Lars Vogdt wrote:
That would be my suggestion now - get rid of the forwarders. You have eliminated dnsmasq, but there are still 'no host found' in the log.
From what I currently see on mx1, each of the "Domain not found" reports is valid (there is really no domain, resp. the hostname of the sender address is wrong or does not exist).
Hmm, try grep'ing the log for 'hrusecky.net' : # host hrusecky.net hrusecky.net mail is handled by 20 alt2.aspmx.l.google.com. hrusecky.net mail is handled by 30 aspmx2.googlemail.com. hrusecky.net mail is handled by 30 aspmx3.googlemail.com. hrusecky.net mail is handled by 30 aspmx4.googlemail.com. hrusecky.net mail is handled by 10 aspmx.l.google.com. hrusecky.net mail is handled by 20 alt1.aspmx.l.google.com. Still, today I see a lot less of 'Host not found', that is good.
What I am a bit curious about: I normally run at least a local caching DNS server on my MX - to avoid the extra round trips. In addition: as far as I know, none of our internal machines are using the MX for outgoing Emails - so why should rely on anna/elsa for our MX at all?
mailman3 might be the only one?
My suggestion would be to run a reliable, caching DNS on MX1 & MX1, which is using external DNS either as forwarders or the root NS directly.
Sofar mx[12] have been using anna+elsa as resolvers. My personal preference is to avoid running a resolving DNS locally, I believe it is better to run one or two centrally, to benefit from caching of requests from many machines.
For anna/elsa, I think we can gather some statistics from bind now and see who is generating most of the queries and where we see broken external DNS.
BTW: your Email setup on MX1,2 is way more complex than my named.conf ;-)
Really?? :-) -- Per Jessen, Zürich (14.1°C) Member, openSUSE Heroes