Strange DNS issue

Hi there,

I have BIND running on a Virtualmin pro (3.55) install on Centos5.

I have three TXT records for a particular domain. 1 is SPF and the other 2 are Domainkeys related.

I use this DNS lookup tool - http://network-tools.com/nslook/ and it appears that only the SPF record is showing, but reports nothing about the other 2.

I’m scratching my head with this one. None of tests (for checking if dkim/domainkeys will work) are passing. All fails because they can’t check DNS records.

Does anyone have a clue? They (TXT records) are definitely there and have been for over a week.

Regards Steven

The domain is www.connormunro.com

Yep, you don’t have any other txt records:

joe@corin:~$ host -t txt connormunro.com
connormunro.com descriptive text "v=spf1 a mx a:connormunro.com ip4:209.20.67.111 ?all"

You’ll need to check your logs when restarting named to see if it’ll give you a clue why it’s not serving your other records. Probably a typo (though I thought a typo in a host file would break the whole zone…so maybe not a typo).

Hi Joe, here is the records file for the zone.

I don’t know where to find the log files for named.

[code:1]
$ttl 38400
@ IN SOA NS1.UF-DNS.NET. info.unlimitedfun.co.nz. (
1208213159
10800
3600
604800
38400 )
@ IN NS NS1.UF-DNS.NET.
@ IN NS NS2.UF-DNS.NET.
connormunro.com. IN A 209.20.67.111
www.connormunro.com. IN A 209.20.67.111
ftp.connormunro.com. IN A 209.20.67.111
m.connormunro.com. IN A 209.20.67.111
localhost.connormunro.com. IN A 127.0.0.1
mail.connormunro.com. IN A 209.20.67.111
connormunro.com. IN MX 5 mail.connormunro.com.
connormunro.com. IN TXT "v=spf1 a mx a:connormunro.com ip4:209.20.67.111 ?all"
connormunro._domainkey.connormunro.com. IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL3o7ee3VINF1X9KapuFI4xKpBKISxPZrd5u08w9GzCrEddF+/q74qWMijdK4e3PDf5ojDiHS4jeRMxwS4pPpETezA7rs58ulwW23QuKPKDwXQnxM43mwW7M3lWb7cZxzcz3ct4dep0tt4VAIt8NzP3/ON"
_domainkey.connormunro.com. IN TXT "o=- r=postmaster@connormunro.com"
connormunro.com. IN MX 10 209.20.67.235.

[/code:1]

Regards Steven

Hi Joe, thank you very much for that insight.

I think my DNS records are correct for domainkeys/DKIM, for some reason the likes of Yahoo.com (and other tests) can’t access the key from these records, even thought the selector ‘connormunro’ is set. Strange, but I will figure this out one way or another. Just in case there is someone out there who knows something about domainkeys/DKIM (that I don’t), here is the headers of an email I sent to my gmail address.

[code:1]

Delivered-To: xxxx@gmail.com
Received: by 10.110.63.3 with SMTP id l3cs230399tia;
Sat, 26 Apr 2008 12:44:42 -0700 (PDT)
Received: by 10.35.95.1 with SMTP id x1mr10031306pyl.59.1209239081877;
Sat, 26 Apr 2008 12:44:41 -0700 (PDT)
Return-Path: <connor@connormunro.com>
Received: from u5.ufweb.net ([209.20.67.111])
by mx.google.com with ESMTP id a22si4555545pye.33.2008.04.26.12.44.40;
Sat, 26 Apr 2008 12:44:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of connor@connormunro.com designates 209.20.67.111 as permitted sender) client-ip=209.20.67.111;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of connor@connormunro.com designates 209.20.67.111 as permitted sender) smtp.mail=connor@connormunro.com; dkim=neutral (no signature) header.i=@connormunro.com
Received: from u5.ufweb.net (u5.ufweb.net [127.0.0.1])
by u5.ufweb.net (Postfix) with ESMTP id F03A729C874
for <xxxx@gmail.com>; Sat, 26 Apr 2008 15:44:39 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=connormunro.com; h=
mime-version:date:from:to:«»subject:message-id:content-type:
content-transfer-encoding; q=dns/txt; s=connormunro; bh=/edzoYuy
n17WXm8KeqcX/R+khdQ=; b=XWvdZDrmk6r0VanoPDZd6v8nD6WPBp9eMIZWpVuN
tJhq5f8Reui1lTdZxEvt/55etp7I6quoTTLvrxQcpQb19watW1KrijuSPuSLUch3
rM6VyDl0Y9bP4AerGp3hqpDWEgth8uZIXBk/NTkFmoW+cr5N+Wr/Zw2MZQiB2Sva
01A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=connormunro.com; h=mime-version:
date:from:to:«»subject:message-id:content-type:
content-transfer-encoding; q=dns; s=connormunro; b=VXN1PSB0mk+b+
5SkEQPcur9lRyjWmAGEEjWrk1ICVKVgLxbB9NqQN1zvp2fwdNljT4Pbj1neIyE4C
zQD3f3K/BTn5+np97mF/PrRuuttHlyNXyCXuOcpUm4auq7F2rR//8hT4iDeDPyZ4
gLHDFdpY/Sa0CLii7rarQ3oZBrpqDc=
Received: from www.connormunro.com (u5.ufweb.net [127.0.0.1])
by u5.ufweb.net (Postfix) with ESMTP id CA34429C39A
for <xxxx@gmail.com>; Sat, 26 Apr 2008 15:44:39 -0400 (EDT)

[/code:1]

Regads Steven

Hehehe…I’m not sure how you would expect a TXT record for connormunro._domainkey.connormunro.com. to show up when you query connormunro.com.

When I look it up with the right now, it comes back fine:

[joe@delilah wbm]$ host -t txt connormunro._domainkey.connormunro.com.
connormunro._domainkey.connormunro.com descriptive text "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL3o7ee3VINF1X9KapuFI4xKpBKISxPZrd5u08w9GzCrEddF+/q74qWMijdK4e3PDf5ojDiHS4jeRMxwS4pPpETezA7rs58ulwW23QuKPKDwXQnxM43mwW7M3lWb7cZxzcz3ct4dep0tt4VAIt8NzP3/ON"

I don’t know anything about how to setup a domainkey…so I don’t know what MTAs are looking for–but a TXT record is pulled up by the exact name to which it is associated. To pull up the ones you’ve defined you would have to lookup connormunro._domainkey.connormunro.com. and _domainkey.connormunro.com.