System setup: Linux Red Hat Enterprise Linux ES release 4 (Nahant Update 9), Postfix mail server
I have a user who is trying to send an e-mail. E-Mail on this server has been working for years without any (on-going) problems. Now this user can't e-mail a specific server, and only that server. I have tested my account and can't e-mail the server either.
When I do a dig for the mx record, I get this:
dig -t mx xxxxxxxxx.com
;; Truncated, retrying in TCP mode.
;; connection timed out; no servers could be reached
When I run the same command with +ignore, it works.
I have run this command and it shows my UDP packet sizes:
dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2013-06-14 22:41:30 UTC"
"72.51.49.20 sent EDNS buffer size 4096"
"72.51.49.20 DNS reply size limit is at least 3843"
That seems large enough but I don't know.
I added OpenDNS servers to my resolv.host, but it didn't help.
The server is old (circa 2008) and will soon be replaced. I suspect that will fix the problem, but replacement is still two to four weeks away and I'd like to fix it in the meantime.
Postfix gives me this in the maillog for this server:
Jun 14 16:01:35 postfix/smtp[10962]:
to=, relay=none, delay=94925,
delays=94358/0.03/567/0, dsn=4.4.3, status=deferred (Host or domain
name not found. Name service error for name=xxxxxxx.com type=MX: Host
not found, try again)
Not sure if I need to change postfix somehow or named or what.
Thanks
bqb
Best Answer
This first error line was warning message.
Nils in his thread on SF: Force forwarder DNS requests to TCP mode give explanation as the following:
The second one was a permanent error that dig can't reach any NS server.
You can tell dig to advertise a large receive buffer, for example
dig +bufsize=2048 xxxxx.com
.Based on your comment, it worked in your case.
Solution
You can try to set parameter
edns-udp-size
and/ormax-udp-size
in your named.conf as Alnitak pointed out in his answer.Also try to check firewall rule to allow TCP packet over port 53. Looks like this is the reason why your dig was timed out in TCP mode.