(tulip) RE: new domain screwed

Iggy Reko rali@Tifosi.com
Sun Nov 28 03:45:17 1999


David Schwartz said:

<> > On 26 Nov 1999, Michael Harnois wrote:
<> >
<> > > The change of beowulf.gsfc.nasa.gov to beowulf.org as the sender
<> > > address for the list has screwed things mightily here, because
<> > > beowulf.org does not resolve.
<> >
<> > Yes, and a lot of Sendmail installations won't accept mail from any domain
<> > that doesn't resolve.
<> 
<> 	Are you sure that's true? You're supposed to be able to send mail to a
<> domain even if it's not connected directly to the 'net. Isn't that what MX
<> records are for? Beowulf.org has an MX record, so it's not like you don't
<> know where it's supposed to go.
<> 
<>  What if you have a mail-only domain? Why does it need an IP address?

It doesn't need an IP address per se, and the problem isn't that beowulf
has only an MX record (well, technically, SOA, NS and MX).

The problem is that the three DNS servers that the root servers tell us
to ask about beowulf.org aren't sending replies with the "auth bit" set.

Technically, these are known as "lame delegations" (ie., the next higher
level DNS servers think they are authoritative, but they themselves don't
claim to be so) and BIND servers will ignore data they get from a lame
server, so in consequence sendmail gets told the domain doesn't exist.

THe repair is to have the DNS admin at magnet.com fix the problem (I sent
him/her mail several days ago, but it _is_ the holidays in the US).

The short term fix is to either let sendmail accept mail from domains
that don't exist -- will increase the amount of spam that gets thru -- or
+temporarily+ set up a bogus zone master file on your DNS server, so your
mail server gets an authoritative answer from your local DNS server.

RL
-- 
R A Lichtensteiger       rali@tifosi.com -or- rali@world.std.com

	Holy St. Isador, preserve us from the evil of Gates!