Jump to content


Photo

4.4.3 X-Spam-Firewall; Host or domain name not found

Spam firewall 400

Best Answer John, 30 March 2016 - 02:41 AM

it was it - dns cache issue!  and it was very quick fix :D
 
I have just added in barracuda web console url "&expert=1"  and  set Enable DNS Cache to NO.
Did test and it is ok:)
Now I have to wait to end of day, restart barracuda and turn on DNScache again and test it again
 
am I correct?
 
Thanks for help!
Go to the full post


  • Please log in to reply
17 replies to this topic

#1 John

John
  • Members
  • 6 posts

Posted 29 March 2016 - 03:07 AM

Hi,
 
I probably have a problem with configuration of 'Barracuda Spam Firewall 400'.
when users try to send mail to one of our clients they gets response like below.
We can recive mails from that domain but we can't send to it.
 

Remote Server returned '< #4.4.3 X-Spam-Firewall; Host or domain name not found. Name service error for name=somedomain.com =MX: Host not found, try again>'

 

firmware version is 7.0.0.004

on the recpitient site are 5 name servers and 2 of them are offline. 

I have checked MX records with mxtoolbox.com and seems they are ok

I can't find any configuration in admin web gui. only thing I found is 'Enable Direct DNS Queries:' and is set to 'no'

 

please help.



#2 Barry van Hattum

Barry van Hattum
  • Members
  • 22 posts

Posted 29 March 2016 - 03:38 AM

Hi John,

 

This means the Barracuda cannot resolve the domainname. This is most likely not a Barracuda issue. Can you verify tht the DNS server being used by the Barracuda is able to resolve the domainname. You can check the resolving by going to "Advanced" -> "Troubleshooting" and using the Dig/NS lookup field.

 

You can also try a tcpdump from there is you want.

 

This problem is likely caused by the DNS server used by the Barracuda. IT is not able to resolve the domainname to tell teh Barracuda where to send the email to.

 

Hope this helps.

 

Barry



#3 John

John
  • Members
  • 6 posts

Posted 29 March 2016 - 03:56 AM

thanks for reply. I did test and look it's ok.... 

 

; <<>> DiG 9.4.1-P1 <<>> db.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57431
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;db.com.                IN    A

;; ANSWER SECTION:
db.com.            1190    IN    A    160.83.8.143

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 29 10:50:58 2016
;; MSG SIZE rcvd: 40



#4 Barry van Hattum

Barry van Hattum
  • Members
  • 22 posts

Posted 29 March 2016 - 04:05 AM

Hi John,

 

You received the A records for db.com. What happens if you type "mx db.com" in the Dig/NS lookup field?



#5 John

John
  • Members
  • 6 posts

Posted 29 March 2016 - 04:21 AM

Hi Barry, 

 

It's strange. answer is empty. 

 

; <<>> DiG 9.4.1-P1 <<>> MX db.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11819
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;db.com.                IN    MX

;; Query time: 115 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 29 11:07:54 2016
;; MSG SIZE rcvd: 24

 
I've checked db.com domain using mxtoolbox and other www tools.it was ok.
 

I've also checked MX records with command line from local computer
 

nslookup

> set q=mx
> db.com
Server:  my.dnsserver.com
Address:  
 
Non-authoritative answer:
db.com  MX preference = 10, mail exchanger = smtp1.db.com
db.com  MX preference = 10, mail exchanger = smtp14.db.com
db.com  MX preference = 10, mail exchanger = smtp8.db.com
db.com  MX preference = 15, mail exchanger = smtp23.db.com
db.com  MX preference = 10, mail exchanger = smtp22.db.com
db.com  MX preference = 10, mail exchanger = smtp2.db.com
 
smtp1.db.com    internet address = 160.83.91.150
smtp14.db.com   internet address = 160.83.44.130
smtp8.db.com    internet address = 160.83.91.152
smtp23.db.com   internet address = 160.83.61.138
smtp22.db.com   internet address = 160.83.61.130
smtp2.db.com    internet address = 160.83.84.104
>


#6 Barry van Hattum

Barry van Hattum
  • Members
  • 22 posts

Posted 29 March 2016 - 04:39 AM

Hi John,

 

This could have something to do with the maximum size of DNS responses. I tried on another machine. This works. Please try a TCP dump through the GUI and while that is running try another DIG/NS lookup from the GUI. This should show you what communication is going between the Barracuda and the DNS server.



#7 John

John
  • Members
  • 6 posts

Posted 29 March 2016 - 05:10 AM

there's nothing. every domain works correctly. only this one don't want cooperate  with barracuda...  :/    maybe it's firmware? 
 
can you check on your device, does baracuda retrieve MX entries for db.com domain?
 
Thanks!


#8 Barry van Hattum

Barry van Hattum
  • Members
  • 22 posts

Posted 29 March 2016 - 05:25 AM

Yes it does. It works fine. If there is nothing in the TCP dump output I would suggest contacting Barracuda support. They can log in on the OS underneath and run some more checks and really see what is being doen in the code underneath.

 

I still don't think this is a Barracuda issue, but it cannot hurt ruling it out.

 

If you find it, please let m know. I am kind of curious what is causing this.



#9 John

John
  • Members
  • 6 posts

Posted 29 March 2016 - 06:21 AM

of course. I will describe everything :)

 

Thanks for help Barry. 



#10 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 29 March 2016 - 10:54 AM

Initial guess will be an issue with the DNS cache on the box

 

please contact support so we can diagnose and hlep you figure it out!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#11 John

John
  • Members
  • 6 posts

Posted 30 March 2016 - 02:41 AM   Best Answer

it was it - dns cache issue!  and it was very quick fix :D
 
I have just added in barracuda web console url "&expert=1"  and  set Enable DNS Cache to NO.
Did test and it is ok:)
Now I have to wait to end of day, restart barracuda and turn on DNScache again and test it again
 
am I correct?
 
Thanks for help!


#12 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 30 March 2016 - 10:33 AM

Hi john,

 

This is correct. One other thing to check is the "Enable direct DNS queries" under Basic -> IP configuration.

 

If this setting is set to No, it will attempt to use ROOT DNS servers, and if not accessible may cause errors 



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#13 Josh Morris

Josh Morris
  • Members
  • 3 posts

Posted 05 April 2016 - 04:18 PM

I received a similar issue recently.  

 

NDR: 
 

Generating server: [myserver]

[destination email]

#< #5.4.4 X-Spam-Firewall; Host or domain name not found. Name service error for name=[domain] type=A: Host found but no data record of requested type> #SMTP#

 

 

I verified that the domain itself was replying with a blank record:

 

;; QUESTION SECTION:
;[domain].            IN    A

;; Query time: 46 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 5 14:12:46 2016
;; MSG SIZE rcvd: 31

 

 

but MX queries were resolving:

;; QUESTION SECTION:
;[domain]            IN    MX

;; ANSWER SECTION:
[domain]       300    IN    MX    10 [server1]
[domain]       300    IN    MX    10 [server2]
[domain]       300    IN    MX    10 [server3]

[domain]       300    IN    MX    10 [server4]

 

 

 It was my understanding that MX records are queried first, and then it queries A records for the messaging servers.  So in my case, there were 4 configured MX records for this domain, and each record resolved with their own A record.  From my understanding, it should be able to send messages with this information.  However, it appears that is just looks for A records for the primary domain instead of each messaging server, and then fails according to that.

 

So, if clearing the DNS cache is the first step, is there a way, outside of rebooting the device, that it can be accomplished?



#14 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 05 April 2016 - 04:22 PM

Hello,

 

By toggling the DNS cache option on and off you can perform the clearing



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#15 Josh Morris

Josh Morris
  • Members
  • 3 posts

Posted 05 April 2016 - 04:26 PM

Hello,

 

By toggling the DNS cache option on and off you can perform the clearing

So turning it back on does not require a bounce?  FYI, turning it off did fix my issue.



#16 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 05 April 2016 - 04:28 PM

Correct,

 

If toggling it didn't refresh it, then check the "Enable Direct DNS queries" option under basic -> Ip configuration.

 

If still not working contact support for assistance 



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#17 Josh Morris

Josh Morris
  • Members
  • 3 posts

Posted 05 April 2016 - 05:09 PM

Correct,

 

If toggling it didn't refresh it, then check the "Enable Direct DNS queries" option under basic -> Ip configuration.

 

If still not working contact support for assistance 

So with caching turned off, it works, but when I turn it back on, it fails again.  Also, when I select direct DNS queries, it does not solve my issue.  I will be bouncing this device after a firmware update tomorrow. 



#18 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 05 April 2016 - 05:20 PM

To be honest, I'd recommend you work with support to find out why it's occurring..

 

Doing a reboot would only clear out a condition that may come back 



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com