Re: Mysterious Email Problems

[GREGORY SCHAFFER <schaffer () MTSU EDU>]

> What "may" be happening is that the DNS software on the server
> that is supposed to be answering the rdns queries is locking up
> or crashing...in which case the .edu server would default to the
> isp or some other DNS server listed as backup, now the other
> DNS servers and ISP will not have the necessary intranet info's.

If the server is locking up or crashing that should be evident in that
server's logs.  But as Greg from PCC states, he can have a client send
a message and do an nslookupo at the same time *from the client* and
get the domain rejection.  I'd suggest having the test run again but
this time doing the nslookup from the sender(s) mail server.  The
recent flood of SoBig.F was enough to cause mail performance problems
for us, and I suspect it could impact the mail server's ability to do
reverse lookups.
> Also what can happen if the DNS server is loaded too heavily
> is that it will queue it's queries and then the remote mail server
> will possibly have passed it's allotted "response" period or ttl
> (time to live) for a reply to its rdns request.
This confused me at first because of the use of "ttl".  A DNS ttl tells
how long to cache the dns entry.  Presumably those trying to mail PCC
and experiencing problems have clients and mail server pointing to the
same DNS server at "anywhere.univ.edu", so since PCC has already run
simultaneois mail send and dns lookups on the MX record, the dns ttl
issue isn't a factor.

Now, perhaps the MAIL server is too overloaded and can't query
anywhere.univ.edu's DNS server. Again, the proper test is to send a
message and do a lookup from the mail server at anywhere.univ.edu.

> Both of those and many other issues have been tended to in
> our commercial DNS server software.  One site license will
> serve for all units on a campus (inclusive of server and clients).
> (configurations compatible with basic bind syntax)

Been using BIND for over ten years, never have had a performance or
security problem.  I *do* believe it is important in your DNS structure
to use differnet OS's and packages though for your primary and
secondaries.  But while Windows DNS is easier to configure, I would not
suggest using it as your primary.  And while I believe in good old
capitalism, why buy a DNS product when BIND as open source works so
well??!!

Greg

> http://ntcanuck.com/tq/  Tips & Tweaks
> http://ntcanuck.com/net/board/index.php
> news://news.grc.com/grc.techtalk.dns.bind_pe_beta
>
>
>
> ---------------------------
> Best regards,
> R Vaughn
> Professor
> Information Systems
> off :(254) 710 4756
> fax :(254) 710 1091
> dept:(254) 710 2258
> mailto:Randy_Vaughn () Baylor edu
>
>
> Friday, September 12, 2003, 7:51:04 PM, you wrote:
>
> > Wow, I thought we were alone.  We have some cases where the
> > mail doesn't deliver from some locations, and in some cases
> > it comes days late.  We've tried working this out with our
> > vendor and the organizations involved.
>
> > Technically we believe the problem is as follows:  The MX
> > record of the destination domain is not present in the
> > default DNS query, therefore, our mail server does not see a
> > legitimate destination mail system and causes the failure
> > reported.  In some cases the primary entry isn't processed
> > because it is not "valid" but several days later a secondary
> > entry will work.  We've been exploring the following items:
> > (1)  When we moved from BIND to Windows DNS in December of
> > 2002, did the "query mechanism" change?  (2)  Are the
> > differences between the registration records for the sites
> > that work and the sites that don't work significant to the
> > problem we are experiencing - but that doesn't pan out.  We
> > note here that several of the places with email disruption
> > are medical facilities - hospitals in particular.  Are they
> > doing something different?
>
> > Theresa Rowe
>
> > ---- Original message ----
> > > Date: Fri, 12 Sep 2003 16:29:32 -0700
> > > From: gmalone <gmalone () PCC EDU>
> > > Subject: [SECURITY] Mysterious Email Problems
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > >
> > > Hello Group,
> > >
> > > Over the last two or three months, Portland Community
> > College (PCC) has had
> > > mysterious email problems related to receiving incoming
> > email messages.  A
> > > college or vendor will send an email message to an
> > individual at PCC and
> > > sometimes it will go through and sometimes it won't.  We
> > have worked with
> > > two vendors and two universities to try and determine the
> > root cause of the
> > > problems.  It appears that when the sending email server
> > sends a reverse
> > > look-up for our domain it can find it sometimes and other
> > times it
> > > can't.  We have checked and rechecked our external DNS
> > records.  We have
> > > even had IT staff at the sending institution perform DNS
> > look-ups at the
> > > same time a message is sent.   We have found cases where the
> > DNS look-up
> > > will work but the email will be rejected because our domain
> > is
> > > unknown.   I've been told that both of the universities we
> > are working with
> > > have similar intermittent problems.
> > >
> > > We have heard and discussed several theories such as the
> > Spam software may
> > > be casing the problem, or the need for a second
> > authoritative DNS server
> > > out side PCC, and even the possibility that the virus
> > problem may be
> > > causing this by flooding segments of the Internet
> > periodically.  I'll admit
> > > that this is not my area of expertise and all these worms
> > and viruses have
> > > caused us all to second guess our fundamental strategies.  I
> > like to find
> > > out if this is an issue unique to PCC so I can decide what
> > actions to take
> > > next.  Are there other colleges or universities out there
> > who have been
> > > experiencing problems like this?   If so were you able to
> > determine the
> > > root cause? Thanks.
> > >
> > > Greg
> > >
> > >
> > >
> > > =============================================================
> > ==============
> > > Greg Malone
> > > Portland Community College
> > > Manager, Technical Services
> > > Sylvania Campus CC219
> > > 12000 SW 49th Ave
> > > Portland, OR  97280-0990
> > > email:  gmalone () pcc edu
> > > Phone:  (503) 977-4390
> > > Fax:  (503) 977-4390
> > > =============================================================
> > ==============
> > > **********
> > > Participation and subscription information for this EDUCAUSE
> > Discussion Group discussion list can be found at
> > http://www.educause.edu/cg/.
> > Theresa Rowe
> > Assistant Vice President
> > University Technology Services
> > www.oakland.edu/uts - the latest news from University Technology
Services
> > **********
> > Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.
> **********
> Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
>

---------------------------------
Greg Schaffer
Director of Network Services
Information Technology Division
Middle Tennessee State University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.