Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » CNAME DNS record needed?
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Hi guys,

I've got one company that cannot send us mail. The error mail they receive back from their mail server is:
Quote:

CNAME lookup failed temporarily. (#4.4.3)

It seems they use qmail and qmail is trying to resolve our CNAME DNS entry. We do not have a CNAME entry, so obviously this lookup is failing.

Does any of you know about CNAME entries for mail delivery and where they should point to?

AFAIK they should just check our MX record and then resolve our MX record's A record. Right? This is all just fine:
Quote:

C:\>nslookup -q=mx okura.nl

okura.nl MX preference = 10, mail exchanger = mail.okura.nl
okura.nl MX preference = 50, mail exchanger = mx1.HSCG.net
okura.nl MX preference = 50, mail exchanger = mx2.HSCG.net
okura.nl MX preference = 50, mail exchanger = mx3.HSCG.net
okura.nl MX preference = 50, mail exchanger = mx4.HSCG.net
okura.nl nameserver = ns2.qinip.net
okura.nl nameserver = ns1.qinip.net
mail.okura.nl internet address = 80.73.128.57
ns1.qinip.net internet address = 62.100.32.132
ns2.qinip.net internet address = 195.18.103.140


I've discussed this with our ISP and they have never encountered any situation in which CNAME’s are required for mail domains.

As there is only one company (I know of) that has these problems sending mail to us, I guess the problem lies with them. The rest of the world can happily send us mail. But I would like to be sure I'm not missing some (seldomly used but required) DNS setting.

There is some info here, but I do not understand it: http://cr.yp.to/im/cname.html

[Updated on: Mon, 24 April 2006 15:36]

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
A CNAME record is kind of like a desktop shortcut in the world of DNS. It's just a pointer to an A record. When you look up a CNAME record, it returns a domain name, so another lookup is performed to get the IP address from that A record.

They have their uses, but a lot of people avoid them since they require an additional lookup. They'd rather post multiple A records pointing to the same IP than slow down resolution, or cause multiple lookups that would cause additional traffic.

Here's a thought. Do you use your ISPs mail server as a backup in your MX record? It's possible they're using a CNAME. It still sounds like a DNS problem at the other end though. They could try doing an NSLOOKUP or DIG from within their network to see if that resolves properly.

Scott
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
sedell wrote on Mon, 24 April 2006 06:49

A CNAME record is kind of like a desktop shortcut in the world of DNS. It's just a pointer to an A record. When you look up a CNAME record, it returns a domain name, so another lookup is performed to get the IP address from that A record.

They have their uses, but a lot of people avoid them since they require an additional lookup. They'd rather post multiple A records pointing to the same IP than slow down resolution, or cause multiple lookups that would cause additional traffic.




On the other hand, if you have dozens of websites on one server, changing the one A record instead of dozens of A records is a lot less work =)

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Sure is. They make maintenance easier for sure.

Scott
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
So, may I conclude:

A:
There is really no need for CNAME's with respect to delivery of emails. Other mail servers should not need a CNAME record to exist and if they do they are somehow misconfigured.

B: (for my understanding of CNAME's)
CNAME's could be handy if you have many subdomains (sub1.domain.com, sub2.domain.com etc.) that all need to point to one IP address. A CNAME record will automatically point all sub-domains to the same IP adress without having to make A records for them all. Right?

So again, there is no direct obvious use with respect to mail delivery, certainly if all our mail is purely send to ...<_at_>okura.nl and nothing else.


  •  
bronco

Messages: 131
Karma: 1
Send a private message to this user
Hi Guys,

I have put your domain name in DNS Stuff and asked for the MX record.It seems to me that the Mailserver on the other end is taking the first MX entry it finds that one has no A record in the DNS namely mx3.HSCG.net.

I had a similar problem when I named my Backup DNS provider first. After changing my DNS entries in such a way that my "10" was named first all the problems on the other end went away. I do not know if this will solve your problem but it might be a clue :-).

Rene.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
bronco wrote on Thu, 27 April 2006 02:10

...is taking the first MX entry it finds that one has no A record in the DNS namely mx3.HSCG.net


But mx3.HSCG.net does have an A record. According to DNSStuff:
Quote:

Domain Type Class TTL Answer
mx3.hscg.net A IN 86400 80.73.128.53


And I don't think the order is set. When I lookup our MX-record I get 'mx2' as first response, while you seem to be getting 'mx3'.

Besides, the order is (or should be) irrelevant, only the priority should matter.

But thanks for your suggestion, I'll see what I can do to reorder the entries :)

  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
QMail says:

6.5 How do I deal with CNAME lookup failed temporarily?

The log showed that a message was deferred for this reason. Why is qmail doing CNAME lookups, anyway?

Answer:

The SMTP standard does not permit aliased hostnames (see http://pobox.com/~djb/im/cname.html), so qmail has to do a CNAME lookup in DNS for every sender and recipient host. CNAME lookup failed temporarily means that the relevant DNS server is down. It will try again soon.


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Yes, ok. So I guess not allowing aliased hosts means that it is actually a good thing that we do not have a CNAME entry. Having no CNAME menas our our host is not aliased.
Previous Topic: Web Based Mail Server
Next Topic: Setting Up Primary Domain
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 03:20:11 CET 2017

Total time taken to generate the page: 0.00507 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.