Educause Security Discussion mailing list archives
Re: Mysterious Email Problems
From: GREGORY SCHAFFER <schaffer () MTSU EDU>
Date: Sat, 13 Sep 2003 07:44:52 -0500
What "may" be happening is that the DNS software on the server that is supposed to be answering the rdns queries is locking up or crashing...in which case the .edu server would default to the isp or some other DNS server listed as backup, now the other DNS servers and ISP will not have the necessary intranet info's.
If the server is locking up or crashing that should be evident in that server's logs. But as Greg from PCC states, he can have a client send a message and do an nslookupo at the same time *from the client* and get the domain rejection. I'd suggest having the test run again but this time doing the nslookup from the sender(s) mail server. The recent flood of SoBig.F was enough to cause mail performance problems for us, and I suspect it could impact the mail server's ability to do reverse lookups.
Also what can happen if the DNS server is loaded too heavily is that it will queue it's queries and then the remote mail server will possibly have passed it's allotted "response" period or ttl (time to live) for a reply to its rdns request.
This confused me at first because of the use of "ttl". A DNS ttl tells how long to cache the dns entry. Presumably those trying to mail PCC and experiencing problems have clients and mail server pointing to the same DNS server at "anywhere.univ.edu", so since PCC has already run simultaneois mail send and dns lookups on the MX record, the dns ttl issue isn't a factor. Now, perhaps the MAIL server is too overloaded and can't query anywhere.univ.edu's DNS server. Again, the proper test is to send a message and do a lookup from the mail server at anywhere.univ.edu.
Both of those and many other issues have been tended to in our commercial DNS server software. One site license will serve for all units on a campus (inclusive of server and clients). (configurations compatible with basic bind syntax)
Been using BIND for over ten years, never have had a performance or security problem. I *do* believe it is important in your DNS structure to use differnet OS's and packages though for your primary and secondaries. But while Windows DNS is easier to configure, I would not suggest using it as your primary. And while I believe in good old capitalism, why buy a DNS product when BIND as open source works so well??!! Greg
http://ntcanuck.com/tq/ Tips & Tweaks http://ntcanuck.com/net/board/index.php news://news.grc.com/grc.techtalk.dns.bind_pe_beta --------------------------- Best regards, R Vaughn Professor Information Systems off :(254) 710 4756 fax :(254) 710 1091 dept:(254) 710 2258 mailto:Randy_Vaughn () Baylor edu Friday, September 12, 2003, 7:51:04 PM, you wrote:Wow, I thought we were alone. We have some cases where the mail doesn't deliver from some locations, and in some cases it comes days late. We've tried working this out with our vendor and the organizations involved.Technically we believe the problem is as follows: The MX record of the destination domain is not present in the default DNS query, therefore, our mail server does not see a legitimate destination mail system and causes the failure reported. In some cases the primary entry isn't processed because it is not "valid" but several days later a secondary entry will work. We've been exploring the following items: (1) When we moved from BIND to Windows DNS in December of 2002, did the "query mechanism" change? (2) Are the differences between the registration records for the sites that work and the sites that don't work significant to the problem we are experiencing - but that doesn't pan out. We note here that several of the places with email disruption are medical facilities - hospitals in particular. Are they doing something different?Theresa Rowe---- Original message ----Date: Fri, 12 Sep 2003 16:29:32 -0700 From: gmalone <gmalone () PCC EDU> Subject: [SECURITY] Mysterious Email Problems To: SECURITY () LISTSERV EDUCAUSE EDU Hello Group, Over the last two or three months, Portland CommunityCollege (PCC) has hadmysterious email problems related to receiving incomingemail messages. Acollege or vendor will send an email message to anindividual at PCC andsometimes it will go through and sometimes it won't. Wehave worked withtwo vendors and two universities to try and determine theroot cause of theproblems. It appears that when the sending email serversends a reverselook-up for our domain it can find it sometimes and othertimes itcan't. We have checked and rechecked our external DNSrecords. We haveeven had IT staff at the sending institution perform DNSlook-ups at thesame time a message is sent. We have found cases where theDNS look-upwill work but the email will be rejected because our domainisunknown. I've been told that both of the universities weare working withhave similar intermittent problems. We have heard and discussed several theories such as theSpam software maybe casing the problem, or the need for a secondauthoritative DNS serverout side PCC, and even the possibility that the virusproblem may becausing this by flooding segments of the Internetperiodically. I'll admitthat this is not my area of expertise and all these wormsand viruses havecaused us all to second guess our fundamental strategies. Ilike to findout if this is an issue unique to PCC so I can decide whatactions to takenext. Are there other colleges or universities out therewho have beenexperiencing problems like this? If so were you able todetermine theroot cause? Thanks. Greg ===========================================================================Greg Malone Portland Community College Manager, Technical Services Sylvania Campus CC219 12000 SW 49th Ave Portland, OR 97280-0990 email: gmalone () pcc edu Phone: (503) 977-4390 Fax: (503) 977-4390 ===========================================================================********** Participation and subscription information for this EDUCAUSEDiscussion Group discussion list can be found at http://www.educause.edu/cg/. Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology
Services
********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
--------------------------------- Greg Schaffer Director of Network Services Information Technology Division Middle Tennessee State University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Mysterious Email Problems gmalone (Sep 12)
- <Possible follow-ups>
- Re: Mysterious Email Problems Theresa M Rowe (Sep 12)
- Re: Mysterious Email Problems Prof Vaughn (Sep 12)
- Re: Mysterious Email Problems GREGORY SCHAFFER (Sep 13)
- Re: Mysterious Email Problems Barros, Jacob (Sep 15)
- Re: Mysterious Email Problems Brian Kaye (Sep 15)