message/delivery-status
Reporting-MTA: dns; linux.ermitagemontevideo.com
Received-From-MTA: DNS; correo.movinet.com.uy
Arrival-Date: Mon, 20 May 2002 22:33:52 -0300
Final-Recipient: RFC822; <in...@ermitagemontevideo.com>
X-Actual-Recipient: RFC822; in...@mail.ermitagemontevideo.com
Action: failed
Status: 5.5.0
Remote-MTA: DNS; mail.ermitagemontevideo.com
Last-Attempt-Date: Mon, 20 May 2002 22:33:53 -0300
Content-Type: message/rfc822
Return-Path: <ax...@movinet.com.uy>
Received: from movinet.com.uy (correo.movinet.com.uy [200.40.54.13])
by linux.ermitagemontevideo.com (8.11.6/8.11.6/SuSE Linux 0.5)
with ESMTP id g4L1Xqa19725
for <in...@ermitagemontevideo.com>; Mon, 20 May 2002 22:33:52
-0300
Received: from datos141-190.movi.net.uy (datos141-190.movi.net.uy
[200.40.141.190])
by movinet.com.uy (8.11.6/8.11.6) with ESMTP id g4L1MRU30818
for <in...@ermitagemontevideo.com>; Mon, 20 May 2002 22:22:27
-0300
From: "Ricardo Fitzgerald" <ax...@movinet.com.uy>
Date: 19 May 102 22:30:02 +0400
Subject: Test
Message-Id: <OUT-3CE8276A...@movinet.com.uy>
To: in...@ermitagemontevideo.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: MicroDot-II/Amiga 1.4 [#00018916] - http://www.vapor.com/
Testing ...
What do you think might be a sendmail/procmail error ?
Regards,
Rick
Pete Ehlke
On Mon, May 20, 2002 at 08:38:23PM -0700, Ricardo Fitzgerald wrote:
>
> Pete Ehlke <p...@ehlke.net> wrote in message news:<acanj5$95fd$1...@isrv4.isc.org>...
> > mail for mail.ermitagemontevideo.com. A quick google search for the
> > string "config error: mail loops back to me" produces 11,000 results.
> > The answer to your question is contained in most of them ;)
> >
> > -Pete
>
> @ IN SOA ns.ermitagemontevideo.com.
> root.ermitagemontevideo.com. (
> 2002031806 ; serial
> 8H ; refresh
> 2H ; retry
> 4W ; expiry
> 1 ) ; minimum
>
> NS ns
>
> localhost A 127.0.0.1
>
>
> gw A 200.61.76.65
>
>
> ns A 200.61.76.88
> ftp CNAME ns
>
> MX 10 mail.ermitagemontevideo.com.
>
> ermitage A 192.168.0.2
> MX 10 mail.ermitagemontevideo.com.
>
> facturacion A 192.168.0.3
> MX 10 mail.ermitagemontevideo.com.
>
> recepcion A 192.168.0.4
> MX 10 mail.ermitagemontevideo.com.
>
> telefono A 192.168.0.5
> MX 10 mail.ermitagemontevideo.com.
>
> internet A 192.168.0.6
> MX 10 mail.ermitagemontevideo.com.
> Is that ok ? I'm using Bind 9.2r10.
> If zone is ok then when I send a test message I got this error:
>
> The original message was received at Mon, 20 May 2002 22:33:52 -0300
> from correo.movinet.com.uy [200.40.54.13]
> ----- The following addresses had permanent fatal errors -----
> <in...@ermitagemontevideo.com>
> (expanded from: <in...@ermitagemontevideo.com>)
>
> ----- Transcript of session follows -----
>
> 554 5.0.0 MX list for mail.ermitagemontevideo.com. points back to
> linux.ermitagemontevideo.com
>
>
It's caused by a sendmail misconfiguration. You must tell
mail.ermitagemontevideo.com that it should accept mail for each host and
domain that you list it as an MX for.
I do note that you have the address of linux.ermitagemontevideo.com in
rfc1918 space, but your machine mail.ermitagemontevideo.com thinks its
name is linux.ermitagemontevideo.com.
-Pete
those who know me have no need of my name
<acci1l$a6ub$1...@isrv4.isc.org> divulged:
>Is that ok ? I'm using Bind 9.2r10.
as an aside: do you mean release candidate 10? you might want to upgrade
to 9.2.1.
what does named-checkzone say about your zone file? are there any errors
in your log files when you load the zone into your server, or when you make
queries? these are your main indicators, and far more `interactive' than
writing to this group / list. that said, yes there are some problems:
- you only list a single nameserver in the zone -- there should be at least
two. and they should match the zone's registration, which does list two.
- neither of the nameservers listed in the gtld registration are responding
for the zone (ermitagemontevideo.com).
- the zone is not delegated from the gtld root, as such only people using
your nameserver directly (almost nobody) will be able to resolve names.
- rfc-1918 addresses don't belong in a public zone.
- it's unnecessary to have an mx and an a for your mail server, since it
just points to itself.
- you have mx records attached to most of the names within the zone; don't
forget to configure your mta to handle mail for all those names (and fqdn's).
>If zone is ok then when I send a test message I got this error:
>554 5.0.0 MX list for mail.ermitagemontevideo.com. points back to
>linux.ermitagemontevideo.com
>554 5.3.5 Local configuration error
this is an error in your mta (sendmail) configuration.
--
bringing you boring signatures for 17 years
Mark_A...@isc.org
> - it's unnecessary to have an mx and an a for your mail server, since it
> just points to itself.
But it is good practice to have it as not all nameservers cache
negative response. It also reduce the number of queries that
have to be made ever with negative caching.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.A...@isc.org
Ricardo Fitzgerald
Thank you all for your responses they are all welcome,critics
included, if I post here is because I've done extense searching and
reading and couldn't find a solution, or I'm still not sure if what I
did it's ok, sorry if I bother some of you.
> It's caused by a sendmail misconfiguration. You must tell
> mail.ermitagemontevideo.com that it should accept mail for each host and
> domain that you list it as an MX for.
I already fix that even though I can't reach my pop mail server
mail.ermitagemontevideo.com.
> I do note that you have the address of linux.ermitagemontevideo.com in
> rfc1918 space, but your machine mail.ermitagemontevideo.com thinks its
> name is linux.ermitagemontevideo.com.
>
>>>>> That is one of one of the things I'm really not sure, if I have
2 NICs, and my host is named linux, my ISP gave me the public address
200.61.76.88 (eth0) I used the IP for the nameserver (ns) and I have
my gateway to the internal network 192.168.0.1 (linux), is it correct
to use it that way ?
and mail.ermitagemontevideo.com >>> should point to 200.61.76.88 ?
Anyway my mail is now distributed but some wierd thing mail from two
external accounts and from another mail server instead of going to the
local user I assigned them, do the other way ...
Regards,
Rick