Thanks Ned. Excellent info and insight.
I do have a few follow-up questions related this:
2) Use Multiple DNS server.
An IBM solution was to suggest to make sure you have
additional DNS servers to query.
Well, sure. Having at least one secondary DNS server is pretty much
essential,
and they need to be geographically separate. I note in passing that
interlink.com has two servers and they appear to be on separate networks.
ns5.ecsecure.com. [208.56.100.1] [TTL=86400]
ns6.ecsecure.com. [216.147.1.227] [TTL=86400]
One of the confusing issues about this, and no doubt probably a
misunderstanding on my part, is related to having multiple DNS servers vs
Primary DNS recursion lookups.
How do I best ask this because again, I am not a DNS admin or a server
expert.
I guess the question is, can the same results be expected with:
1) A server with multiple uplinks, versus
2) Multiple Server list
I guess your statement above about having geographically separate servers
makes all this work better to increase the odds of getting result.
But it was my impression that when you query a primary server, if the query
is not available in the zone and not currently cached, that the server will
query its uplinks. No?
You see, for my company SMTP server, I have:
208.247.131.10
198.6.1.2
208.247.131.10 is where I have my ns.santronics.com primary DNS server, and
I have as forwarders the UUNET servers:
198.6.1.2
198.6.1.3
I had the impression this provided the uplink queries when the primary did
not have the information.
I just happen to see this SERVFAIL fail when I was testing this customer's
db.usinterlink.com MX record against 208.247.131.10 via Window's
NSLOOKUP.EXE.
I was assisting him remotely from home and didn't see this SERVFAIL against
the bellsouth.net server:
NSLOOKUP -query=mx -debug db.usinterlink.com ns.santronics.com
NSLOOKUP -query=mx -debug db.usinterlink.com dns.msy.bellsouth.net
First one returns SERVFAIL, second one NOERROR.
I was able to send him a test message because the SMTP server was finally
able to get to the second unnet server, and thus fallback to a successful A
record result.
But the situation got me wondering what was wrong or different between the
two, and also what if I or other customers didn't have a second DNS server
setup for SMTP, if its something to worry about.
4) Ignore SERVFAIL?
Some just said that the SMTP client should be looking at SERVFAIL as a
NXDOMAIN, etc.
Bad idea IMO. Configuration glitches happen, and when they do you
don't want to bounce mail to the domain unnecessarily. Most of the
time these problems get fixed and the mail goes on through with
only a small delay.
I agree. I was wondering, and now realize that its probably wrong to jump
the gun with this, if it would make sense to do a A record lookup for a
SERVFAIL.
As long as its configuration related and the message is being requeued, its
all good then.
Thanks Ned
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com