Educause Security Discussion mailing list archives

Re: Mysterious Email Problems

From: Prof Vaughn <Randy_Vaughn () BAYLOR EDU>
Date: Fri, 12 Sep 2003 21:59:57 -0500

Most interesting.  I took the liberty of asking an acquaintance in the
DNS server business what might be going on.  Here is his response:
---------------------------
Good evening Professor!

What "may" be happening is that the DNS software on the server
that is supposed to be answering the rdns queries is locking up
or crashing...in which case the .edu server would default to the
isp or some other DNS server listed as backup, now the other
DNS servers and ISP will not have the necessary intranet info's.

Also what can happen if the DNS server is loaded too heavily
is that it will queue it's queries and then the remote mail server
will possibly have passed it's allotted "response" period or ttl
(time to live) for a reply to its rdns request.

Both of those and many other issues have been tended to in
our commercial DNS server software.  One site license will
serve for all units on a campus (inclusive of server and clients).
(configurations compatible with basic bind syntax)

'Seek and ye shall find'
NT Canuck
support () ntcanuck com

http://ntcanuck.com     BIND-PE & DNS
http://ntcanuck.com/tq/  Tips & Tweaks
http://ntcanuck.com/net/board/index.php
news://news.grc.com/grc.techtalk.dns.bind_pe_beta



---------------------------
Best regards,
R Vaughn
Professor
Information Systems
off :(254) 710 4756
fax :(254) 710 1091
dept:(254) 710 2258
mailto:Randy_Vaughn () Baylor edu


Friday, September 12, 2003, 7:51:04 PM, you wrote:

Wow, I thought we were alone.  We have some cases where the
mail doesn't deliver from some locations, and in some cases
it comes days late.  We've tried working this out with our
vendor and the organizations involved.

Technically we believe the problem is as follows:  The MX
record of the destination domain is not present in the
default DNS query, therefore, our mail server does not see a
legitimate destination mail system and causes the failure
reported.  In some cases the primary entry isn't processed
because it is not "valid" but several days later a secondary
entry will work.  We've been exploring the following items:
(1)  When we moved from BIND to Windows DNS in December of
2002, did the "query mechanism" change?  (2)  Are the
differences between the registration records for the sites
that work and the sites that don't work significant to the
problem we are experiencing - but that doesn't pan out.  We
note here that several of the places with email disruption
are medical facilities - hospitals in particular.  Are they
doing something different?

Theresa Rowe

---- Original message ----

Date: Fri, 12 Sep 2003 16:29:32 -0700
From: gmalone <gmalone () PCC EDU>
Subject: [SECURITY] Mysterious Email Problems
To: SECURITY () LISTSERV EDUCAUSE EDU

Hello Group,

Over the last two or three months, Portland Community

College (PCC) has had

mysterious email problems related to receiving incoming

email messages.  A

college or vendor will send an email message to an

individual at PCC and

sometimes it will go through and sometimes it won't.  We

have worked with

two vendors and two universities to try and determine the

root cause of the

problems.  It appears that when the sending email server

sends a reverse

look-up for our domain it can find it sometimes and other

times it

can't.  We have checked and rechecked our external DNS

records.  We have

even had IT staff at the sending institution perform DNS

look-ups at the

same time a message is sent.   We have found cases where the

DNS look-up

will work but the email will be rejected because our domain

is

unknown.   I've been told that both of the universities we

are working with

have similar intermittent problems.

We have heard and discussed several theories such as the

Spam software may

be casing the problem, or the need for a second

authoritative DNS server

out side PCC, and even the possibility that the virus

problem may be

causing this by flooding segments of the Internet

periodically.  I'll admit

that this is not my area of expertise and all these worms

and viruses have

caused us all to second guess our fundamental strategies.  I

like to find

out if this is an issue unique to PCC so I can decide what

actions to take

next.  Are there other colleges or universities out there

who have been

experiencing problems like this?   If so were you able to

determine the

root cause? Thanks.

Greg



=============================================================

==============

Greg Malone
Portland Community College
Manager, Technical Services
Sylvania Campus CC219
12000 SW 49th Ave
Portland, OR  97280-0990
email:  gmalone () pcc edu
Phone:  (503) 977-4390
Fax:  (503) 977-4390
=============================================================

==============


**********
Participation and subscription information for this EDUCAUSE

Discussion Group discussion list can be found at
http://www.educause.edu/cg/.
Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Mysterious Email Problems gmalone (Sep 12)
- <Possible follow-ups>
- Re: Mysterious Email Problems Theresa M Rowe (Sep 12)
- Re: Mysterious Email Problems Prof Vaughn (Sep 12)
- Re: Mysterious Email Problems GREGORY SCHAFFER (Sep 13)
- Re: Mysterious Email Problems Barros, Jacob (Sep 15)
- Re: Mysterious Email Problems Brian Kaye (Sep 15)