That's interesting -- I'm not getting that response.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Second that. Just glanced at the fema website - their contact us
section lists a mixture of @dhs.gov as well as @fema.gov addresses.
John
Steven M. Bellovin wrote:
The newspaper did not say which computer systems FEMA uses.
$ dig mx fema.gov
;; ANSWER SECTION:
fima.org. 3600 IN MX 0 smtp.secureserver.net.
fima.org. 3600 IN MX 10 mailstore1.secureserver.netThat's interesting -- I'm not getting that response.
Sorry about that, as you could probably get from dig, I did it on
fima.gov instead ...
correct one is:
Actually it is worse than that. fema.gov has an IP (205.128.1.44) which does
not respond for mail so most MTA will try the IP first, meaning that most
mail will fail even is ns.fema.gov or ns2.fema.gov do answer for mail.
william(at)elan.net wrote:
Which indeed means they have no MX servers listed and that MAY be a problem for some mail servers (though normally mail servers are supposed to send email based on A record then).
Uh, which mainstream mail server out there is ignorant enough not to send to A record?
I came around windows mail server that ddnt (not exchange, some small
one that I don't remember now). There are also unix php scripts that
don't work properly with it.
Also earlier versions of postfix did not properly retry delivery if the domain had no MX and connection to they server did not work. Other mail server may also have various types of "unusual" behavior when they see
no MX. Also some servers like exim have option not to send email if
there is no MX record (or rather turn off default behavior of falling
back to A record if MX is not there).
So having no MX server is really not such a good idea nowdays...
Obviously FEMA's problems are a lot worth since ip address 205.128.1.44
is behind firewall and does not accept port 25 connections.
There's no MX record for fema.gov. The *single* A record doesn't answer on
port 25. And there's no mail server I know of that's on enough crack that it
thinks trying the 2 NS entries is acceptable....
That wasn't the question, I'm well aware of the situation. But thanks for playing 
>$ dig mx fema.gov
>;; ANSWER SECTION:
>fima.org. 3600 IN MX 0 smtp.secureserver.net.
>fima.org. 3600 IN MX 10 mailstore1.secureserver.netThat's interesting -- I'm not getting that response.
from tokyo
roam.psg.com:/usr/home/randy> dig mx fema.gov.
; <<>> DiG 9.3.1 <<>> mx fema.gov.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9180
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;fema.gov. IN MX
;; AUTHORITY SECTION:
fema.gov. 1797 IN SOA ns.fema.gov. root.ns2.fema.gov. 2005090901 10800 3600 604800 1800
;; Query time: 0 msec
;; SERVER: 202.232.15.98#53(202.232.15.98)
;; WHEN: Wed Sep 14 10:23:20 2005
;; MSG SIZE rcvd: 74
and
roam.psg.com:/usr/home/randy> doc -p -w fema.gov
Doc-2.2.3: doc -p -w fema.gov
Doc-2.2.3: Starting test of fema.gov. parent is gov.
Doc-2.2.3: Test date - Wed Sep 14 10:23:48 JST 2005
ERROR: NS list from fema.gov. authoritative servers does not
=== match NS list from parent (gov.) servers
ERROR: nse.algx.net. claims to be authoritative, but does not appear in
NS list from authoritative servers
ERROR: nsf.algx.net. claims to be authoritative, but does not appear in
NS list from authoritative servers
Summary:
ERRORS found for fema.gov. (count: 3)
Done testing fema.gov. Wed Sep 14 10:23:52 JST 200
5