[Pdns-users] GeoBackend Advice

Mon Jul 6 09:14:01 UTC 2009

Hi Guys

I need a little advice on a small problem we're having on our geo dns server.
it is related to the geobackend and MX records.

firstly, some background on my current setup, i am using debian lenny with 
pdns-server, and geo and bind backends. all packages were installed via the 
debian repositories, so nothing was compiled by hand.

this is what i have in the bind conf file for the domain domain.net

 domain.net. IN SOA ns1.domain.net.,ns2.domain.net.,dns-admin at domain.net. (
 2009070304
 10800
 3600
 604800
 38400 )

domain.net. IN NS ns1.domain.net.
domain.net. IN NS ns2.domain.net.
domain.net. IN MX 10 mx0.email.com.
domain.net. IN MX 15 mx1.email.com.
domain.net. IN MX 20 mx2.email.com.
domain.net. IN MX 25 mx3.email.com.
domain.net. IN MX 30 mx4.email.com.
eu IN A 10.1.1.1
us IN A 10.1.1.2
www IN CNAME www.geo.domain.net.

the www.geo.domain.net record is where the geodns direction happens...
at the moment, there are only two geodns zones setup at the moment....US and 
EU. every other IP outside of US, will direct to EU.

if someone types www.domain.net in a browser, it cnames to www.geo.domain.net 
and then redirects accordingly via the geodns server.

the problem i'm having, is that when adding a wildcard cname of *, (So that 
whenever someone types domain.net without the www part it will still go to the 
website via geodns redirection) is that the geodns server then stops serving 
up queries for MX for this domain... until you add the mx's as the following:

us.domain.net. IN MX 10 mx0.email.com. 
eu.domain.net. IN MX 10 mx0.email.com. 

then if you dig the mx, you then get the following depending on your 
originating IP address:

 ;; QUESTION SECTION:
;domain.net. IN MX

 ;; ANSWER SECTION:
domain.net. 3600 IN CNAME www.geo.domain.net.
www.geo.domain.net. 3600 IN CNAME eu.domain.net.
eu.domain.net. 3600 IN MX 10 mx0.email.com.

this setup seems fine initially and the digs seem to work out correctly, 
however, some mail servers when sending us emails fail with the following 
errors:

 A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

 user at www.geo.domain.net
 (generated from user at domain.net)
 SMTP error from remote mail server after RCPT TO:<user at www.geo.domain.net>:
 host mx0.email.com [***.**.**.**]: 550 relay not permitted

so it seems that some mail servers add the @www.geo.domain.net part 
automatically, and then relaying fails at the smtp host. gmail and a few 
others send mail fine, however, some UK based smtp's fail with the message 
above.

i have been told that some mail servers perform reverse dns lookups, and that 
is what causes these errors, and that the only way round this, is to remove 
the wildcard, and specify a static address record for the domain ie:

domain.net. IN A 10.1.1.2

then in some way perform redirection from the 10.1.1.2 host. 
without the wildcard, you can then specify normal MX records as below:

domain.net. IN MX 10 mx0.email.com.
domain.net. IN MX 15 mx1.email.com.
domain.net. IN MX 20 mx2.email.com.
domain.net. IN MX 25 mx3.email.com.
domain.net. IN MX 30 mx4.email.com.

digs then send out the following:

 ;; QUESTION SECTION:
;domain.net. IN MX

 ;; ANSWER SECTION:
domain.net. 3600 IN MX 25 mx3.email.com.
domain.net. 3600 IN MX 30 mx4.email.com.
domain.net. 3600 IN MX 10 mx0.email.com.
domain.net. 3600 IN MX 15 mx1.email.com.
domain.net. 3600 IN MX 20 mx2.email.com.

mail then relays correctly from anywhere, however, when a user types 
http://domain.net in a browser it will go to 10.1.1.2 by default due to the A 
record.

i need to find a way to redirect the user from 10.1.1.2 to www.domain.net 
without using the cname, otherwise, it just adds geodns to the address which 
somehow affects the MX as well. the redirection can be done from apache, but 
this can be tedious.

please have a look at the records i've listed in this email, and let me know 
if i could be missing something, or doing something wrong or if there is an 
alternative way to do this.

many thanks for your help.

kalpesh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20090706/d0b00d47/attachment-0001.html>