Nameserver glue records issue (with GoDaddy)

Keith_Rettig · August 29, 2023, 2:56am

Anyone else having this issue?
The last few days I have been having access issue (users unable to get to the server) to two different MaiB servers. Both are on the same network and in the same datacenter rack. DNS queries were not finding the IP address of either email server. After many hours of fiddling for the first server, I concluded that the Nameserver glue records had to go. If you queried MX for any of the domains I host, you would get “DNS No Valid NameServers Responded; Not able to get a response from name servers within timeframe” from MxToolBox.com. If I did dig I got ‘timeout’ and no answer. Interestingly enough, the server itself was lagging on every action and kept returning that “unable to resolve domain.com” (the domain of the server).

Removing the Nameserver glue records was the only thing that worked.
It is almost as if GoDaddy decided to stop forwarding the query from it. But now it works and is the fastest it has been in a long time.
The downside is that now I have a new error; “The DANE TLSA record for incoming mail (25.tcp.mail.domain.com) is not correct”. I assume that is because MiaB’s DNS server was loading that.

Keith.

caaapkxtsgoold · September 8, 2023, 8:13am

If you need help you really need to list all the records you’re using. It’s impossible to guess what’s wrong. Copy and paste them to a text find, then use the “find and replace” option to change the domain to example.com and the ip to whatever.
I suspect you may have some duplicate records that are causing the problem.

Keith_Rettig · September 8, 2023, 6:50pm

Seems the like the real solution was removing my configuration for using Quad Nines DNS services on the MiaB machine and just allowing resolve.conf to be the 127.0.0.1 address. And removing the name server glue records didn’t hurt. I might try putting them back in to see what happens.

alento · September 13, 2023, 7:31pm

This has all the symptom’s of being a DNSSEC issue. Was DNSSEC enabled on the domain at any point in time?

If you’ve removed Glue, I presume that you are using external DNS?

Keith_Rettig · October 16, 2023, 6:20am

DNSSEC not enabled. Yes on using external DNS.

miabuser · October 16, 2023, 8:25am

If you are using external DNS you don’t need to configure any glue records, unless you are running your own authoritative name servers.

system · November 25, 2023, 8:25am

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.