[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mailing list problem
- To: KONE <kone at univ-ouaga.bf>
- Subject: Re: Mailing list problem
- From: Brian Candler <B.Candler at pobox.com>
- Date: Tue, 3 Dec 2002 11:18:18 +0000
- Cc: Fisayo Adeleke <fisayo at steineng.com>, afnog at afnog.org,cmusisi at uol.co.ug, cmusisi at cfi.co.ug, tevie at ghana.com,abulley at ghana.com, quaynor at ghana.com, ksemat at africaonline.co.ug
- Content-Disposition: inline
- Content-Type: text/plain; charset=us-ascii
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog-outgoing at afnog.org
- Delivered-To: afnog at afnog.org
- In-Reply-To: <20021203102213.34A767F92 at mail.univ-ouaga.bf>; from kone at univ-ouaga.bf on Tue, Dec 03, 2002 at 10:22:13AM -0000
- References: <20021024094546.C53086 at linnet.org> <20021203102213.34A767F92 at mail.univ-ouaga.bf>
- Sender: owner-afnog at afnog.org
- User-Agent: Mutt/1.2.5i
On Tue, Dec 03, 2002 at 10:22:13AM -0000, KONE wrote:
> Hello !
> I am subscribing to afnog mailing list. The problem isthe following
> when I post a mail, it isn't transmited to the mailing list but, I
> receive the mail posting by mailing list users.
> Help
Did you get any bounce message in response to your posting?
Do you have access to mailserver logs on the machine which sent the mail, or
which relayed it?
I noticed a problem with the 'afnog.org' domain yesterday, where its MX
record pointed to a host (uol.co.ug) which did not exist.
Actually, I've just investigated a bit more, and the DNS information for the
uol.co.ug domain is inconsistent - i.e. there is a random chance it will
work or not work, depending on which server your cache talks to.
It turns out one of the nameservers (computerpoint.co.ug) is giving out
poisoned information. This is a serious problem. The details are below for
the uol.co.ug people to look at.
Regards,
Brian.
---------------------------------------------------------------------------
$ dig at a.root-servers.net. ug. ns
;; ANSWER SECTION:
ug. 2D IN NS NS.ICANN.ORG.
ug. 2D IN NS WEB.EAHD.OR.ug.
ug. 2D IN NS DEMON.MTN.CO.ug.
ug. 2D IN NS NS.RIPE.NET.
ug. 2D IN NS NS.SANYUTEL.COM.
;; ADDITIONAL SECTION:
NS.ICANN.ORG. 2D IN A 192.0.34.126
WEB.EAHD.OR.ug. 2D IN A 216.129.132.179
DEMON.MTN.CO.ug. 2D IN A 212.88.97.20
NS.RIPE.NET. 2D IN A 193.0.0.193
NS.SANYUTEL.COM. 2D IN A 216.250.215.10
Next: query these five machines for uol.co.ug. (A record)
In four cases you get back a referral (fine):
;; AUTHORITY SECTION:
uol.co.ug. 4H IN NS wawa.eahd.or.ug.
uol.co.ug. 4H IN NS spice.eahd.or.ug.
uol.co.ug. 4H IN NS computerpoint.co.ug.
uol.co.ug. 4H IN NS sentry.bushnet.net.
uol.co.ug. 4H IN NS webnation.co.ug.
;; ADDITIONAL SECTION:
wawa.eahd.or.ug. 4H IN A 216.129.132.164
spice.eahd.or.ug. 4H IN A 216.250.215.44
When you query 212.88.97.20 (DEMON.MTN.CO.ug.) you get a cached,
non-authoritative answer - i.e. this is a lame delegation
Next look for NS records within the zone:
for i in 216.129.132.164 216.250.215.44 computerpoint.co.ug. \
sentry.bushnet.net. webnation.co.ug.; do dig at $i uol.co.ug. ns; done
The first two give:
;; ANSWER SECTION:
uol.co.ug. 6H IN NS sentry.bushnet.net.
uol.co.ug. 6H IN NS wawa.eahd.or.ug.
uol.co.ug. 6H IN NS spice.eahd.or.ug.
uol.co.ug. 6H IN NS janus.webnation.co.ug.
;; ADDITIONAL SECTION:
wawa.eahd.or.ug. 6H IN A 216.129.132.164
spice.eahd.or.ug. 6H IN A 216.250.215.44
[This is inconsistent with the delegation. Choose whichever are the
nameservers which are authoritative for this zone, and put the same set of
NS records both within the zone and in the delegating zone]
The third one says authoritatively that the domain does not exist:
; <<>> DiG 8.3 <<>> at computerpoint.co.ug. uol.co.ug. ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; uol.co.ug, type = NS, class = IN
;; AUTHORITY SECTION:
. 1H IN SOA cpl2000.computerpoint.co.ug. admin. (
9 ; serial
15M ; refresh
10M ; retry
1D ; expiry
1H ) ; minimum
In fact it is claiming to be authoritative for the entire DNS! This is
poisoning anyone who queries it.
The fourth gives "SERVFAIL" and the fifth does not even exist...
$ nslookup webnation.co.ug.
*** can't find webnation.co.ug.: Non-existent host/domain
So out of the three working servers, you have a 1 in 3 chance of hitting the
extremely broken "computerpoint.co.ug" which says that uol.co.ug. does not
exist - and therefore you won't be able to send mail to afnog at afnog.org
until that information times out, since the MX record for afnog.org points
at uol.co.ug
$ dig at computerpoint.co.ug. uol.co.ug. a
; <<>> DiG 8.3 <<>> at computerpoint.co.ug. uol.co.ug. a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; uol.co.ug, type = A, class = IN
;; AUTHORITY SECTION:
. 1H IN SOA cpl2000.computerpoint.co.ug. admin. (
9 ; serial
15M ; refresh
10M ; retry
1D ; expiry
1H ) ; minimum
;; Total query time: 3731 msec
;; FROM: bloodhound.uk.tiscali.com to SERVER: computerpoint.co.ug. 195.238.52.191
;; WHEN: Tue Dec 3 11:01:38 2002
;; MSG SIZE sent: 27 rcvd: 94
Querying "janus.webnation.co.ug" also gives a cached response, so this is
also lame.
In all, only two servers are working: wawa and spice.
So what you need to do is decide whether or not to fix the others, and then
set both the delegation and the zone NS records to point to the working
servers. Most important of all is to remove the delegation to
"computerpoint.co.ug" since it is giving wrong authoritative answers.
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org