ealwali
asked on
cannot receive external mail
I can send and recive internal mail
I can send external mail
But I cant receive external mail......
The NDR from external sender says..
Message delivery to elvis@mydomail.co.rw' delayed
SMTP module(domain mydomain.co.rw) reports:
mail.mydomain.co.rw: no response
I can send external mail
But I cant receive external mail......
The NDR from external sender says..
Message delivery to elvis@mydomail.co.rw' delayed
SMTP module(domain mydomain.co.rw) reports:
mail.mydomain.co.rw: no response
ASKER
Which DNS record
my domain DNS or
the ISP DNS
Thanks and please help
my domain DNS or
the ISP DNS
Thanks and please help
Your ISP's record for your domain
ASKER
smtp is open on firewall ... I have confirmed that.
I cannot telnet my mailserver from outside on port 25... could it be because of firewall
if i ping ... mail.mydomain.co.rw I get ttl expired (from isp message)
what could be the the problem
thanks
I cannot telnet my mailserver from outside on port 25... could it be because of firewall
if i ping ... mail.mydomain.co.rw I get ttl expired (from isp message)
what could be the the problem
thanks
Check if you get the correct IP address when you ping mail.mydomain.co.rw
Check that the firewall is set up so that it forwards requests to the correct ip adress on you LAN
Check that the firewall is set up so that it forwards requests to the correct ip adress on you LAN
ASKER
Thanks am confirming the IP address...
please keep on online
please keep on online
ASKER
Thanks
Now I hadnt made any entry on DNS MX record
what DNS name do i need to put in the mx record and what domain do i specify
Thanks
Elvis
Now I hadnt made any entry on DNS MX record
what DNS name do i need to put in the mx record and what domain do i specify
Thanks
Elvis
The MX record should be your domain name.
mydomain.co.rw
This should point to a registered host. For instance mail.mydomain.co.rw.
mydomain.co.rw
This should point to a registered host. For instance mail.mydomain.co.rw.
ASKER
we have three entries
1. parent domain
2.host or domain
3. mail server
give me xamples on how to put the entries.
given my domain name you have
thanks again
1. parent domain
2.host or domain
3. mail server
give me xamples on how to put the entries.
given my domain name you have
thanks again
1. mydomain.co.rw
2. mail.mydomain.co.rw
3. mail.mydomain.co.rw
Not quite sure about number 2, but I believe that is how it should be. I asume you have a registration for mail.mydomain.co.rw pointing to the correct IP-address
2. mail.mydomain.co.rw
3. mail.mydomain.co.rw
Not quite sure about number 2, but I believe that is how it should be. I asume you have a registration for mail.mydomain.co.rw pointing to the correct IP-address
ASKER
thanks
ASKER
When I telnet now .... The connections appears to go through ... but only gives me a blank DOS screen....
which does not respond to any command
then it times out
elvis
pliz reply
which does not respond to any command
then it times out
elvis
pliz reply
What happens when you try to telnet from the LAN?
telnet exchangservername 25
telnet exchangservername 25
ASKER
It Responds Perfectly.....
You see the problem is only from external otherwise my tests from internal are O.K
How do you make Active Directory Know that threre is an exchange server..... in the domain...
Where do you specify it???
Elvis
You see the problem is only from external otherwise my tests from internal are O.K
How do you make Active Directory Know that threre is an exchange server..... in the domain...
Where do you specify it???
Elvis
If you have installed Exchange correctly, running /domainprep and /forestprep, it will set that up as is should.
Try going to www.dnsreport.com, type in your domain name and see what that says.
What are you using as firewall?
Try going to www.dnsreport.com, type in your domain name and see what that says.
What are you using as firewall?
ASKER
CISCO PIX
We had exchange working then it went down a few weeks ago. I wasnt in that office yet.
Then they changed ISP..
Then I came into company..
So when I setup new exchange I havent touched the PIX.... But am told by both new ISP and my predisecssor that they made neccessary change on PIX....... because the rest are working..
I did forestprep and domain prep..
Thanks let me check DNSREPORT.COM
Thanks for the comments you are so LOVELY.............. MMMMMMMWWwwa
Elvis
We had exchange working then it went down a few weeks ago. I wasnt in that office yet.
Then they changed ISP..
Then I came into company..
So when I setup new exchange I havent touched the PIX.... But am told by both new ISP and my predisecssor that they made neccessary change on PIX....... because the rest are working..
I did forestprep and domain prep..
Thanks let me check DNSREPORT.COM
Thanks for the comments you are so LOVELY.............. MMMMMMMWWwwa
Elvis
ASKER
This is what I found out from DNSREPORT.COM
WARNING. The parent servers (I checked with ns1.rwandatel.rw.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain
(what is TLD)?????????
FAIL
A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. .
INFO
Your NS records at the parent servers are:
213.255.208.58.gov.rw. [NO GLUE; No A record]
213.255.208.50.gov.rw. [NO GLUE; No A record]
[These were obtained from ns1.rwandatel.rw]
what does the FAIL mean ... please help???
WARNING. The parent servers (I checked with ns1.rwandatel.rw.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain
(what is TLD)?????????
FAIL
A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. .
INFO
Your NS records at the parent servers are:
213.255.208.58.gov.rw. [NO GLUE; No A record]
213.255.208.50.gov.rw. [NO GLUE; No A record]
[These were obtained from ns1.rwandatel.rw]
what does the FAIL mean ... please help???
I'm not sure what TLD means, will check that.
But it looks like you have a connection problem on your server. Because I'm not able to ping it, neither telnet it on port 25. That is also why the DNSreport fails
But it looks like you have a connection problem on your server. Because I'm not able to ping it, neither telnet it on port 25. That is also why the DNSreport fails
ASKER
What does this mean..??
[ERROR: I was unable to get an answer from the parent servers [ns1.rwandatel.rw], when I tried to find the NS records for mail.mydomain.co.rw.]
Who needs to sort out this... me or the ISP..
thanks in advance..
[ERROR: I was unable to get an answer from the parent servers [ns1.rwandatel.rw], when I tried to find the NS records for mail.mydomain.co.rw.]
Who needs to sort out this... me or the ISP..
thanks in advance..
ASKER
Getting MX record for mydomain.co.rw... Got it!
Host Preference IP(s) [Country] mail.presidency.gov.rw. 20 62.56.183.52 [IL] mx.rwandatel.rw. 100 62.56.174.157 [IL] --------------------------
Step 1: Try connecting to the following mailserver:
mail.mydomain.co.rw. - 62.56.183.52
Step 2: If unsuccessful in step 1, try connecting to the following mailserver:
mx.rwandatel.rw. - 62.56.174.157
Step 3: If still unsuccessful, queue the E-mail for later delivery.
--------------------------
Trying to connect to all mailservers:
mail.mydomain.co.rw. - 62.56.183.52 [Could not connect: Could not connect to mail server (timed out).]
mx.rwandatel.rw. - 62.56.174.157 [Successful connect: Got a good response [250 imuhizi@mydomain.co.rw will relay to a client address]]
HELP what do I need to do... is it my DNS or FIREWALL or WHAT..
Elvis
Host Preference IP(s) [Country] mail.presidency.gov.rw. 20 62.56.183.52 [IL] mx.rwandatel.rw. 100 62.56.174.157 [IL] --------------------------
Step 1: Try connecting to the following mailserver:
mail.mydomain.co.rw. - 62.56.183.52
Step 2: If unsuccessful in step 1, try connecting to the following mailserver:
mx.rwandatel.rw. - 62.56.174.157
Step 3: If still unsuccessful, queue the E-mail for later delivery.
--------------------------
Trying to connect to all mailservers:
mail.mydomain.co.rw. - 62.56.183.52 [Could not connect: Could not connect to mail server (timed out).]
mx.rwandatel.rw. - 62.56.174.157 [Successful connect: Got a good response [250 imuhizi@mydomain.co.rw will relay to a client address]]
HELP what do I need to do... is it my DNS or FIREWALL or WHAT..
Elvis
It looks like you need to talk to your ISP.
But the domain you mentioned now is different than the one I tested
But the domain you mentioned now is different than the one I tested
Sorry, mixed your question with another one
ASKER
my IP
for mail is
62.56.183.52
test this and tell me probalbe problem...
Elvis
for mail is
62.56.183.52
test this and tell me probalbe problem...
Elvis
It looks like you have the MX record set up, but neither of your servers answer when trying to telnet them. Might be a firewall problem. But which of the ip-addresses mentioned is your mail server?
ASKER
I understand ... Just tery Test mine
I have done a trace to that address. It stops on this IP:
62.216.0.178
Do you know where that is located?
Looks like there is some error in the routing with your ISP, but it could also be a firewall not configured correctly. Not able to telnet it on port 25 either
62.216.0.178
Do you know where that is located?
Looks like there is some error in the routing with your ISP, but it could also be a firewall not configured correctly. Not able to telnet it on port 25 either
ASKER
62.56.183.52 is my mail server
ASKER
when i telnet 62.56.183.52 on port 25 you get no response right...... or it says connection timed out.....
mine shows like it is going through but then no reponse then it says later on that connection to host lost.....
I dont know where 62.216.0.178 is located.....
ISP routing problem you say......
Now pliz give me a few steps i can use to correct problem...... step by step to eliminate others also .....
mine shows like it is going through but then no reponse then it says later on that connection to host lost.....
I dont know where 62.216.0.178 is located.....
ISP routing problem you say......
Now pliz give me a few steps i can use to correct problem...... step by step to eliminate others also .....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
PLEASE explain to me what all the following mean ... I got it from DNSREPORT...
I havent solved my PROBLEM YET...
Parent
PASS Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.
INFO
NS records at parent servers Your NS records at the parent servers are:
mail.mydomain.co.rw. [213.255.207.58 (NO GLUE; CNAME encountered->mydomain.co.r
[These were obtained from charlie.terracom.rw]
PASS Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there, with 3 entries.
WARN Glue at parent nameservers
WARNING. The parent servers (I checked with charlie.terracom.rw.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
NS INFO NS records at your nameservers Your NS records at your nameservers are:
mail.mydomain.co.rw. [TTL=14400]
bravo.terracom.rw. [TTL=14400]
charlie.terracom.rw. [TTL=14400]
PASS All nameservers report identical NS records OK. The NS records at all your nameservers are identical.
PASS All nameservers respond OK. All of your nameservers listed at the parent nameservers responded.
PASS Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
PASS Number of nameservers OK. You have 3 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
PASS Lame nameservers OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
PASS Missing (stealth) nameservers OK. All 3 of your nameservers (as reported by your nameservers) are also listed at the parent servers.
PASS Missing nameservers 2 OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.
FAIL
No CNAMEs for domain ERROR: mail.mydomain.co.rw has a CNAME entry (mydomain.co.rw.); it is not valid to have a CNAME entry and NS entries for 213.255.207.58. See RFC1912 2.4 and RFC2181 10.3 for more information.
FAIL No NSs with CNAMEs ERROR: mail.mydomain.co.rw. has a CNAME entry (mydomain.co.rw.); it is not valid to have a CNAME entry and NS entries for mail.mydomain.co.rw.. See RFC1912 2.4 and RFC2181 10.3 for more information.
WARN Nameservers on separate class C's WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
PASS All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
INFO Nameservers versions Your nameservers have the following versions:
213.255.207.58: "9.2.1"
PASS NS TTL discrepancy OK. Your NS records at your authoritative DNS servers have TTLs that match those of the parent servers. This is prevents some odd problems that could otherwise occur.
PASS Stealth NS record leakage Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.
SOA INFO SOA record Your SOA record [TTL=14400] is:
Primary nameserver: mail.mydomain.co.rw.
Hostmaster E-mail address: mydomain.co.rw.
Serial #: 0
Refresh: 0
Retry: 0
Expire: 0
Default TTL: 0
FAIL NS agreement on SOA Serial # ERROR: Your nameservers disagree as to which version of your DNS is the latest! 4294967295 versus 0! This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 0 is the correct serial #.
PASS SOA MNAME Check OK. Your SOA (Start of Authority) record states that your master (primary) name server is: mail.mydomain.co.rw.. That server is listed at the parent servers, which is correct.
PASS SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: mydomain@co.rw. (techie note: we have changed the initial '.' to an '@' for display purposes).
WARN SOA Serial Number WARNING: Your SOA serial number is: 0. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number must be incremented every time you make a DNS change.
FAIL SOA REFRESH value WARNING: Your SOA REFRESH interval is : 0 seconds. This seems very low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.
FAIL SOA RETRY value WARNING: Your SOA RETRY interval is : 0 seconds. This seems very low. You should consider increasing this value to about 120-7200 seconds. The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.
FAIL SOA EXPIRE value WARNING: Your SOA EXPIRE time is : 0 seconds. This seems very low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
FAIL SOA MINIMUM TTL value WARNING: Your SOA MINIMUM TTL is : 0 seconds. This seems very low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.
MX INFO MX Record Your 2 MX records are:
CNAME: mail.mydomain.co.rw.->mydo
PASS Invalid characters OK. All of your MX records appear to use valid hostnames, without any invalid characters.
PASS All MX IPs public OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.
WARN MX records are not CNAMEs WARNING: When I looked up your MX record, your DNS server returned a CNAME. This is an unusual situation, and I can't handle it -- the following MX tests may not work properly. The problem is:
mail.mydomain.co.rw.->mydo
PASS MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).
PASS MX is host name, not IP OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).
PASS Multiple MX records OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.
PASS Duplicate MX records OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.
FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site. The problem MX records are:
58.207.255.213.in-addr.arp
Mail FAIL Connect to mail servers ERROR: I could not connect to one or more of your mailservers:
mail.mydomain.co.rw: Could not connect without glue or A record.
WARN Mail server host name in greeting WARNING: One or more of your mailservers may be claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but may be a technical violation of RFC821 4.3 (and RFC2821 4.3.1).
mydomain.co.rw claims to be host bravo.terracom.rw.
PASS Acceptance of NULL <> sender OK: All of your mailservers accept mail from "<>". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).
FAIL Acceptance of postmaster address ERROR: One or more of your mailservers does not accept mail to postmaster@mail.mydomain.c
mydomain.co.rw's postmaster response:
>>> RCPT TO:<postmaster@mail.mydoma
<<< 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.
WARN Acceptance of abuse address WARNING: One or more of your mailservers does not accept mail to abuse@mail.mydomain.co.rw.
mydomain.co.rw's abuse response:
>>> RCPT TO:<abuse@mail.mydomain.co
<<< 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.
WARN Acceptance of domain literals WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted.
mydomain.co.rw's postmaster@[213.255.207.58
>>> RCPT TO:<postmaster@[213.255.20
<<< 501 : domain literals not allowed
PASS Open relay test OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
mydomain.co.rw OK: 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not 550-permitted to relay through this server. Perhaps you have not logged into 550-the pop/imap server in the last 30 minutes or do not have SMTP 550 Authentication turned on in your email client.
WWW FAIL WWW Category ERROR: I couldn't find any A records for www.mail.mydomain.co.rw. But I did find a referral to bravo.terracom.rw. (and maybe others). If you want a website at www.mail.mydomain.co.rw, you will need an A record for www.mail.mydomain.co.rw. If you do not want a website at www.mail.mydomain.co.rw, you can ignore this error.
I havent solved my PROBLEM YET...
Parent
PASS Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.
INFO
NS records at parent servers Your NS records at the parent servers are:
mail.mydomain.co.rw. [213.255.207.58 (NO GLUE; CNAME encountered->mydomain.co.r
[These were obtained from charlie.terracom.rw]
PASS Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there, with 3 entries.
WARN Glue at parent nameservers
WARNING. The parent servers (I checked with charlie.terracom.rw.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
NS INFO NS records at your nameservers Your NS records at your nameservers are:
mail.mydomain.co.rw. [TTL=14400]
bravo.terracom.rw. [TTL=14400]
charlie.terracom.rw. [TTL=14400]
PASS All nameservers report identical NS records OK. The NS records at all your nameservers are identical.
PASS All nameservers respond OK. All of your nameservers listed at the parent nameservers responded.
PASS Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
PASS Number of nameservers OK. You have 3 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
PASS Lame nameservers OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
PASS Missing (stealth) nameservers OK. All 3 of your nameservers (as reported by your nameservers) are also listed at the parent servers.
PASS Missing nameservers 2 OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.
FAIL
No CNAMEs for domain ERROR: mail.mydomain.co.rw has a CNAME entry (mydomain.co.rw.); it is not valid to have a CNAME entry and NS entries for 213.255.207.58. See RFC1912 2.4 and RFC2181 10.3 for more information.
FAIL No NSs with CNAMEs ERROR: mail.mydomain.co.rw. has a CNAME entry (mydomain.co.rw.); it is not valid to have a CNAME entry and NS entries for mail.mydomain.co.rw.. See RFC1912 2.4 and RFC2181 10.3 for more information.
WARN Nameservers on separate class C's WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
PASS All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
INFO Nameservers versions Your nameservers have the following versions:
213.255.207.58: "9.2.1"
PASS NS TTL discrepancy OK. Your NS records at your authoritative DNS servers have TTLs that match those of the parent servers. This is prevents some odd problems that could otherwise occur.
PASS Stealth NS record leakage Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.
SOA INFO SOA record Your SOA record [TTL=14400] is:
Primary nameserver: mail.mydomain.co.rw.
Hostmaster E-mail address: mydomain.co.rw.
Serial #: 0
Refresh: 0
Retry: 0
Expire: 0
Default TTL: 0
FAIL NS agreement on SOA Serial # ERROR: Your nameservers disagree as to which version of your DNS is the latest! 4294967295 versus 0! This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 0 is the correct serial #.
PASS SOA MNAME Check OK. Your SOA (Start of Authority) record states that your master (primary) name server is: mail.mydomain.co.rw.. That server is listed at the parent servers, which is correct.
PASS SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: mydomain@co.rw. (techie note: we have changed the initial '.' to an '@' for display purposes).
WARN SOA Serial Number WARNING: Your SOA serial number is: 0. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number must be incremented every time you make a DNS change.
FAIL SOA REFRESH value WARNING: Your SOA REFRESH interval is : 0 seconds. This seems very low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.
FAIL SOA RETRY value WARNING: Your SOA RETRY interval is : 0 seconds. This seems very low. You should consider increasing this value to about 120-7200 seconds. The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.
FAIL SOA EXPIRE value WARNING: Your SOA EXPIRE time is : 0 seconds. This seems very low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
FAIL SOA MINIMUM TTL value WARNING: Your SOA MINIMUM TTL is : 0 seconds. This seems very low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.
MX INFO MX Record Your 2 MX records are:
CNAME: mail.mydomain.co.rw.->mydo
PASS Invalid characters OK. All of your MX records appear to use valid hostnames, without any invalid characters.
PASS All MX IPs public OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.
WARN MX records are not CNAMEs WARNING: When I looked up your MX record, your DNS server returned a CNAME. This is an unusual situation, and I can't handle it -- the following MX tests may not work properly. The problem is:
mail.mydomain.co.rw.->mydo
PASS MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).
PASS MX is host name, not IP OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).
PASS Multiple MX records OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.
PASS Duplicate MX records OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.
FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site. The problem MX records are:
58.207.255.213.in-addr.arp
Mail FAIL Connect to mail servers ERROR: I could not connect to one or more of your mailservers:
mail.mydomain.co.rw: Could not connect without glue or A record.
WARN Mail server host name in greeting WARNING: One or more of your mailservers may be claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but may be a technical violation of RFC821 4.3 (and RFC2821 4.3.1).
mydomain.co.rw claims to be host bravo.terracom.rw.
PASS Acceptance of NULL <> sender OK: All of your mailservers accept mail from "<>". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).
FAIL Acceptance of postmaster address ERROR: One or more of your mailservers does not accept mail to postmaster@mail.mydomain.c
mydomain.co.rw's postmaster response:
>>> RCPT TO:<postmaster@mail.mydoma
<<< 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.
WARN Acceptance of abuse address WARNING: One or more of your mailservers does not accept mail to abuse@mail.mydomain.co.rw.
mydomain.co.rw's abuse response:
>>> RCPT TO:<abuse@mail.mydomain.co
<<< 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
550-the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.
WARN Acceptance of domain literals WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted.
mydomain.co.rw's postmaster@[213.255.207.58
>>> RCPT TO:<postmaster@[213.255.20
<<< 501 : domain literals not allowed
PASS Open relay test OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
mydomain.co.rw OK: 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not 550-permitted to relay through this server. Perhaps you have not logged into 550-the pop/imap server in the last 30 minutes or do not have SMTP 550 Authentication turned on in your email client.
WWW FAIL WWW Category ERROR: I couldn't find any A records for www.mail.mydomain.co.rw. But I did find a referral to bravo.terracom.rw. (and maybe others). If you want a website at www.mail.mydomain.co.rw, you will need an A record for www.mail.mydomain.co.rw. If you do not want a website at www.mail.mydomain.co.rw, you can ignore this error.
Set your mx record to point to bravo.terracom.rw, I am able to connect to it on both IP address and hostname. Believe that should do the trick
ASKER
Give me the Steps..... I guess I am now understanding that????
From DNS console then How??
Thanks and am waiting earnestlry???
Elvis
From DNS console then How??
Thanks and am waiting earnestlry???
Elvis
ASKER
Bye the way i am to do this on my DNS or ISP dns
Thanks in advance
Thanks in advance
This must be done on you ISP's DNS, I asume you don't have your DNS open to the internet?
ASKER
Please give me the steps and the Commands
Thanks again
Thanks again
Are you administering the ISP's DNS through a web tool? If not, then I would recommend that you asked your ISP to set it up for you.
telnet mail.mydomain.co.rw 25
If you are not able to do that, this is probably the problem
1) The DNS record is pointing to the wrong IP-address
Ping mail.mydomain.co.rw and see if you get the correct ip-address
2) SMTP is not open in the firewall
Check that port 25 is open in the firewall and pointing to your exchange server