[SOLVED] Delivery to one specific domain fails for an hour or two, then it works again

[aasami]

Here is error report, when it doesn't work:

Nov  4 09:58:08 pmg postfix/smtp[2812391]: B90D347EA8: to=<user@example.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=example.com type=AAAA: Host found but no data record of requested type)

The domain doesn't have an A or AAAA records. Only the MX record.
If more info is needed please ask.
Do you have any thoughts what could cause this behavior?

 

[Stoiko Ivanov]

I would check dns-resolution directly on the PMG installation:
* install drill (apt install ldsnutils)
* `drill mx example.com`
* for the result of the mx lookup - I assume: mail.example.com
* `drill any mail.example.com`
* `drill aaaa mail.example.com`

I hope this helps!

 

[aasami]

I would check dns-resolution directly on the PMG installation

There is only A record for "mail.exmample.com" no AAAA record found.
This sholudn't be a problem normally. Most domains we communicate with doesn't have AAAA records and delivery works to those.

 

[Stoiko Ivanov]

the lack of AAAA is indeed not a problem - as long as there is an address it will work

anyways - did you run the checks on your PMG - if possible - share the output - else it's not really possible to help any further...
the log you posted says that postfix could not find an address for the domain ...

 

[aasami]

Yes, I checked it from PMG. Here is the output:

[pmg ~]# drill mx nlcsk.org
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 46346
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; nlcsk.org.   IN      MX

;; ANSWER SECTION:
nlcsk.org.      917     IN      MX      5 nlcsk-org.mail.protection.outlook.com.

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 194.160.170.5
;; WHEN: Fri Nov  4 14:54:16 2022
;; MSG SIZE  rcvd: 80
[pmg ~]#
[pmg ~]#
[pmg ~]#
[pmg ~] #drill any nlcsk-org.mail.protection.outlook.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 32604
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0 
;; QUESTION SECTION:
;; nlcsk-org.mail.protection.outlook.com.       IN      ANY

;; ANSWER SECTION:
nlcsk-org.mail.protection.outlook.com.  10      IN      A       104.47.12.36
nlcsk-org.mail.protection.outlook.com.  10      IN      A       104.47.14.36

;; AUTHORITY SECTION:
mail.protection.outlook.com.    1799    IN      NS      ns1-proddns.glbdns.o365filtering.com.
mail.protection.outlook.com.    1799    IN      NS      ns2-proddns.glbdns.o365filtering.com.

;; ADDITIONAL SECTION:

;; Query time: 1138 msec
;; SERVER: 194.160.170.6
;; WHEN: Fri Nov  4 14:54:27 2022
;; MSG SIZE  rcvd: 160
[pmg ~]#

 

[Stoiko Ivanov]

I think this might be an issue with the dns-setup of nlcsk.org:

$ dig ns nlcsk.org +short +norec
ns2.wbsk.sk.
ns.wbsk.sk.
dns1.p05.nsone.net.
ns1.wbsk.sk.

$ dig mx nlcsk.org  @dns1.p05.nsone.net.

; <<>> DiG 9.16.33-Debian <<>> mx nlcsk.org @dns1.p05.nsone.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15815
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;nlcsk.org.            IN    MX

;; AUTHORITY SECTION:
nlcsk.org.        3600    IN    SOA    dns1.p05.nsone.net. domains+netlify.netlify.com. 1648118663 43200 7200 1209600 3600

;; Query time: 16 msec
;; SERVER: 198.51.44.5#53(198.51.44.5)
;; WHEN: Fri Nov 04 15:10:52 CET 2022
;; MSG SIZE  rcvd: 119

so one of the authoritative nameservers for nlcsk.org does not have the mx record.
I assume your PMG got the response from that nameserver when delivery did not work (and the ttl being 3600 results in the wrong answer being cached for one hour)

-> ask their domain-admin to fix the nameservers

I hope this helps!

 

[aasami]

You nailed it! This helps a LOT indeed! Thank you Stoiko.You're the man!