The DNS Must Die
The DNS Must Die... That's all there is to it.
I learn more about the upkeep of our servers by chasing some of the little things that I could ever learn just reading a book on the subject. Over the last few weeks I've been chasing a mail problem where we couldn't email outside the company to Yahoo or AOL users. We thought it was one of several things.
First I tried adding a reverse DNS lookup to our external DNS servers. This allows a server to take an IP address and confirm that the sender is legitimate. It's not error proof, but it does cut down on the spam. After calls to our ISP for the office and for our production co-located facility, I managed to get them to point to our DNS servers. Once there I had to figure out how to set up a reverse DNS zone on the Linux servers that serve as our external DNS servers. All of that work took me about a week of research and trial and error. Oh... And it failed to fix the problem.
Next I got on the mail server and tried to run "nslookup -querytype=mx yahoo.com" Nothing... Well with that I had my next lead. I knew that the DNS wasn't returning the IP addresses for Yahoo's mail servers to I went to the internal DNS and added forwarders so that when it didn't know how to handle a request it would at least go ask for help before throwing up it's hands (figuratively speaking) and saying I don't know how to handle your request.
That fixed my Yahoo and AOL problems, but we still had one host that wasn't responding. We managed to get it working, but the problem came back 30 minutes later. I hate Microsoft's DNS server. I'm quickly becoming a Linux fan when it comes to network architecture. Linux is much more complicated to set up, but once it's configured properly it's no where near as likely to fail. All that to say that I think that our internal DNS server should die a slow and painful death. A curse on both it's houses. It's working now, and I'm not going to mess with it, but who knows when it could decide to quit working again. Grr....
But you know what... I learned a whole lot. I guess that really should count for something. But I'm still going to cast evil glances and that stupid server every time I walk past it.
