"Malformed DNS server reply" in Outbound smarthost

Need help? Ask here.

Moderator: Moderators

Post Reply
wildirishtime
Posts: 2
Joined: Thu Jun 10, 2010 1:55 pm

"Malformed DNS server reply" in Outbound smarthost

Post by wildirishtime »

Hi guys,

We're getting a long backup in our outbound SMTP connector in Exchange....
My logs forOutgoing Accounts (staff if you're looking the username
is "enterprise" within smarthost users today) shows the following error:

"Malformed DNS server reply, zero length MX resource data for blazer.com"

Can you point me in the right direction here, is this an error in the MX entry for blazer.com?
How can I get my RollerNet smarthost to allow this through and/or send an error notice
back to the mail sender instead of backing up in my SMTP connector at our Exchange box?

Thanks! ~Brendan
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: "Malformed DNS server reply" in Outbound smarthost

Post by Seth »

wildirishtime wrote:Hi guys,

We're getting a long backup in our outbound SMTP connector in Exchange....
My logs forOutgoing Accounts (staff if you're looking the username
is "enterprise" within smarthost users today) shows the following error:

"Malformed DNS server reply, zero length MX resource data for blazer.com"

Can you point me in the right direction here, is this an error in the MX entry for blazer.com?
Yes. It looks like the domain blazer.com has a zero-length MX record; this is invalid.

Code: Select all

; <<>> DiG 9.6-ESV-R1 <<>> MX blazer.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;blazer.com.                    IN      MX

;; ANSWER SECTION:
blazer.com.             33646   IN      MX      0 .

;; Query time: 16 msec
;; SERVER: 208.79.242.138#53(208.79.242.138)
;; WHEN: Thu Jun 10 14:05:02 2010
;; MSG SIZE  rcvd: 43
wildirishtime wrote:How can I get my RollerNet smarthost to allow this through and/or send an error notice
back to the mail sender instead of backing up in my SMTP connector at our Exchange box?
We can't allow it through because there's a malformed MX record for the domain, but you can change the behavior of our system to send a 5xx "reject" instead. This will allow Exchange to generate an NDR.

1. Log in to the Account Control center.
2. Go to the "Outbound Mail" section.
3. Click on the outbound account name in the list to go to the advanced settings.
4. Change the "Action on submission errors" option to "Always return 5xx"

It is the current best practice that DNS errors always return 4xx "defer" because there is no method to distinguish temporary errors in the DNS protocol.
Seth Mattinen, Roller Network LLC
wildirishtime
Posts: 2
Joined: Thu Jun 10, 2010 1:55 pm

Re: "Malformed DNS server reply" in Outbound smarthost

Post by wildirishtime »

Thanks for the fast reply - please excuse my lack of DNS knowledge here but
if it's best practice to do 4xx why should I set 5xx, is there any other way to
stay compliant and get the smarthost to NDR only the one bad email address
in this multi-recipient message?
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: "Malformed DNS server reply" in Outbound smarthost

Post by Seth »

wildirishtime wrote:Thanks for the fast reply - please excuse my lack of DNS knowledge here but
if it's best practice to do 4xx why should I set 5xx, is there any other way to
stay compliant and get the smarthost to NDR only the one bad email address
in this multi-recipient message?
No, not really. Because there is no way of knowing if the DNS error is temporary (for example, someone typo'd their zone file and didn't notice until the next day) the best practice is to always return a 4xx "temporary" response to DNS errors. Most of the time this isn't a problem because the mail server should eventually give up (typically after 5 days) and generate an undeliverable report to the sender, but Exchange is a bit different. This option was actually by customer request specifically for the problem you're having: DNS errors causing Exchange to back up. That customer preferred to have their system generate an NDR instead, so we added the option.
Seth Mattinen, Roller Network LLC
Post Reply