Topic: CNAME lookup failed temporarily. (#4.4.3)

[filloweb]

Hi.

Since a few weeks, send to a Chinese recipient was impossible.

Qmail says:

Code: [Select]

Hi. This is the qmail-send program at SENDER_DOMAIN.it.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<export05@china-jinlong.com>:
CNAME lookup failed temporarily. (#4.4.3)
I'm not going to try again; this message has been in the queue too long.

If I do a dig I answered this way:

Code: [Select]

[root@mail ~]# dig china-jinlong.com mx

; <<>> DiG 9.2.4 <<>> china-jinlong.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8873
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;china-jinlong.com.             IN      MX

;; ANSWER SECTION:
china-jinlong.com.      600     IN      MX      5 mxa3.chinaemail.cn.
china-jinlong.com.      600     IN      MX      10 mx3.chinaemail.cn.

;; Query time: 487 msec
;; SERVER: 192.168.100.200#53(192.168.100.200)
;; WHEN: Fri Jan 18 12:11:44 2013
;; MSG SIZE  rcvd: 89

[root@mail ~]#

By then ping and resolve the name but 'tells me that the server'

Code: [Select]

[root@mail ~]# ping mxa3.chinaemail.cn
PING mxa3.chinaemail.cn (74.86.103.194) 56(84) bytes of data.
64 bytes from mx100.chinaemail.cn (74.86.103.194): icmp_seq=0 ttl=46 time=180 ms

--- mxa3.chinaemail.cn ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1000ms
rtt min/avg/max/mdev = 180.129/180.129/180.129/0.000 ms, pipe 2
[root@mail ~]# host 74.86.103.194
194.103.86.74.in-addr.arpa domain name pointer mx100.chinaemail.cn.
[root@mail ~]#

How can I fix?
SME is  a 7.6 up2date and doing qmHandle response to me:

Code: [Select]

Total messages: 48
Messages with local recipients: 0
Messages with remote recipients: 48
Messages with bounces: 1
Messages in preprocess: 0

All queue is for the same recipient.

Any ideas?

Thanks.
filloweb

[janet]

filloweb

> CNAME lookup failed temporarily. (#4.4.3)


DNS records are wrong or not set up correctly or inaccessible, the owner of the domain needs to fix this

IP address: 113.10.190.83
Host name: china-jinlong.com
Alias: china-jinlong.com
113.10.190.83 is from Hong Kong(HK) in region Southern and Eastern Asia

TraceRoute from Network-Tools.com to 113.10.190.83 [china-jinlong.com]
Hop   (ms)   (ms)   (ms)           IP Address   Host name
1      1      0      0         8.9.232.73    xe-5-3-0.edge3.dallas1.level3.net 
2      7      0      0         4.69.145.254    vlan90.csw4.dallas1.level3.net 
3      32      32      32         4.69.151.170    ae-93-93.ebr3.dallas1.level3.net 
4      32      32      32         4.69.132.77    ae-3-3.ebr2.losangeles1.level3.net 
5      32      32      41         4.69.137.18    ae-62-62.csw1.losangeles1.level3.net 
6      32      32      32         4.69.144.14    ae-1-60.edge6.losangeles1.level3.net 
7      41      40      40         4.30.62.38    kt-corporat.edge6.losangeles1.level3.net 
8      40      40      40         112.174.89.34     - 
9      192      192      192         112.174.88.69     - 
10      199      199      199         121.189.2.134     - 
11      252      251      251         113.10.229.17    irb288.10g-tc1.wpc.nwtgigalink.com 
12      251      282      251         113.10.229.66    ae5.10g-idc.wpc.nwtgigalink.com 
13      252      254      253         113.10.230.218     - 
14      198      198      198         113.10.190.83     - 

Trace complete


Retrieving DNS records for china-jinlong.com...
DNS servers
f1g1ns1.dnspod.net [119.167.195.12]
f1g1ns2.dnspod.net [112.90.143.29]
Query for DNS records for china-jinlong.com failed: Timed out
Whois query for china-jinlong.com...

Results returned from whois.internic.net:



Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: CHINA-JINLONG.COM
   Registrar: XIAMEN CHINASOURCE INTERNET SERVICE CO., LTD.
   Whois Server: whois.cnolnic.com
   Referral URL: http://www.zzy.cn
   Name Server: F1G1NS1.DNSPOD.NET
   Name Server: F1G1NS2.DNSPOD.NET
   Status: clientTransferProhibited
   Updated Date: 07-feb-2012
   Creation Date: 19-jan-2000
   Expiration Date: 19-jan-2013

[CharlieBrady]

There are plenty of DNS tester websites on-line - here is one:

http://www.dnssy.com/report.php?q=china-jinlong.com

The glue record is probably the cause of the problem. Mary is right - only the domain holder can fix the problem.

You could use a custom template for /var/qmail/control/smtproutes if you want to avoid DNS for that domain. I wouldn't recommend that however.

[CharlieBrady]

If I do a dig I answered this way:

[root@mail ~]# dig china-jinlong.com mx

See what happens if you do an 'any' and 'cname' lookup, rather than an mx lookup. qmail used to have a problem with over-large dns responses, but that was patched long ago:

http://bugs.contribs.org/show_bug.cgi?id=3827

Do:

rpm -q qmail djbdns

and verify that you have up to date versions.

[filloweb]

Code: [Select]

root@mail:~[root@mail ~]# rpm -q qmail djbdns
qmail-1.03-17.el4.sme
djbdns-1.05-8.el4.sme
root@mail:~[root@mail ~]#   

[CharlieBrady]

Those are the same versions I have, and I have the same result if I try to send to your domain.

If you use the /service/dnscache/dnscache-log.pl and tai64nlocal to analyse the dnscache logs, we see:

Code: [Select]

...
2013-01-19 11:55:46.378703500 cached a f1g1ns1.dnspod.net.
2013-01-19 11:55:46.378708500 cached a f1g1ns2.dnspod.net.
2013-01-19 11:55:46.378712500 tx 0 cname china-jinlong.com. china-jinlong.com. 112.90.143.29 183.60.
52.217 180.153.162.150 180.153.10.151 122.225.217.192 122.225.217.191 119.167.195.12 180.153.10.150
2013-01-19 11:55:47.753517500 lame 183.60.52.217 china-jinlong.com. china-jinlong.com.
2013-01-19 11:55:47.753523500 tx 0 cname china-jinlong.com. china-jinlong.com. 122.225.217.191 180.1
53.10.150 119.167.195.12 112.90.143.29 122.225.217.192 180.153.162.150 180.153.10.151
2013-01-19 11:55:49.001615500 lame 180.153.10.150 china-jinlong.com. china-jinlong.com.
2013-01-19 11:55:49.001622500 tx 0 cname china-jinlong.com. china-jinlong.com. 122.225.217.192 119.1
67.195.12 122.225.217.191 180.153.162.150 112.90.143.29 180.153.10.151
2013-01-19 11:55:49.143610500 query 2116491 127.0.0.2:65180:32935 cname china-jinlong.com.
2013-01-19 11:55:49.143616500 cached ns china-jinlong.com. f1g1ns1.dnspod.net.
2013-01-19 11:55:49.143620500 cached ns china-jinlong.com. f1g1ns2.dnspod.net.
2013-01-19 11:55:49.143625500 cached a f1g1ns1.dnspod.net.
2013-01-19 11:55:49.143629500 cached a f1g1ns2.dnspod.net.
2013-01-19 11:55:49.143634500 tx 0 cname china-jinlong.com. china-jinlong.com. 183.60.52.217 180.153
.10.151 112.90.143.29 180.153.10.150 119.167.195.12 122.225.217.192 180.153.162.150 122.225.217.191
2013-01-19 11:55:49.340086500 lame 122.225.217.192 china-jinlong.com. china-jinlong.com.
2013-01-19 11:55:49.340092500 tx 0 cname china-jinlong.com. china-jinlong.com. 119.167.195.12 180.15
3.10.151 122.225.217.191 180.153.162.150 112.90.143.29
2013-01-19 11:55:49.615230500 lame 183.60.52.217 china-jinlong.com. china-jinlong.com.
2013-01-19 11:55:49.615237500 tx 0 cname china-jinlong.com. china-jinlong.com. 180.153.10.150 122.22
5.217.192 180.153.10.151 119.167.195.12 180.153.162.150 112.90.143.29 122.225.217.191
2013-01-19 11:55:49.843414500 lame 180.153.10.150 china-jinlong.com. china-jinlong.com.
...

Google for 'lame delegation'.

As stated before, china-jinlong.com need to fix their DNS configuration.

For reasons I don't understand, this only seems to be an issue when looking for CNAME records.

Code: [Select]

-bash-3.00$ dnsqr mx china-jinlong.com.
15 china-jinlong.com:
89 bytes, 1+2+0+0 records, response, noerror
query: 15 china-jinlong.com
answer: china-jinlong.com 600 MX 5 mxa3.chinaemail.cn
answer: china-jinlong.com 600 MX 10 mx3.chinaemail.cn
-bash-3.00$  dnsqr ns china-jinlong.com.
2 china-jinlong.com:
89 bytes, 1+2+0+0 records, response, noerror
query: 2 china-jinlong.com
answer: china-jinlong.com 557 NS f1g1ns2.dnspod.net
answer: china-jinlong.com 557 NS f1g1ns1.dnspod.net
-bash-3.00$ dnsqr any china-jinlong.com.
255 china-jinlong.com:
89 bytes, 1+2+0+0 records, response, noerror
query: 255 china-jinlong.com
answer: china-jinlong.com 548 NS f1g1ns2.dnspod.net
answer: china-jinlong.com 548 NS f1g1ns1.dnspod.net
-bash-3.00$ dnsqr a china-jinlong.com.
1 china-jinlong.com:
51 bytes, 1+1+0+0 records, response, noerror
query: 1 china-jinlong.com
answer: china-jinlong.com 600 A 113.10.190.83
-bash-3.00$ dnsqr a mx3.chinaemail.cn
1 mx3.chinaemail.cn:
51 bytes, 1+1+0+0 records, response, noerror
query: 1 mx3.chinaemail.cn
answer: mx3.chinaemail.cn 300 A 74.86.103.194
-bash-3.00$ dnsqr a mxa3.chinaemail.cn
1 mxa3.chinaemail.cn:
52 bytes, 1+1+0+0 records, response, noerror
query: 1 mxa3.chinaemail.cn
answer: mxa3.chinaemail.cn 300 A 74.86.103.194
-bash-3.00$ dnsqr cname china-jinlong.com.
5 china-jinlong.com:
timed out
-bash-3.00$

For a full visualisation of the DNS configuration of chian-jinlong.com, do:

dnstrace cname china-jinlong.com.  a.root-servers.net

Then run "dnstracesort" on the output to make the output more readable. See:

http://cr.yp.to/djbdns/debugging.html