[GTALUG] Need help with DNS Nameservers

D. Hugh Redelmeier hugh at mimosa.com
Thu Nov 3 14:39:34 EDT 2016


| From: Alvin Starr via talk <talk at gtalug.org>

1) Alvin is right.


| On 11/02/2016 01:35 PM, David Mason via talk wrote:
| > I have a domain for my family email (and other things) mason-rose.ca
| > <http://mason-rose.ca>
| >
| > The DNS is on a machine that is currently unstable (meaning I can't
| > physically access it for 2 weeks, I can't ssh in, and it can't be blown
| > away).

[Don't rely on everything I say -- I haven't checked it carefully.]

The DNS servers for mason-rose.ca are:
  sarg.ryerson.ca (141.117.18.116)
  ns.mason-rose.ca (135.23.243.200).

Both answer pings.

Only ns.mason-rose.ca seems to have sshd running.
It could be that a ryerson firewall is blocking ssh for sarg.

In any case, DNS seems to be working (I didn't check that both were
working, only that something was working).

The MX records point to
  sarg.ryerson.ca (141.117.18.116)
  mail.mason-rose.ca (135.23.243.200)
Same machines, different names.

Neither machine responds to a telnet to port 25 (unless I'm doing
something wrong).  Nothing responds on 141.117.18.116 but some
firewall rule is blocking 135.23.243.200.  Actually, both could be
firewall rules but thee first would be "DROP" and the second would be
"DENY".

141/8 is administered by RIPE NCC.  So sarg isn't supposed to be in
North America.  But whois says that 141.116.0.0 - 141.129.255.255 is
a non RIPE NCC managed block.  Sarg seems to be in Ryerson somewhere.
It has no entry in the reverse DNS.

135.23.242.0/23 is allocated to teksavvy. Whois says that the network
name is "Cable - Pine Ridge(Oshawa)".  I didn't think that one could
get a static address from Teksavvy if your last mile was cable.  Hmm.
The actual reverse on 135.23.243.200 yields
135-23-243-200.cpe.pppoe.ca. which sounds like it would be DSL.

I wonder if teksavvy added a rule blocking port 25.  That's kind of
standard practice.  You can ask them to remove it.  They will get mad
if you then start relaying spam.

Where are these machines and who can physically access them?

My impression is that MTAs kind of want servers to have reverse domain
entries that match the name in the MX record.

| >  Foolishly, both of the required DNS namesevers point to the same
| > machine.

I'm not sure what you mean here.  You have two distinct machines.
Each machine is a DNS and mail server.


More information about the talk mailing list