Dealing with "unexpected RCODE (SERVFAIL)"

Post by Ruben Laban
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.0.1.3#53
Mar 16 04:59:15 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.1.1.3#53
The hostname that's being tried to resolve obviously has a typo in it, users
tend to make such mistakes a lot.
In our case mx02 runs it own caching nameserver, which uses our internal
caching nameservers (10,[012].1.3) as forwarders.
Is there something I can change in the configuration of either (or both) mx02
or 10.[012].1.3 to prevent "the unexpected"?

the microsoft's nameservers are providing only A and TXT records for
hotmeil.com. They return ". IN SOA (NOERROR)" for other questions.
This is apparently invalid and causes the SERVFAIL.

seems it's time to blame microsoft.

Post by Ruben Laban
Is it safe to ignore these error completely (either in our filters or in
bind's configuration)? I'm a bit hesitant to do so, since I got the feeling
that I might miss out on actual problems occuring (other than users not being
able to spell).

you can ignore it or set up own empty version of hotemil.com. Or, fill bug
in their reporting system.

--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.

Mark Andrews

2010-03-16 12:43:19 UTC

Post by Ruben Laban
tend to make such mistakes a lot.
In our case mx02 runs it own caching nameserver, which uses our internal
caching nameservers (10,[012].1.3) as forwarders.
Is there something I can change in the configuration of either (or both) mx

Post by Ruben Laban
or 10.[012].1.3 to prevent "the unexpected"?

And the lack of a way to register a name in COM without creating a
delegation. And the lack of a way to say this domain name is not
a valid email domain.

The best thing would be for hotmeil.com to always return NXDOMAIN
and people would correct their spelling errors. Unfortunately there
is not way to register hotmeil.com without creating a delegation
and you could you have these ISP's that hijack NXDOMAIN and rewrite
it so you get a A record instead of NXDOMAIN.

So Microsoft have to supply a A record but they don't want it to
be used for email so they need to break the MX lookup so MTA's soft
fail and eventually (days later) return the email to the sender.

Mark

Post by Ruben Laban
able to spell).

you can ignore it or set up own empty version of hotemil.com. Or, fill bug
in their reporting system.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org

Matus UHLAR - fantomas

2010-03-16 13:15:39 UTC

And the lack of a way to register a name in COM without creating a
delegation. And the lack of a way to say this domain name is not
a valid email domain.

It's apparently because DNS was designed to provide records that exist, not
those that do not.

Post by Mark Andrews
The best thing would be for hotmeil.com to always return NXDOMAIN
and people would correct their spelling errors. Unfortunately there
is not way to register hotmeil.com without creating a delegation
and you could you have these ISP's that hijack NXDOMAIN and rewrite
it so you get a A record instead of NXDOMAIN.
So Microsoft have to supply a A record but they don't want it to
be used for email so they need to break the MX lookup so MTA's soft
fail and eventually (days later) return the email to the sender.

You can also register a domain and not provide any records for it (except
SOA and NS), which would be best in current situation imho.

However Microsoft decided to provide A records for hotmeil.com (and
www.hotmeil.com too), so they don't want people to fix their typos, but are
doing it themselves instead.

Yes, there could be way to define a domain that has A record but does not
provide mail service. Unluckily, in case of MX nonexistance the A is used
(as implicit zero-priority MX).

Mark Andrews

2010-03-16 22:22:16 UTC

In message <20100316090709.GC7223 at fantomas.sk>, Matus UHLAR - fantomas writ

Post by Matus UHLAR - fantomas
the microsoft's nameservers are providing only A and TXT records for
hotmeil.com. They return ". IN SOA (NOERROR)" for other questions.
This is apparently invalid and causes the SERVFAIL.
seems it's time to blame microsoft.

And the lack of a way to register a name in COM without creating a
delegation. And the lack of a way to say this domain name is not
a valid email domain.

It's apparently because DNS was designed to provide records that exist, not
those that do not.

Actually it's designed to provide records that exist *and* to tell you
when they don't exist. Reserving namespace is outside of the DNS itself.

The best thing would be for hotmeil.com to always return NXDOMAIN
and people would correct their spelling errors. Unfortunately there
is not way to register hotmeil.com without creating a delegation
and you could you have these ISP's that hijack NXDOMAIN and rewrite
it so you get a A record instead of NXDOMAIN.
So Microsoft have to supply a A record but they don't want it to
be used for email so they need to break the MX lookup so MTA's soft
fail and eventually (days later) return the email to the sender.

They are kind of forced to these days due to the abuse of the DNS by ISP's.

Post by Matus UHLAR - fantomas
Yes, there could be way to define a domain that has A record but does not
provide mail service. Unluckily, in case of MX nonexistance the A is used
(as implicit zero-priority MX).

Which is why "MX 0 ." is needed. We have it for SRV "SRV 0 0 ."
means there is no service.

Mark

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org

Matus UHLAR - fantomas

2010-03-17 07:47:06 UTC

Post by Matus UHLAR - fantomas
It's apparently because DNS was designed to provide records that exist,
not those that do not.

Actually it's designed to provide records that exist *and* to tell you
when they don't exist. Reserving namespace is outside of the DNS itself.

That's just what I've meant.

Post by Matus UHLAR - fantomas
You can also register a domain and not provide any records for it (except
SOA and NS), which would be best in current situation imho.
However Microsoft decided to provide A records for hotmeil.com (and
www.hotmeil.com too), so they don't want people to fix their typos, but
are doing it themselves instead.

They are kind of forced to these days due to the abuse of the DNS by ISP's.

kind of, but I wouldn't abuse DNS just because others do. I hope that DNSSEC
will clean the stuff a bit.

not to the OP's question: Is there currently possibility to ignore this kind
of errors, kind of marking them as "we know"?