Hi Hector,
At 11:18 25-11-2005, Hector Santos wrote:
This week, I ran across a particular new customer setup with an email domain
that he hadn't created a MX record yet. He was using a sub domain,
db.usinterlink.com.
The host resolves. It's valid as there is an A record.
Of course, the SMTP client should:
- Do a MX query
- if none result, do a A record query
The problem is that I found while some other DNS servers return NOERROR, my
DNS server returned SERVFAIL to the MX query.
SERVFAIL is returned if the DNS server cannot process the query.
Here is what I found on the net as four different answers:
1) SendMail Configuration/New Behavior
http://www.brandonhutchinson.com/host_map__lookup_(domain)__deferred.html
However, if the A or MX record lookup for the domain returns a
"SERVFAIL," Sendmail will queue the message, believing it has
encountered a transient DNS problem. For example, if a domain has a
valid A record but returns a "SERVFAIL" when queried for an MX record
(instead of "NOERROR" with an empty answer section), Sendmail will
queue the message. You should contact the remote name server
administrator in order to fix these problems."
SERVFAIL is a treated as a temporary failure. There may be a problem
with the authoritative servers or the DNS server which is being
queried. Previously, sendmail did not enforce these DNS checks.
2) Use Multiple DNS server.
That's not really a solution as you can still get SERVFAIL in some
cases. The best practice however is to have more than one
authoritative DNS server for redundancy. They should have diverse
paths. Each DNS is in a different geographical location.
3) Lame Delegation
I saw other comments pointing it to be mostly a DNS configuration issue,
Lame Delegation?
That's a different issue. You should only list DNS servers which are
authoritative for the domain.
4) Ignore SERVFAIL?
Some just said that the SMTP client should be looking at SERVFAIL as a
NXDOMAIN, etc.
No, see above. You may lose mail if you rejected based on DNS failures.
I have a second DNS server so the result was found at my secondary UUNET
server. But in general, I am trying to see why I got the SERVFAIL error in
the first place and in general for customers who might just have 1 DNS
server, how a SERVFAIL should be handled. We are querying it. So it not a
matter of lost mail.
Query the authoritative servers and see whether you get a
SERVFAIL. If you don't, flush the cache and query your DNS
server. BTW, truncated DNS replies can cause
SERVFAIL. Misconfigured firewalls can also affect DNS responses.
Regards,
-sm