Re: RESOLVED: suddenly getting these in my mail.log: dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=external.com type=MX: Host not found, try again)

On Tue, Mar 01, 2011 at 07:00:43PM -0600, /dev/rob0 wrote:
> [ top-posting fixed, please don't do that ]
>
> On Tue, Mar 01, 2011 at 05:34:50PM -0700, Jeff Orrok wrote:
> > On 3/1/2011 4:57 PM, Wietse Venema wrote:
> > >See:
> > >http://www.postfix.org/DEBUG_README.html#no_chroot
> > >
> > >and please complain to your supplier.
>
> > Thanks Wietse! :-)
> >
> > I changed all -'s to n's in master.cf chroot column and did a
> > postfix reload and a postqueue -f and everything sailed away
> > smoothly.
> >
> > But I'm mystified as to why it would be working fine for an entire
> > month and then out of the blue (well, ok, the client thinks there
> > may have been a power failure) start to misbehave. The date on
> > master.cf was Jan 24, which I think is when I installed it. Why
> > would it suddenly break? I've done postfix reload several times
> > since installing, possibly even restarting postfix as well.
>
> This is not surprising if you're not using your own local
> nameserver.[1] One obvious possibility is that the provider changed
> IP addresses of nameservers given to DHCP and other network clients.
> Perhaps your answer lies in /var/spool/postfix/etc/resolv.conf if
> your restarts were not done using the Debian init script.
>
> I've had enough problems with bad ISPs and their bad nameservers; I
> always run my own BIND named(8) doing recursion[1] for the Postfix
> server. That way, when there are DNS problems, they also show up in
> the named logs as well as Postfix logs.
>
> Debian provides a README for their package. Please review it.
>
> I agree with Wietse about Debian's chroot. It was a poor decision on
> their part to chroot by default. A very high percentage of "Postfix"
> problems are attributable to this decision.
>
>
>
> [1] I believe the Debian BIND package has another unwise default,
> which is to use global forwarders rather than recursion. Use
> caution, and consult Debian and ISC documentation, if you decide
> to run your own nameserver for the Postfix machine.
> --
> Offlist mail to this address is discarded unless
> "/dev/rob0" or "not-spam" is in Subject: header
>

I agree that running a local recusive nameserver is the way to
go. I would recommend that you use pdns_recursor-3.3+ instead:

http://www.powerdns.com/news/pdns-recursor-3-3-released.aspx

There are .deb and .rpm versions available for x86. It is very
simple, very secure, and very lightweight compared to BIND's
named.

Cheers,
Ken

• This message: [ Message body ]
• Next message: David Newman: "authorizing relays via script"
• Previous message: lst_hoe02_at_nospam: "Re: posfix rejected from google server"
• In reply to: /dev/rob0: "Re: RESOLVED: suddenly getting these in my mail.log: dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=external.com type=MX: Host not found, try again)"
• Next in thread: Stan Hoeppner: "Re: RESOLVED: suddenly getting these in my mail.log: dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=external.com type=MX: Host not found, try again)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]