List Info

Thread: Problems w/local DNS & postfix
Problems w/local DNS & postfix
user name
 2006-11-26 18:34:02 
I'm running postfix 2.3.3 on NetBSD 3.0.1.  

I have the following setup:

    172.16.89.45                          172.16.89.42
       Postfix                               named

    nameserver 172.16.89.42               nameserver
172.16.89.42

Postfix complains:

    Nov 26 09:42:12 bigbox postfix/smtpd[29131]: NOQUEUE:
reject: 
	RCPT from unknown[216.240.39.3]: 450 4.1.8 <sjapostmodern.com>: 
	Sender address rejected: Domain not found; from=<sjapostmodern.com> 
	to=<newhouserockhead.com> proto=ESMTP
helo=<penguin.postmodern.com>

The domain name "postmodern.com" used to work.  At
some recent point in
time the DNS records for this address changed and it stopped
resolving. 
So I started running named (locally as above) and added an
SOA record for
postmodern (included below).  Nslookup resolves postmodern
from the local
named:

   #nslookup postmodern.com
   Server:         172.16.89.42
   Address:        172.16.89.45#53
   
   Name:   postmodern.com
   Address: 216.240.39.2

There are no differences between /etc/resolv.conf and 
/var/spool/postfix/etc/resolv.conf.

Contents of /etc/resolv.conf (both systems):

   # Created by dhclient at: Thu Nov 23 18:15:03 UTC 2006
   search rockhead.com hsd1.ca.comcast.net. comcast.net
   nameserver 172.16.89.42
   nameserver 209.128.95.1
   nameserver 68.87.76.178
   nameserver 68.87.78.130
   
I run tcpdump on every interface on the postfix machine
(172.16.89.45)

  tcpdump -i <interface>  -s 2000 -vvv port 53 | 
  grep -E '(postmodern|216.240.39.2|2.39.240.216)'

In 12 hours I have never seen a communication with any
nameserver regarding postmodern.
If I do an "nslookup postmodern.com" I do see some
communications with 172.16.89.42 regarding
postmodern.com. 

I'm confused about why postfix doesn't resolve this
correctly?  The postfix lists claim that
the resolver libraries are the problem?  

I have noticed that many legitimate addresses are not being
resolved (or even attempted)
via postfix that resolve using nslookup.

I am completely baffled by this behavior. I've included the
postconf -n output, named.conf
and the postmodern named file.  If I had a clue I would have
included other possibly
relevant information.

Where did I go wrong?

TIA,
Paul

================= postconf -n output follows
=================
alias_maps = hash:/etc/mail/aliases
canonical_maps = hash:/usr/pkg/etc/postfix/canonical
command_directory = /usr/pkg/sbin
config_directory = /usr/pkg/etc/postfix
daemon_directory = /usr/pkg/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/usr/pkg/etc/postfix/header_checks
html_directory = no
inet_interfaces = $myhostname, 209.128.91.46, 209.128.91.45,
209.128.91.44, 209.128.91.43, 209.128.91.42,
localhost.$mydomain, 172.16.89.45
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/pkg/bin/mailq
manpage_directory = /usr/pkg/man
maps_rbl_domains = spam.dnsbl.sorbs.net,                
sbl-xbl.spamhaus.org,                 dul.dnsbl.sorbs.net,  
              spam.tqmcube.com,                
relays.ordb.org,                 list.dsbl.org
masquerade_domains = wan.vpn rockhead.com,        
pimin.rockhead.com rockhead.com,         pimin.wan.vpn
rockhead.com,         bigbox.rockhead.com rockhead.com,     
   bigbox.wan.vpn rockhead.com,        
little.box.rockhead.com rockhead.com,        
little.box.wan.vpn rockhead.com
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain
mydomain = rockhead.com
myhostname = bigbox
mynetworks = 209.128.91.40/29, 127.0.0.0/8, 172.16.89.0/24
mynetworks_style = subnet
myorigin = rockhead.com
newaliases_path = /usr/pkg/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/pkg/share/doc/postfix
sample_directory = /usr/pkg/share/examples/postfix
sendmail_path = /usr/pkg/sbin/sendmail
setgid_group = maildrop
smtpd_helo_restrictions = reject_maps_rbl
smtpd_recipient_restrictions = reject_unverified_recipient, 
              reject_non_fqdn_sender,               
permit_mynetworks,                reject_unauth_destination,
               reject_unknown_recipient_domain,             
  reject_non_fqdn_recipient,               
reject_invalid_helo_hostname,               
reject_non_fqdn_helo_hostname,               
reject_unknown_sender_domain,               
reject_unauth_pipelining,               
permit_sasl_authenticated
smtpd_sender_restrictions = reject_maps_rbl
unknown_local_recipient_reject_code = 550

=============== /etc/named.conf ======================
# $NetBSD: named.conf,v 1.2.2.1 2005/09/04 19:57:50 tron Exp
$

# boot file for secondary name server
# Note that there should be one primary entry for each SOA
record.

options {
	directory "/etc/namedb";
	allow-query { 172.16.0.0/16 ; 172.17.0.0/16 ; 172.31.0.0/16
; };
	listen-on port 53 { 172.16.89.42 ; };
};
#
zone "postmodern.com" {
   type master;
   notify no;
   file "postmodern.com";
};
#
zone "39.240.216.IN-ADDR.ARPA" {
   type master;
   notify no;
   file "2.39.240.216";
};
#
zone "wan.vpn" {
   type master;
   notify no;
   file "wan.vpn";
};
#
zone "16.172.IN-ADDR.ARPA" {
   type master;
   notify no;
   file "16.172";
};
#
zone "17.172.IN-ADDR.ARPA" {
   type master;
   notify no;
   file "17.172";
};
#
zone "31.172.IN-ADDR.ARPA" {
   type master;
   notify no;
   file "31.172";
};
#
zone "localhost" {
	type master;
	file "localhost";
};
#
zone "127.IN-ADDR.ARPA" {
	type master;
	file "127";
};
#
zone "." {
	type hint;
	file "root.cache";
};
#
#zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.ip6.int" {
#	type master;
#	file "loopback.v6";
#};
#
#zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.ip6.arpa" {
#	type master;
#	file "loopback.v6";
#};

# example secondary server config:
#
# zone "Berkeley.EDU" {
# 	type slave;
# 	file "berkeley.edu.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type slave;
# 	file "128.32.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };
#
# example secondary server config:
#
# zone "rockhead.com" {
# 	type slave;
# 	file "rockhead.com.cache";
# 	masters {
# 		209.128.95.1;
# 		209.128.95.2;
# 	};
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type slave;
# 	file "209.128.91.40.cache";
# 	masters {
# 		209.128.95.1;
# 		209.128.95.2;
# 	};
# };

# example primary server config:
# 
# zone "Berkeley.EDU" {
# 	type master;
# 	file "berkeley.edu";
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type master;
# 	file "128.32";
# };

===================== /etc/namedb/postmodern.com
===============
$TTL    3600
    
         IN SOA  pimin.wan.vpn. root.rockhead.com. (
                        28      ; serial 11/23/2006
                        8H      ; refresh
                        2H      ; retry
                        1W      ; expire
                        1D )    ; minimum seconds
                IN NS   172.16.89.42.
                IN MX   10       penguin.postmodern.com.   ;
primary mail server
                IN MX   20       mxrelay.idiom.com.        ;
secondary mail server
                        IN A     216.240.39.2
www                     IN CNAME postmodern.com.
penguin                 IN CNAME postmodern.com.
server.postmodern.com.  IN A     216.240.39.3
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )