EFA4 DNS config problem
EFA4 DNS config problem
I setup 2 boxes and neither were passing emails.
Rejecting connections with:
Recipient address rejected: Domain not found
The domain was entered into EFA during config. Postfix config and transport files looked fine.
I thought maybe a DNS issue?
EFA4 during initial config defaulted to DNS Recursion Enabled. Not understanding the ramifications I accepted the default. It did not ask me configure DNS Servers so I left them blank.
I looked at the config for our current EFA3 production boxes and configured EFA4 DNS the same way,
DNS Recursion = disabled
Primary and Secondary = our DNS
EFA then starting bouncing with:
Sender address rejected: Domain not found;
Change but no progress. I then tried using Google DNS, EFA4 started processing mails.
Moving back to our DNS once again started rejecting emails.
So I have EFA4 processing emails using Google DNS, but I dont know why. And I dont know why the DNS setup for EFA3 does not work on EFA4
.
Rejecting connections with:
Recipient address rejected: Domain not found
The domain was entered into EFA during config. Postfix config and transport files looked fine.
I thought maybe a DNS issue?
EFA4 during initial config defaulted to DNS Recursion Enabled. Not understanding the ramifications I accepted the default. It did not ask me configure DNS Servers so I left them blank.
I looked at the config for our current EFA3 production boxes and configured EFA4 DNS the same way,
DNS Recursion = disabled
Primary and Secondary = our DNS
EFA then starting bouncing with:
Sender address rejected: Domain not found;
Change but no progress. I then tried using Google DNS, EFA4 started processing mails.
Moving back to our DNS once again started rejecting emails.
So I have EFA4 processing emails using Google DNS, but I dont know why. And I dont know why the DNS setup for EFA3 does not work on EFA4
.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA4 DNS config problem
When you configure DNS to your local dns servers, what do you have in the following configs?
/etc/resolv.conf
/etc/unbound/conf.d/forwarders.conf
and what happens when you do this?
/etc/resolv.conf
/etc/unbound/conf.d/forwarders.conf
and what happens when you do this?
Code: Select all
dig mx google.com
Re: EFA4 DNS config problem
With external DNS server 1.1.1.1
/etc/resolv.confg
# Generated by NetworkManager
search smart-mail.net
/etc/unbound/conf.d/forwarders.conf
forward-zone:
name: "."
forward-addr: 1.1.1.1
forward-addr: 4.4.4.4
[admin@EFA4Beta4 ~]$ dig mx google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mx google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43623
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN MX
;; ANSWER SECTION:
google.com. 205 IN MX 40 alt3.aspmx.l.google.com.
google.com. 205 IN MX 50 alt4.aspmx.l.google.com.
google.com. 205 IN MX 10 aspmx.l.google.com.
google.com. 205 IN MX 20 alt1.aspmx.l.google.com.
google.com. 205 IN MX 30 alt2.aspmx.l.google.com.
;; Query time: 14 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 18 12:15:30 CST 2019
;; MSG SIZE rcvd: 147
With our DNS Servers
/etc/resolv.confg
# Generated by NetworkManager
search smart-mail.net
/etc/unbound/conf.d/forwarders.conf
forward-zone:
name: "."
forward-addr: 172.22.22.15
forward-addr: 172.22.22.34
[admin@EFA4Beta4 ~]$ dig mx google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mx google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6428
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN MX
;; Query time: 57 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 18 12:00:32 CST 2019
;; MSG SIZE rcvd: 39
However when I run this on our EFA3 boxes which use our DNS they resolve the same as the external DNS servers do.
On a side note, whenever updating DNS from EFA-Configure it throws and error and kicks you back to the main menu.
Enter your new primary DNS: 1.1.1.1
sed: -e expression #1, char 13: unknown command: `C'
All done
Press [Enter] key to continue...
It saves the changes so you can go back in and upate the 2nd DNS server, but I do not know if it is restarting the NIC.
/etc/resolv.confg
# Generated by NetworkManager
search smart-mail.net
/etc/unbound/conf.d/forwarders.conf
forward-zone:
name: "."
forward-addr: 1.1.1.1
forward-addr: 4.4.4.4
[admin@EFA4Beta4 ~]$ dig mx google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mx google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43623
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN MX
;; ANSWER SECTION:
google.com. 205 IN MX 40 alt3.aspmx.l.google.com.
google.com. 205 IN MX 50 alt4.aspmx.l.google.com.
google.com. 205 IN MX 10 aspmx.l.google.com.
google.com. 205 IN MX 20 alt1.aspmx.l.google.com.
google.com. 205 IN MX 30 alt2.aspmx.l.google.com.
;; Query time: 14 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 18 12:15:30 CST 2019
;; MSG SIZE rcvd: 147
With our DNS Servers
/etc/resolv.confg
# Generated by NetworkManager
search smart-mail.net
/etc/unbound/conf.d/forwarders.conf
forward-zone:
name: "."
forward-addr: 172.22.22.15
forward-addr: 172.22.22.34
[admin@EFA4Beta4 ~]$ dig mx google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mx google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6428
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN MX
;; Query time: 57 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 18 12:00:32 CST 2019
;; MSG SIZE rcvd: 39
However when I run this on our EFA3 boxes which use our DNS they resolve the same as the external DNS servers do.
On a side note, whenever updating DNS from EFA-Configure it throws and error and kicks you back to the main menu.
Enter your new primary DNS: 1.1.1.1
sed: -e expression #1, char 13: unknown command: `C'
All done
Press [Enter] key to continue...
It saves the changes so you can go back in and upate the 2nd DNS server, but I do not know if it is restarting the NIC.
Re: EFA4 DNS config problem
As I have no issues with DNS in efa Rc2, recursion enabled.
Current working config.
/etc/eFa/eFa-Config
/etc/resolv.conf
/etc/unbound/conf.d/forwarders.conf
I did not change anything in the /etc/unbound/unbound.conf
I did add a Unbound config in /etc/unbound/conf.d/unbound.conf as described in viewtopic.php?t=2567
When I dig inside or outside my local network, (tcp or upd) the answer comes within 0msec.
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> +notcp mx google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61935
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN MX
;; ANSWER SECTION:
google.com. 806 IN MX 10 aspmx.l.google.com.
google.com. 806 IN MX 50 alt4.aspmx.l.google.com.
google.com. 806 IN MX 40 alt3.aspmx.l.google.com.
google.com. 806 IN MX 20 alt1.aspmx.l.google.com.
google.com. 806 IN MX 30 alt2.aspmx.l.google.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 18 21:34:24 CET 2019
;; MSG SIZE rcvd: 147
Current working config.
/etc/eFa/eFa-Config
Code: Select all
CONFIGURED:YES
HOSTNAME:testefa4
DOMAINNAME:example.lan
IPV4ADDRESS:172.16.xx.xx
IPV6ADDRESS:
DNSIP1:
DNSIP2:
RECURSION:ENABLED
INTERFACE:eth0
IPV4NETMASK:255.255.0.0
IPV4GATEWAY:172.16.yy.yy # pfsense firewall
IPV6MASK:
IPV6GATEWAY:
TZONE:Europe/Amsterdam
IANA:nl
ORGNAME:efa
MAILSERVER:127.0.0.1
ADMINEMAIL:me@example.lan
ISUTC:true
IPV6DNS:no
Code: Select all
# Generated by NetworkManager
search example.lan example.man
nameserver 127.0.0.1
Code: Select all
forward-zone:
name: "."
forward-addr: 172.16.yy.yy # pfsense firewall running unbound
forward-first: yes
I did add a Unbound config in /etc/unbound/conf.d/unbound.conf as described in viewtopic.php?t=2567
When I dig inside or outside my local network, (tcp or upd) the answer comes within 0msec.
Code: Select all
dig +notcp mx google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61935
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN MX
;; ANSWER SECTION:
google.com. 806 IN MX 10 aspmx.l.google.com.
google.com. 806 IN MX 50 alt4.aspmx.l.google.com.
google.com. 806 IN MX 40 alt3.aspmx.l.google.com.
google.com. 806 IN MX 20 alt1.aspmx.l.google.com.
google.com. 806 IN MX 30 alt2.aspmx.l.google.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 18 21:34:24 CET 2019
;; MSG SIZE rcvd: 147
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA4 DNS config problem
You are getting a SERVFAIL status. Is there a firewall or ACL between you and these dns servers?
Thanks for the find, flagging this for a fix.On a side note, whenever updating DNS from EFA-Configure it throws and error and kicks you back to the main menu.
Enter your new primary DNS: 1.1.1.1
sed: -e expression #1, char 13: unknown command: `C'
All done
Press [Enter] key to continue...
Re: EFA4 DNS config problem
I will turn on Recursion again and post the results.
Recursion was originally on default with no DNS Primary/Secondary servers defined and mails were not passing. But it was generating a different error than with it off as I recall.
Recursion was originally on default with no DNS Primary/Secondary servers defined and mails were not passing. But it was generating a different error than with it off as I recall.
Re: EFA4 DNS config problem
Most likely, Shawn did ask the nr 1 question: "Is there a firewall or ACL between you and these dns servers?"
(I do have a firewall rule that blocks all DNS trafic with destination Not the firewall-dns server )
Check your dns config.
Check caching
(I do have a firewall rule that blocks all DNS trafic with destination Not the firewall-dns server )
Check your dns config.
Code: Select all
unbound-control list_forwards
unbound-control lookup google.com
Code: Select all
unbound-control stats_noreset |grep total
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: EFA4 DNS config problem
No firewall between the EFA boxes and Our DNS. They are on the same subnet.
There is a firewall between the EFA boxes and the External DNS.
We checked logs our DNS servers and no errors for requests being rejected for the EFA4 boxes.
There is a firewall between the EFA boxes and the External DNS.
We checked logs our DNS servers and no errors for requests being rejected for the EFA4 boxes.
Re: EFA4 DNS config problem
did you read? viewtopic.php?t=2567
can you post (for efa3 and efa4)
can you post (for efa3 and efa4)
Code: Select all
unbound-control list_forwards
unbound-control lookup google.com
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: EFA4 DNS config problem
Installed RC3 and DNS Recursion not working.
With default setting DNS Recursion Enabled it does not route emails.
From mailog
cat /etc/resolv.conf
dig google mail server
When I Disable Recursion and use EFA Configure set Primary DNS = 8.8.8.8, No email delivery.
If I edit /etc/resolv.conf and add the DNS Server email is delivered. Delivery also works with our Internal DNS which was a previous problem.
It appears that EFA-Config is not updating /etc/resolv.conf files.
Todd
With default setting DNS Recursion Enabled it does not route emails.
From mailog
Code: Select all
Mar 13 21:11:02 SC-EFA4RC3-01 postfix/smtpd[7260]: connect from mail-wm1-f48.google.com[209.85.128.48]
Mar 13 21:11:02 SC-EFA4RC3-01 postfix/smtpd[7260]: Anonymous TLS connection established from mail-wm1-f48.google.com[209.85.128.48]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Mar 13 21:11:33 SC-EFA4RC3-01 postfix/smtpd[7260]: NOQUEUE: reject: RCPT from mail-wm1-f48.google.com[209.85.128.48]: 450 4.1.2 <hunter@progressivesystems.biz>: Recipient address rejected: Domain not found; from=<todd.d.hunter@gmail.com> to=<hunter@progressivesystems.biz> proto=ESMTP helo=<mail-wm1-f48.google.com>
Mar 13 21:11:33 SC-EFA4RC3-01 postfix/smtpd[7260]: disconnect from mail-wm1-f48.google.com[209.85.128.48] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
Code: Select all
[root@SC-EFA4RC3-01 ~]# cat /etc/resolv.conf
domain smartcloudllc.com
# Generated by NetworkManager
[root@SC-EFA4RC3-01 ~]#
Code: Select all
root@SC-EFA4RC3-01 ~]# dig mail-wm1-f48.google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mail-wm1-f48.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59892
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail-wm1-f48.google.com. IN A
;; ANSWER SECTION:
mail-wm1-f48.google.com. 86130 IN A 209.85.128.48
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 13 21:15:32 CDT 2019
;; MSG SIZE rcvd: 68
Code: Select all
[root@SC-EFA4RC3-01 ~]# cat /etc/resolv.conf
domain smartcloudllc.com
# Generated by NetworkManager
[root@SC-EFA4RC3-01 ~]# dig mail-wm1-f48.google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mail-wm1-f48.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
Code: Select all
nameserver 8.8.8.8
domain smartcloudllc.com
# Generated by NetworkManager
Code: Select all
[root@SC-EFA4RC3-01 ~]# dig mail-wm1-f48.google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mail-wm1-f48.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28399
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mail-wm1-f48.google.com. IN A
;; ANSWER SECTION:
mail-wm1-f48.google.com. 21599 IN A 209.85.128.48
;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 13 21:24:45 CDT 2019
;; MSG SIZE rcvd: 68
Todd
Re: EFA4 DNS config problem
I can confirm I'm having the same issue as @toddh on a new EFA3 install.
Re: EFA4 DNS config problem
Can you post:
To prevent Network Manager to overwrite your resolv.conf changes, remove the DNS1, DNS2, ...
lines from /etc/sysconfig/network-scripts/ifcfg-*.
Code: Select all
/etc/sysconfig/network-scripts/ifcfg-*
lines from /etc/sysconfig/network-scripts/ifcfg-*.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams