On 4/6/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > Bob Brennan wrote: > > On 4/6/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > >> Bob Brennan wrote: > >>> On 4/6/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > >>>> Bob Brennan wrote: > >>>>> On 4/6/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > >>>>>> Somebody has probably changed a DNS entry for theFamily.net so that > >>>>>> instead of or as well as A/MX records, there's a: > >>>>>> > >>>>>> theFamily.net. CNAME wc.funnel.revenuedirect.com.akadns.net. > >>>>>> > >>>>>> record. Sendmail properly rewrites addresses for @theFamily.net to > >>>>>> @wc.funnel.revenuedirect.com.akadns.net during the address > >>>>>> canonicalisation stage in this case. > >>>>>> > >>>>>> Paul. > >>>>> All of my DNS entries for all of my domains are managed at > >>>>> mydomain.com (literally) and I have checked that everything on their > >>>>> DNS server is correct and there are no canonical entries. The refused > >>>>> email is being delivered correctly to my own server, so their DNS > >>>>> records must be correct. > >>>>> > >>>>> However it is within my own server that things are going wrong. I do > >>>>> not have an active DNS server but use the "hosts" file instead. The > >>>>> hosts file is accurate and unchanged. > >>>>> > >>>>> As I said earlier I searched all files in /etc/ for any entries that > >>>>> might rewrite anything to or even contain the words > >>>>> wc.funnel.revenuedirect.com.akadns.net and found nothing. > >>>>> > >>>>> Is there any other information I can give or look for that might help > >>>>> narrow this down? Or tests I can do? Or clever magical incantation > >>>>> command lines I can try? > >>>> Try DNS lookups for your domain on your machine: > >>>> > >>>> $ dig domain.xxx mx > >>>> $ dig theFamily.net mx > >>>> > >>>> If you gave the real domain name(s) it might help too as we can see what > >>>> DNS lookups from outside your network are like. > >>>> > >>>> Paul. > >>> You are correct Paul - the dig command gives: > >>> > >>> ;; ANSWER SECTION > >>> thebrennan.net 56879 IN CNAME wc.traffic.puredns.com. > >>> wc.traffic.puredns.com 23661 IN CNAME > >>> wc.funnel.revenuedirect.com.akadns.net. > >>> wc.funnel.revenuedirect.com.akadns.net. 2 IN A 69.25.47.165 > >>> wc.funnel.revenuedirect.com.akadns.net. 2 IN A 66.150.161.58 > >>> > >>> with similar results for other domains on my server such as > >>> mi-server.net. Any ideas as to how to correct this and how it > >>> happened? > >> This is curious because I don't see these results myself. > >> > >> Try doing the "dig" commands with the trace option set: > >> > >> $ dig thebrennan.net mx +trace > >> > >> Which nameservers are you using? Your ISP's? What are their IP addresses? > >> > >> $ cat /etc/resolv.conf > >> > >> Paul. > > > > [bob@mi-server ~]$ dig thebrennan.net mx +trace > > > > ; <<>> DiG 9.2.5 <<>> thebrennan.net mx +trace > > ;; global options: printcmd > > . 180987 IN NS C.ROOT-SERVERS.NET. > > . 180987 IN NS D.ROOT-SERVERS.NET. > > . 180987 IN NS E.ROOT-SERVERS.NET. > > . 180987 IN NS F.ROOT-SERVERS.NET. > > . 180987 IN NS G.ROOT-SERVERS.NET. > > . 180987 IN NS H.ROOT-SERVERS.NET. > > . 180987 IN NS I.ROOT-SERVERS.NET. > > . 180987 IN NS J.ROOT-SERVERS.NET. > > . 180987 IN NS K.ROOT-SERVERS.NET. > > . 180987 IN NS L.ROOT-SERVERS.NET. > > . 180987 IN NS M.ROOT-SERVERS.NET. > > . 180987 IN NS A.ROOT-SERVERS.NET. > > . 180987 IN NS B.ROOT-SERVERS.NET. > > ;; Received 436 bytes from 158.152.1.58#53(158.152.1.58) in 18 ms > > > > net. 172800 IN NS A.GTLD-SERVERS.net. > > net. 172800 IN NS B.GTLD-SERVERS.net. > > net. 172800 IN NS C.GTLD-SERVERS.net. > > net. 172800 IN NS D.GTLD-SERVERS.net. > > net. 172800 IN NS E.GTLD-SERVERS.net. > > net. 172800 IN NS F.GTLD-SERVERS.net. > > net. 172800 IN NS G.GTLD-SERVERS.net. > > net. 172800 IN NS H.GTLD-SERVERS.net. > > net. 172800 IN NS I.GTLD-SERVERS.net. > > net. 172800 IN NS J.GTLD-SERVERS.net. > > net. 172800 IN NS K.GTLD-SERVERS.net. > > net. 172800 IN NS L.GTLD-SERVERS.net. > > net. 172800 IN NS M.GTLD-SERVERS.net. > > ;; Received 489 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 105 ms > > > > thebrennan.net. 172800 IN NS ns1.mydomain.com. > > thebrennan.net. 172800 IN NS ns2.mydomain.com. > > thebrennan.net. 172800 IN NS ns3.mydomain.com. > > thebrennan.net. 172800 IN NS ns4.mydomain.com. > > ;; Received 180 bytes from 192.5.6.30#53(A.GTLD-SERVERS.net) in 112 ms > > > > thebrennan.net. 2400 IN MX 0 mail.mi-server.net. > > thebrennan.net. 2400 IN MX 10 mx1.sitelutions.com. > > thebrennan.net. 2400 IN MX 20 mx2.sitelutions.com. > > thebrennan.net. 86400 IN NS ns1.mydomain.com. > > thebrennan.net. 86400 IN NS ns2.mydomain.com. > > thebrennan.net. 86400 IN NS ns3.mydomain.com. > > thebrennan.net. 86400 IN NS ns4.mydomain.com. > > ;; Received 279 bytes from 64.94.117.195#53(ns1.mydomain.com) in 170 ms > > This is the correct (and expected) response. > > > [bob@mi-server ~]$ cat /etc/resolv.conf > > ; generated by /sbin/dhclient-script > > search com > > nameserver 158.152.1.58 > > nameserver 158.152.1.43 > > [bob@mi-server ~]$ > > These are Demon's nameservers, and they're refusing access to me > (presumably because I'm not their customer, which is fair enough). > > Try asking them directly: > > $ dig @158.152.1.58 thebrennan.net mx > $ dig @158.152.1.43 thebrennan.net mx > > If those servers are returning the bogus results, I would: > > (a) complain to Demon, and > (b) run my own nameserver (you could use the caching-nameserver > package), and use that instead of the Demon ones > > Paul. Hi Paul - after many hours on the phone with Demon it is in fact CNAME entries that are on their caching nameservers and not on my authoritative server that I control. It took that long to find someone that cared enough to say "I will flush the entries for you and I am worried how someone could do that to our servers". M$ servers, I might add, and did. Thanks for your help, and mostly for not assuming it was me that screwed up but rather helped me track down the true source, or at least pass it on to Demon to figure how their own systems were compromised. Thanks again, bob