Hi,
I have a RH 7.2 which I use as a web and e-mail server
When I switched the domain name to point to the ip of the server, I can access the website ok, but when I try to send or receive e-mail with the domain name I get the following on the tcpdump: icmp: portableglobe: udp port domain unreachable (DF) [tod 0xc0]
P.S: When I send or receive e-mail with ip address instead of the domain name, it works fine
Also in the maillog I get the following error:
Domain of sender my.account@my.domain does not resolve

I appreciate all the help
Mohamed

Technically, a domain name (ie mydomain.org) doesn't normally resolve to an ip address as such, though BIND does allow a default host for domains, so you've probably set the default host for your domain to your ip address.

This will work fine for pinging the domain name, ftp, http etc.

However, email uses a different set of records. You need to set up Mail Exchanger (MX) records for your domain.

You can just set up one host as your Mail Exchanger, but you can set up as many as you like in order of preference as backups (if the higher-preference server fails, try the next and so on).

Your DNS host should have more information on setting up Mail Exchangers for your domain.

Alternatively, set up a proper _hostname_ for your machine, ie. myhost.mydomain.com

You should then be able to send email to name@myhost.mydomain.com -- as long as you have set up your mail server to accept mail and deliver it locally for that hostname.

Cheers
Ian

DNS is used to convert names to ip numbers.

Something in your configuration is blocking acces to the dns server or it's signals.

Check your firewall and make sure you have permission for udp & tcp port 53 to come back in, both to INPUT and FORWARD chains.

Regards,
Peter

Hi Ian,
I think I should clarify the situation a little bit.
The server is directly connected to the ISP (i.e. I do not have any domain ame server othe rhan the ISP's, I do not have a firewall other than that of RH), I think this is not the normal case, any suggestions?

Thankx,
Mohamed

Hi Peter,
I think I should clarify the situation a little bit.
The server is directly connected to the ISP (i.e. I do not have any domain ame server othe rhan the ISP's, I do not have a firewall other than that of RH), I think this is
not the normal case, any suggestions?
Also, for the time bing I am using ipchains -F and xhosts + just to make sure that that iptables or other access level is the problem.

Thanx,
Mohaned

Can you resolve other domains okay?

ie does `ping www.yahoo.co.uk` work?

Do you have a registered domain name, or are you just using one locally set up?

With regard the ipchains -F, that just flushes the chain, you may still have it set to default to DENY or REJECT.

Check ipchains -L. If it's set to DENY or REJECT on the input chain, try `ipchains -P input ACCEPT`.

If you are using an external DNS host, and have a domain registered, you will need to set up MX records in order to send mail to it, and your mail server must be set to accept mail for that domain for local delivery.

By the way, particularly if you're on a Cable/DSL connection, you really must have some sort of firewall running, and don't globally allow access to your x host -- there's no reason at all anyone outside your own network should have access to that! (And it could potentially allow anyone to run whatever code they liked on your PC.)

By far the better way to set up your firewall is to run `lokkit` as root, and set it to allow access to the services you need to provide - from what you've said so far, that's probably DHCP, DNS, SMTP and HTTP.

Hi Lan,
I will try to follow what you mentioned, but I am not familiar with the "MX" thing, what is it and how do I do it?
Thanx for your help,
Mohamed

MX records are the _M_ail e_X_changer records, held by your ISP, which tell other mail servers how to connect to you to send mail to your domain. They are completely separate from the default hostname for your domain name, which is what I think you set.

You need to actually answer the questions we've asked in these posts (and give the results of all the things I mentioned to try in the previous post), and with more information we might be able to help!

Most importantly, when you say you've set up your domain name to point to your IP address, do you mean you've set it up with a _registered_ (ISP) domain name service, or do you just mean you've set it up only on your local machine?

When you're trying to send email, and it's failing, are you sending email from your machine out to an Internet email address?

We need more details!

Try this to see what the DNS server reckons the addresses are...
dig -t MX my.domain
or dig @isp_DNS_SERVER -t MX my.domain

& to disable your firewall temporarily
service ipchains/iptables stop/start

Regards,
Peter.

Hi Lan and Peter,
Here is the whole story.
I have a server with RH 7.1, and it is directly connected to the internet through dsl link with no firewall.
I have a domain name registered (with VeriSign), and I made the primary domain server entry point to my server (and made the secondary point to another ip address I have that is connected to another network with a firewall since I only have one server)

When I first posted my problem, I did not have any dns on my machine (I thought that just putting the ip's of the dns's of the isp was enogh)

Now I configured "named" on this server, and this is the current situation:
I can send and receive mail locall
I can send to the outside only if the email has myname@LOCALHOST.LOCALDOMAIN as the sender, otherwise, I get error : Domain of sender address myname@mydomain.com does not resolve

I also tried to send to the server but I did not receive anything and still no failure or delay notice sent back to me

There is another point, when I use the ip address of the server to send or receive, it is ok (except a few domains that refuses to accept mail from ip rather than domain name)

Also, I tried to ping outside and it is ok
I tried the "dig" both before named and after and in both cases I got "connection timed out; no servers could be reached"

Also, before named, I noticed in tcpdump the message "icmp: udp port domain unreachable", after using named, the message changed to : "icmp: localhost.localdomain udp port 32826 unreachable" with the port number incrementing every few messages

I also tried ipchains -L and all were ACCEPT (input, forward and output)

I hope this cleared the situation a bit, and I appreciate all the help

Mohamed

Just a thought...

If your ISP has directed all the dns traffic to your ip address, you will need to have a dns server working to answer all the queries that come, including a MX record for your email domain name.

Have you set up a full dns Master zone for your domain name?

If not, the HOW_TO is here http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html

Regards,
Peter