Domain-Name-System

DNS A 超時是否會導致永久電子郵件故障?

  • July 3, 2014

outlook.com有時,電子郵件在發送給使用該系統作為其電子郵件伺服器的收件人時無法通過。他們的 MX 記錄解析得很好,但他們的 A 記錄(類似於example-com.mail.protection.outlook.com)超時。

在這裡使用sendmail,我不是專家。我繼承了配置,對設置了解不多。我知道的一件事是它已經多年沒有被編輯過,也沒有任何問題的跡象。

我不知道是不是故意的,但是dig example-com.mail.protection.outlook.com15秒後響應超時,然後再挖成功。

我們正在使用我們自己的 BIND DNS 伺服器進行記憶體,該伺服器至少在很長一段時間內都沒有重新配置。

看來我們的 sendmail 系統在得到 host not found for 後放棄了example-com.mail.protection.outlook.com。發生這種永久性故障是否合適?是否應該改為暫時失敗?標準是什麼?是outlook.com 錯了還是我們的sendmail 錯了?

編輯

供您參考,以下是來自 的相關日誌條目maillog,敏感資訊被屏蔽example.com代表接收伺服器,example.net代表我們自己的domain

Jun 16 09:28:28 myhostname sendmail[8613]: [ID 801593 mail.info] s5GDSOZ4008613: from=websusr, size=16975, class=0, nrcpts=2, msgid=<201406161328.s5GDSOZ4008613@myhostname.example.net>, relay=websusr@localhost
Jun 16 09:28:28 myhostname sendmail[8617]: [ID 801593 mail.info] s5GDSSIP008617: from=<websusr@myhostname.example.net>, size=17222, class=0, nrcpts=2, msgid=<201406161328.s5GDSOZ4008613@myhostname.example.net>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Jun 16 09:28:28 myhostname sendmail[8613]: [ID 801593 mail.info] s5GDSOZ4008613: to="John Doe" <john@example.com>, ctladdr=websusr (60001/60001), delay=00:00:04, xdelay=00:00:00, mailer=relay, pri=76975, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s5GDSSIP008617 Message accepted for delivery)
Jun 16 09:32:09 myhostname sendmail[8618]: [ID 801593 mail.info] s5GDSSIP008617: to=<john@example.com>, ctladdr=<websusr@myhostname.example.net> (60001/60001), delay=00:03:41, xdelay=00:03:40, mailer=esmtp, pri=77440, relay=example-com.mail.eo.outlook.com., dsn=5.1.2, stat=Host unknown (Name server: example-com.mail.eo.outlook.com.: host not found)
Jun 16 09:32:09 myhostname sendmail[8618]: [ID 801593 mail.info] s5GDSSIP008617: s5GDW9IP008618: DSN: Host unknown (Name server: example-com.mail.eo.outlook.com.: host not found)

也是dig截至目前的輸出,雖然目前問題沒有發生,但它允許您查看mx記錄。

>dig example.com mx

; <<>> DiG 9.3.2 <<>> example.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1448
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.                 IN      MX

;; ANSWER SECTION:
example.com.          3461    IN      MX      0 example-com.mail.protection.outlook.com.
example.com.          3461    IN      MX      10 example-com.mail.eo.outlook.com.

;; AUTHORITY SECTION:
example.com.          86261   IN      NS      ns1.example.org.
example.com.          86261   IN      NS      ns2.example.org.

;; Query time: 0 msec
;; SERVER: 10.0.0.109#53(10.0.0.109)
;; WHEN: Thu Jul  3 09:32:08 2014
;; MSG SIZE  rcvd: 215

>dig example-com.mail.protection.outlook.com

; <<>> DiG 9.3.2 <<>> example-com.mail.protection.outlook.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1734
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 6

;; QUESTION SECTION:
;example-com.mail.protection.outlook.com. IN A

;; ANSWER SECTION:
example-com.mail.protection.outlook.com. 10 IN A 207.46.163.170
example-com.mail.protection.outlook.com. 10 IN A 207.46.163.215
example-com.mail.protection.outlook.com. 10 IN A 207.46.163.138

;; AUTHORITY SECTION:
mail.protection.outlook.com. 1800 IN    NS      ns1-proddns.glbdns.o365filtering.com.
mail.protection.outlook.com. 1800 IN    NS      ns2-proddns.glbdns.o365filtering.com.

;; ADDITIONAL SECTION:
ns1-proddns.glbdns.o365filtering.com. 30 IN A   207.46.100.42
ns1-proddns.glbdns.o365filtering.com. 30 IN A   207.46.163.143
ns1-proddns.glbdns.o365filtering.com. 30 IN A   207.46.163.176
ns2-proddns.glbdns.o365filtering.com. 30 IN A   207.46.163.176
ns2-proddns.glbdns.o365filtering.com. 30 IN A   207.46.100.42
ns2-proddns.glbdns.o365filtering.com. 30 IN A   207.46.163.143

;; Query time: 464 msec
;; SERVER: 10.0.0.109#53(10.0.0.109)
;; WHEN: Thu Jul  3 09:33:30 2014
;; MSG SIZE  rcvd: 276

>dig example-com.mail.eo.outlook.com

; <<>> DiG 9.3.2 <<>> example-com.mail.eo.outlook.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 940
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 12

;; QUESTION SECTION:
;example-com.mail.eo.outlook.com. IN  A

;; ANSWER SECTION:
example-com.mail.eo.outlook.com. 10 IN A      207.46.163.138
example-com.mail.eo.outlook.com. 10 IN A      207.46.163.170
example-com.mail.eo.outlook.com. 10 IN A      207.46.163.247

;; AUTHORITY SECTION:
mail.eo.outlook.com.    5450    IN      NS      ns1-prodeodns.glbdns.o365filtering.com.
mail.eo.outlook.com.    5450    IN      NS      ns2-prodeodns.glbdns.o365filtering.com.

;; ADDITIONAL SECTION:
ns1-prodeodns.glbdns.o365filtering.com. 30 IN A 157.55.234.42
ns1-prodeodns.glbdns.o365filtering.com. 30 IN A 157.56.112.42
ns1-prodeodns.glbdns.o365filtering.com. 30 IN A 207.46.100.42
ns1-prodeodns.glbdns.o365filtering.com. 30 IN A 207.46.163.143
ns1-prodeodns.glbdns.o365filtering.com. 30 IN A 207.46.163.176
ns1-prodeodns.glbdns.o365filtering.com. 30 IN A 65.55.169.42
ns2-prodeodns.glbdns.o365filtering.com. 30 IN A 65.55.169.42
ns2-prodeodns.glbdns.o365filtering.com. 30 IN A 157.55.234.42
ns2-prodeodns.glbdns.o365filtering.com. 30 IN A 157.56.112.42
ns2-prodeodns.glbdns.o365filtering.com. 30 IN A 207.46.100.42
ns2-prodeodns.glbdns.o365filtering.com. 30 IN A 207.46.163.143
ns2-prodeodns.glbdns.o365filtering.com. 30 IN A 207.46.163.176

;; Query time: 248 msec
;; SERVER: 10.0.0.109#53(10.0.0.109)
;; WHEN: Thu Jul  3 09:33:45 2014
;; MSG SIZE  rcvd: 368

>

如果 DNS 解析只是超時並且根本沒有從 DNS 伺服器返迴響應,或者返回是 SERVFAIL,則應該將消息排隊並稍後再試。

如果 DNS 解析返回 NXDOMAIN(名稱不存在),則應該立即返回該消息。

請參閱RFC 5321,第 5.1 節

查找首先嘗試查找與該名稱關聯的 MX 記錄。如果找到 CNAME 記錄,則處理結果名稱,就好像它是初始名稱一樣。如果返回不存在的域錯誤,則必須將這種情況報告為錯誤。如果返回臨時錯誤,則消息必須排隊並稍後重試(參見第 4.5.4.1 節)。

在您的情況下,您應該查看您的 DNS 伺服器出現間歇性故障的原因。您還應該檢查 sendmail 的日誌,以準確了解它在嘗試進行 DNS 解析時所看到的內容。

引用自:https://serverfault.com/questions/609699