View previous topic :: View next topic |
Author |
Message |
keet Guru
Joined: 09 Sep 2008 Posts: 565
|
Posted: Thu May 19, 2022 3:26 pm Post subject: Service records |
|
|
Hello, I know that this is a bit outside the realm of Gentoo, but I'm not sure where else to ask. I have a domain with multiple servers, and I'm having trouble making services records (SRV) work with my D.N.S. provider.
Am I understanding correctly what service records are supposed to do? I have two servers, one of which hosts email and the other of which hosts webservices. Let's say that my domain is mydomain.com, and I have mail.mydomain.com and www.mydomain.com. Mydomain.com is also pointed to www.mydomain.com's I.P. address.
What I want to happen is that when traffic is sent to mydomain.com on port 587, it goes to mail.mydomain.com. This is not happening.
I called my D.N.S. provider, and after a long time of insisting that it was a problem with the D.N.S. record setup (which I got from their documentation) and then a problem with my mail server (which is completely unrelated -- even if the mail server isn't working, the traffic should still go to one place or the other, and it's not) and they said to make an A record for @ that points to mail.mydomain.com's I.P. address. That way, I have two @ records, one for www and one for mail.
However, that's not what I want, because now traffic goes to both servers instead of just one.
This is how the record is configured:
Code: |
Type: SRV
Service: _submission
Protocol: _tcp
Name: @
Value: mail.mydomain.com
Priority: 1
Weight 5:
Port: 587
TTL: 1/2 hour
|
This is what happens when I run dig srv _submission._tcp.mydomain.com:
Code: | ; <<>> DiG 9.16.27 <<>> srv _submission._tcp.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16952
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_submission._tcp.mydomain.com. IN SRV
;; ANSWER SECTION:
_submission._tcp.mydomain.com. 1800 IN SRV 1 5 587 mail.mydomain.com. |
When I run nc -vz mydomain.com 587, it tries both servers:
Code: | nc: connect to mydomain.com port 587 (tcp) failed: Connection refused
Connection to mydomain.com 587 port [tcp/submission] succeeded! |
I do have an A record for mail:
Code: | Type: A
Name: mail
Value: (mail's I.P. address)
TTL: 1/2 hour |
|
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3875
|
Posted: Thu May 19, 2022 3:45 pm Post subject: |
|
|
www.mydomain.com
is or should be CNAME pointing to
mydomain.com
But since your email server has different ip then mail.mydomain.com should point to different ip
In Bind zone definition file this would look like
Code: |
IN NS <host>.mydomain.com.
IN A <ip>
IN MX 10 mail.mydomain.com.
mail IN A <ip>
www IN CNAME <host>.mydomain.com.
_submission._tcp SRV 0 1 587 mail.mydomain.com.
|
Maybe.....
Do you have access to the dns server?
Code: |
Am I understanding correctly what service records are supposed to do?
|
They point to ports where services listen.
I think the problem is that www.mydomain.com should point to mydomain.com and not the other way around. _________________
Last edited by alamahant on Thu May 19, 2022 4:58 pm; edited 9 times in total |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9645 Location: almost Mile High in the USA
|
Posted: Thu May 19, 2022 3:49 pm Post subject: |
|
|
A lot of these things depends on the proper operation of client software and not DNS. A very large amount of time, mail clients do not actually look up services and find the right port, especially if there's an A or AAAA record on that name, and most definitely netcat does not do service lookup.
So if you want a general solution for "broken" clients, well you're SOL. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3104
|
Posted: Thu May 19, 2022 6:24 pm Post subject: |
|
|
Quote: | What I want to happen is that when traffic is sent to mydomain.com on port 587, it goes to mail.mydomain.com. |
Why?
587 is mail submission. Whatever mail client you're using, you are supposed to configure it to use the correct server, just like you configure username and password for the account. There is nothing special about server's name, consider it a part of connection string.
Same thing goes about retrieving email via pop or imap.
Mail servers on the other hand forward messages on port 25 (smtp + optional tls) or 465 (smtp over tls).
Mail servers also resolve MX records and fall back to A records if MX does not exist.
Note: there are more caveats to configuring DNS for email servers. You're gonig to need SPF, DKIM, and DMARC too. And possibly a handful of other things, so start with _exactly_ following some guide, it will save you a lot of time and (probably) reputation.
BTW, SRV records come in handy in the realm of mdns and local services' discovery. I don't think they are very useful in the context of plain, old DNS: if you have enough information to ask for srv record, you probably have no reason to do so. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|