[TriLUG] DNS Questions / Help

Rick DeNatale rick.denatale at gmail.com
Fri Mar 24 18:04:18 EST 2006


On 3/24/06, Lisa C. Boyd <leaseahb at gmail.com> wrote:
> Rick DeNatale wrote:
>  > Try connecting to port 25 with telnet and see what the initial prompt
>  > says it should be something like
>
> 220 spunkymail-a5.dreamhost.com ESMTP
>

Lisa,

Not sure what host this is.  It appears to be an internal server.

rick at frodo:~$ dig spunkymail-a5.dreamhost.com
....
;; QUESTION SECTION:
;spunkymail-a5.dreamhost.com.   IN      A

;; ANSWER SECTION:
spunkymail-a5.dreamhost.com. 13946 IN   A       10.3.41.85

It looks like your dns is publishing internal 10. addresses to the internet.

Note that I'm removing lines from the dig output for brevity.

So, assuming that we are talking about the dreamhost.com domain here,
let's see what your mx servers are:

rick at frodo:~$ dig -tMX dreamhost.com
,,,
;; QUESTION SECTION:
;dreamhost.com.                 IN      MX

;; ANSWER SECTION:
dreamhost.com.          13571   IN      MX      0 mx1.looney.mail.dreamhost.net.
dreamhost.com.          13571   IN      MX      0 mx2.looney.mail.dreamhost.net.

So those are the two mail servers that the dns checker is looking at. 
Let's see what they say:
rick at frodo:~$ telnet mx1.looney.mail.dreamhost.net 25
Trying 66.33.208.143...
Connected to mx1.looney.mail.dreamhost.net.
Escape character is '^]'.
220 legolas.dreamhost.com ESMTP
quit
221 Bye

Okay now let's see what legolas.dreamhost.com resolves to:

rick at frodo:~$ dig legolas.dreamhost.com
...
;; QUESTION SECTION:
;legolas.dreamhost.com.         IN      A

;; ANSWER SECTION:
legolas.dreamhost.com.  13706   IN      A       66.33.212.10

But telnet said that it was connecting to 66.33.208.143!!!

rick at frodo:~$ dig mx1.looney.mail.dreamhost.net

;; QUESTION SECTION:
;mx1.looney.mail.dreamhost.net. IN      A

;; ANSWER SECTION:
mx1.looney.mail.dreamhost.net. 5109 IN  A       66.33.208.143

Yep, that's what DNS says too.

So the server on mx1.looney.mail.dreamhost.net is misconfigured to
report that it is legolas.dreamhost.com  perhaps it was once but
moved.

You've got a similar problem with mx2.looney.mail.dreamhost.net
reporting that it is gollum.dreamhost.com BAD Smeagol!!!!

So if a suspicious client decides to verify the identity of your
server, he's going to be confused at best, and wary to talk to you at
worst.

It's a mail server misconfiguration problem not a DNS problem.
--
Rick DeNatale

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/



More information about the TriLUG mailing list