> On Tue, 19 Sep 2000, Melanie Lampert wrote:
>
> > The mail that is sent through Exim goes through fine most of the time,
> > however at random times it bounces mail with "unrouteable mail domain"
> > error:
>
> > sample_user@???:
> > unrouteable mail domain "aol.com"
>
> My guess is that there is a problem with the resolver exim is using to
> look up domains.
>
> My guess is that your only name servers are occassionaly unreachable, and
> so that your resolver is somehow reporting that the domain doesn't exist.
>
It could be that your name servers are un-reachable, or the name servers
byond them are un-reachable (ie. the ones which aol.com is delegated to),
or if you're really out of luck the root namservers.
> What might work better is to set up a caching only name server on the same
> host that exim is on. That will always be reachable, but may occassionaly
> report a "softer" failure which will just cause exim to defer messages if
> you are off the net.
>
> All of that is pure speculation. I don't know how resolvers work.
>
> In the past, there has been a lot of debate about the usefulness of
> caching only and/or local name servers and opinions vary. Also, I have
> never (well, hardly ever) set up a caching only name server, and can't
> advise on how to do that.
We always use a local caching nameserver in our configurations - actually
we have two main nameservers, one which "faces inwards" [which knows
authorative answers for all our domains plus local bits we don't want the
internet at large to see] and one which faces outwards and does real
resolving.
The mail hosts talk to the inner nameserver which forwards requests to
the external one, the inner nameserver has a config in the form:
options {
directory "/etc/named";
forward only;
forwarders {
1.1.1.1; // addresses of external nameservers
2.2.2.2;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
zone "." {
type hint;
file "named.cache";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
// local domains which you want to be authoritave for but hidden
// from the net at large
zone "my-hidden.domain.com" {
type master;
file "named.my-hidden.domain.com";
};
I'm sure the non-routable domain probelm which you are seeing is a
resolver/namserver issue rather than an Exim one - you could check
this for yourself using dig/nslookup if you were around at the time the
problem occurred...
Perhaps it would be helpful if Exim had the ability to log the error codes
returned by the resolver calls and map tham back to things we know
like NXDOMAIN, SERVFAIL, etc.
Mike
