0

I'm trying to set a catch-all configuration with Bind. I've followed this answer and it works fine : https://serverfault.com/a/397011/179968

Now I'm trying to configure my MX record to configure my Google Apps account. I've modified the fake-master file as follow :

@       IN SOA ns.example.com. hostmaster.example.com. (
            2014111801  ; Serial
            10800       ; Refresh
            3600        ; Retry
            3600000     ; Expire
            86400 )     ; Negative TTL
        IN NS ns2.example.com
*       IN A 192.0.2.127
example.com      IN MX 1 ASPMX.L.GOOGLE.COM.
example.com      IN MX 5 ALT1.ASPMX.L.GOOGLE.COM.
example.com      IN MX 5 ALT2.ASPMX.L.GOOGLE.COM.
example.com      IN MX 10 ALT3.ASPMX.L.GOOGLE.COM.
example.com      IN MX 10 ALT4.ASPMX.L.GOOGLE.COM.

But it does not seem to work :

dig mx example.com

; <<>> DiG 9.9.5-3-Ubuntu <<>> mx example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43445
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.                    IN      MX

;; Query time: 0 msec
;; SERVER: XX.XX.XX.XX#53(XX.XX.XX.XX) <<-- Not my server !
;; WHEN: Tue Nov 18 07:24:51 EST 2014
;; MSG SIZE  rcvd: 39

Any idea of what could be wrong? Or maybe I've just to wait a little that the DNS propagates itself?

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
Kevin
  • 59
  • 5
  • 3
    try `dig @your.server.with.record mx mydomain.com` – NickW Nov 18 '14 at 12:27
  • No, it wasn't this, without @myserver I got the same result. – Kevin Nov 18 '14 at 14:39
  • Did you update the serial of the zone before doing the rndc reload? – Alex Nov 18 '14 at 14:41
  • I'm going to have to go for the snob answer here: I don't think you're experienced enough to run this configuration. You're running a `.` zone, are coming to us with insufficient information to diagnose a `SERVFAIL` response from an intermediate caching server (`dig +trace mydomain.com MX` might help), and are confused by the IP address of a `/etc/resolv.conf` entry showing up in `dig`. Please start with a *basic* configuration for one domain, get it working from end to end, and then attempt the more complex configuration. Redacting your domain also makes it very difficult for us to help you. – Andrew B Nov 18 '14 at 17:52
  • The goal is not to practice here, it's to have something working. I wouldn't ask else. – Kevin Nov 20 '14 at 23:05

1 Answers1

1

I think you may need to add a . to the end of example.com on the MX lines

as below

*       IN A 192.0.2.127
example.com.      IN MX 1 ASPMX.L.GOOGLE.COM.
example.com.      IN MX 5 ALT1.ASPMX.L.GOOGLE.COM.
example.com.      IN MX 5 ALT2.ASPMX.L.GOOGLE.COM.
example.com.      IN MX 10 ALT3.ASPMX.L.GOOGLE.COM.
example.com.      IN MX 10 ALT4.ASPMX.L.GOOGLE.COM.

otherwise the MX resolve for

example.com.example.com

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
user1075894
  • 55
  • 1
  • 5
  • That's right. But when trying to do this, I got an error (Bind restart without error but when using `dig` I got no result...). So I've replaced `mydomain.com.` with `*`. It is working, but so I'm using the google server for every domains and not only for mydomain.com. – Kevin Nov 18 '14 at 14:41
  • if the zone file is for mydomain.com you could just replace the mydomain.com. with an @ -- `@ IN MX 1 ASPMX.L.GOOGLE.COM.` and you will need to tweak the serial number as @Alex mentioned – user1075894 Nov 18 '14 at 14:48
  • I'm trying to get the same DNS for all domains, so this zone file is not for `mydomain.com` but for `.`. And yes, I've updated the serial number. – Kevin Nov 18 '14 at 17:20
  • The trailing dot shouldn't be necessary. It's not explicitly stated in this question, but the linked answer that this config was based off of sets this zone up as `.`. – Andrew B Nov 18 '14 at 17:35