Message Board

Donating MX Entries

Older Posts ]   [ Newer Posts ]
 Nameservers for sub-domains
Author: J.Nasby   (28 Oct 04 4:25pm)
I'm trying to donate some MX's as sub-domains of decibel.org and nasby.net. The MX donation pages are saying all 4 of my DNS servers for those domains need to be updated. 2 of the servers for each domain are from secondary.com, which I don't have direct control over. They secondary nasyb.net and decibel.org, but not the sub-domains. The appropriate NS records for the sub-domains do exist in the domains.

Is the tester being overjealous? I can do lookups on the MX records (at least for nasby.net; decibel.org needs to refresh after a recent fix...)
 
 Re: Nameservers for sub-domains
Author: M.Prince   (28 Oct 04 5:01pm)
Hmmm.... the verification process looks at all the name servers with authority for a particular domain. Verification won't complete unless we ensure that all the MX records for a domain are pointing to our servers. This is necessary to ensure that someone doesn't misconfigure their DNS or potentially abuse the system. For example, one name server pointing to the wrong location could result in a significant amount of mail being misrouted.

As you suspected, it looks like the DNS changes are verifying for the one name server but failing on the other. Is there any way that you can get secondary.com to include the MX entries for the subdomains you are donating?
 
 Re: Nameservers for sub-domains
Author: J.Nasby   (28 Oct 04 6:06pm)
I might be able to, but I'd rather not since there's a limit on how many domains they'll secondary for free. A better question is: why should I need to? Their name servers are not authoritative for the subdomains, nor are they listed.
 
 Re: Nameservers for sub-domains
Author: J.Chan   (30 Oct 04 6:56am)
I may be missing some subtlety of what you're trying to do, but it should not be necessary to actually delegate subdomains in order to set up MX records for use with Project Honey Pot. My zone files are flat (just the parent domain) and appear to work just fine:


$TTL 86400
$ORIGIN drivingmontana.com.
@ IN SOA ns1.freeapp.net. hostmaster.ns1.freeapp.net. (
17 ; Serial
43200 ; Refresh twice a day
900 ; Retry refresh every 15 minutes
604800 ; Expire 1 week
259200 ; Minimum ttl 3 days
)

@ IN NS ns1.freeapp.net.
@ IN NS dns2.supranet.net.
;; @ IN NS dns3.supranet.net.

@ IN MX 5 ns1.freeapp.net.

@ IN A 66.170.2.61

www IN A 66.170.2.61
ftp IN CNAME www

;; for project honeypot
mail IN MX 10 mx2.mxmailer.com.
smtp IN MX 10 mx3.mxmailer.com.
pop IN MX 10 mx4.mxmailer.com.
imap IN MX 10 mx5.mxmailer.com.
etrn IN MX 10 mx6.mxmailer.com.

No special arrangements were needed with the secondary; ordinary seconardying of the parent zone got the additional MX records served up there, as expected. Since these are not delegated, they're technically not subdomains, just MX hosts.
 
 Re: Nameservers for sub-domains
Author: J.Chan   (30 Oct 04 6:58am)
In case it's not clear, by "parent domain" I refer to the registered domain drivingmontana.com, not the parent of that, which is .com. It would the parent for subdomain delegations, if there were any. A subdomain MX would look like:

mail.subdomain.domain.com

which probably is not necessary when mail.domain.com will work.
 
 Re: Nameservers for sub-domains
Author: M.Prince   (30 Oct 04 8:55pm)
J. Nasby --
We're looking into whether we can modify the current verification procedures for MX entries in order to allow for the case where a different set of name servers is authoritative for a donated subdomain than the parent domain. I understand your point that think it is valid. It's just not a case we'd originally architected the system to allow.

I think you may be correct that we are being overly cautious. We'll test and see if there's a way we can modify the current verification in order to allow for configurations such as yours. However, because of the potential for abuse, we're going to proceed carefully before opening the system up beyond what we know to work pretty well.

I apologize again for the trouble. Thanks for helping out.

Cheers,
Matthew.
 
 Re: Nameservers for sub-domains
Author: J.Simpson   (23 Nov 04 3:50am)
there's no need to delegate sub-domains. just make up a bogus hostname that looks like a legitimate mail server name, but has nothing to do with the actual delivery of your domain's existing mail.

for example, let's say you're running BIND, and trying to donate "mail3.decibel.org" to the cause...

in the zone file for "decibel.org", add this line (substituting whatever hostname they told you to point your mail to)...

mail3 IN MX 0 mx9.mxmailer.com.

if you've already set up a sub-domain, you need to remove it from your named.conf file. also remove any NS records you may have added to the zone file in order to set up the delegation. remember to increment the serial number in your zone file, and restart named.

this will be propogated to your secondary servers without any trouble, the automated testing will be happy, and your donated MX will be doing a service to the world.
 
 Re: Nameservers for sub-domains
Author: N.Johnson2   (10 Mar 06 2:54am)
Hi there.

I had a similar problem, wanting to donate pot.dr-devaint.net and pot.thenige.net.

In my zone file I had the following definition.

MX 10 pot.dr-deviant.net.

and in the origin section I had the following
pot CNAME mx3.mxmailer.com

I could ping the new domain and do an NSLOOKUP on both the primary and secondary
C:\Documents and Settings\Administrator>ping pot.dr-deviant.net

Pinging mx2.mxmailer.com [66.139.76.143] with 32 bytes of data:

Reply from 66.139.76.143: bytes=32 time=147ms TTL=51
Reply from 66.139.76.143: bytes=32 time=160ms TTL=51
Reply from 66.139.76.143: bytes=32 time=147ms TTL=51
Reply from 66.139.76.143: bytes=32 time=147ms TTL=51

Ping statistics for 66.139.76.143:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 147ms, Maximum = 160ms, Average = 150ms

C:\Documents and Settings\Administrator>nslookup - ns2.dr-deviant.net
Default Server: <snip>
Address: 81.29.69.160

> pot.dr-deviant.net
Server: <snip>
Address: <snip>

Name: mx2.mxmailer.com
Address: 66.139.76.143
Aliases: pot.dr-deviant.net

> exit

But I still got errors on the verification test. I found the post above and added the line you mention (after removing the others) into my zone file (after the origin), and now its busted.

[root@ns1 named]# ping pot.dr-deviant.net
ping: unknown host pot.dr-deviant.net

Post Edited (10 Mar 06 1:56am)
 
 Re: Nameservers for sub-domains
Author: N.Johnson2   (10 Mar 06 2:11pm)
Ah, I take it back, the registration works with the non-pingable host entry.

voodoo.

Thanks



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email