Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

External inbound mail disappearing internal and outbound okay...

Posted on 2005-04-26
13
Medium Priority
?
556 Views
Last Modified: 2008-02-01
I have a newly-transferred domain where I set up the DNS servers, IP address and MX records with Register.com. I have a static IP. The name of my server is nordlawmail.nordstrandlaw.local and for some time yesterday, both inbound and outbound mail was fine. This led me to believe that my MX record was correct: nordstrandlaw.com = nordlawmail.nordstrandlaw.local - this was first set 4/25/05 at 4:00p.m. However, some time today, external inbound mail stopped getting to me with no bounce-back. www.dnsreport.com mail test is reporting Getting MX record for nordstrandlaw.com...   Received a SERVER FAILURE response.This should be treated as an ERROR (per RFC974), and the E-mail delivery should PROBABLY be retried later. Also, the DNS report says under "MX" FAIL:  ERROR: I couldn't find any MX records for nordstrandlaw.com. This is a standard SBS Windows 2003 installation. Is it possible that DNS hasn't propagated fully and that I had temporary connectivity? Is there a way to find out where mail sent to "info@nordstrandlaw.com" is going? Is this a problem with my server setup? I looked at the default SMTP Virtual Server and it's Access Control is set to Anonymous like it should. I added another MX record hoping it would help: nordstrandlaw.com      Med      66.15.204.208. Thanks much for any and all direction.
0
Comment
Question by:3p0cHx
  • 7
  • 5
13 Comments
 
LVL 15

Expert Comment

by:harleyjd
ID: 13873092
I can't get a response on that domain from any DNS server here in Oz, or from the register.com name servers that are in the whois record for your domain.

I'd go back to register and ask them what they are playing at, they've either stuffed them up or have not finished setting them up.

I don't think it's anything you've done...

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13873121
Your problem is really occuring because dns14.register.com or dns15.register.com are not showing AUTHORITATIVE for your DNS Zone file.  What this means is that while you have your DNS at register.com, the beginning line of the zone file (see SOA record in DNSreport.com) which SHOULD have your start of authority is troubled with an unresponsive name server at register.com.

You would be much better off hosting your DNS where your web site is hosted (in this case anyhow).  If you are happy with APlus.net then have them take care of your DNS too... you will need to change the REGISTERED NAME SERVERS in your register.com profile to APlus's -- ns1.abac.com and ns2.abac.com (and then according to their KB, you just need to email them with the particulars of your MX record).

From http://www.apluskb.com/scripts/search_kb.pl?catid=1&sid=0257689080&q=dns&p=&showquestion=3120

"If you already have a shared hosting plan with Aplus.Net, you can control your DNS records (Example: A and MX records) for free with all your hosted domains. Please request DNS record changes by sending an email to dns@aplus.net including your Registration Number, the Account Password and any special instructions you may have in regards to specific IP's for A & MX records. "

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13873132
FYI, mail that is not reaching your SBS Exchange server is not going anywhere... the sending server will try for somewhere between 24-36 hours to keep resending the message.  After that time, if it still doesn't go through it will be returned to the sender.

There is NO problem at all with your server setup... it's register.com's issue all the way!  The additional MX records aren't helping because register.com's main Name Servers aren't responding and their the ones that are supposed to know where to send your traffic!

Jeff
TechSoEasy
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:3p0cHx
ID: 13878647
TechSoEasy, thanks for the quick response; I will remove the additional MX record. Thanks for the info on the resending of messages also.

Who is APlus.net? Is that another name for Register.com? I called up Register.com and asked them why I couldn't change my DNS records initially and they did it for me and gave me the DNS records: dns14.register.com. and dns15.register.com. Just to clarify, are you saying to delete these DNS records, change them to ns1.abac.com and ns2.abac.com, then email them with with the particulars of your MX record? Even though I'm not paying for their DNS services? Or are you saying I should host my website there?

I'm hosting my own website with a linux/apache box on port 80 on my IP address, and that's another concern of mine; I can reach the website with the IP address but not the domain name.
0
 
LVL 1

Author Comment

by:3p0cHx
ID: 13878728
Also, orginally nordstrandlaw.com was hosted by Cedant.com. Her account was going to expire, and I've heard good things about Register.com so the plan was to transfer the domain name to Register.com, we host our own web and email, and not have to pay Cedant anymore. Are you seeing cedant/aplus.net in the records still? I don't want to add cedant/aplus.net to the DNS records and then change them later, but I also don't want to have bad Register.com DNS records.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13881351
Yes, that's where I got APlus (as well as Cadant).  http://whois.sc/nordstrandlaw.com is still showing your IP address to be 66.175.25.73  which is in a block owned by Cadent.  But that same record shows your domain is registered at register.com and is configured with dns14.register.com and dns15.register.com as the assigned name servers...

What that means is those are the name servers you have listed in your register.com profile for nordstrandlaw.com.  When a request is made on the Internet for nordstrandlaw.com the first place that is checked are those name servers... and if they do not contain your authoritative zone file, there's little likelyhood that the request will get any further along.

Click here to see the DNSReport.com info: http://www.dnsreport.com/tools/dnsreport.ch?domain=nordstrandlaw.com  and you'll see what I mean.

Also... I didn't notice until now that you said your MX record was nordlawmail.nordstrandlaw.local -- That won't work at all because it's not a proper MX record.  .local is a non-Internet top level domain so it won't go anywhere.  You also listed the IP address of the 2nd MX record you tried to use... is this your STATIC IP address from Verizon/GTE?  

Also, where did you add the MX record?  Somehow I'm thinking that you are editing the DNS zone file INSIDE the SBS server... this is not an Internet accessible zone file, it's only for use within your domain and doesn't need MX records.
I was thinkin that becuase I believe Register.com's DNS interface won't allow you to input an IP address because IP addresses aren't allowed in MX records (you have to either use the registered reverse DNS for that IP which is bdsl.66.15.204.gte.net or you need to ALSO include an (A) record in your zone file --- something like nordlawmail.nordstrandlaw.com which points to that IP and then use that domain name in your MX record (although I'd shorten it if I were you to something like mail.nordstrandlaw.com or sbs.nordstrandlaw.com because if you want your users to be able to access the server remotely for OWA or RWW they will have to type all of that longer name).

Your site is pretty dead at the moment...so it doesn't sound like register.com is your answer.  Recently I've found that propagation takes less than 2 or 3 hours at most if you're DNS is hosted at a tier 2 or 3 location, so I think you've got a problem with your zone file.  I'd contact register.com immediately to resolve the problem, but I would also consider using just a DNS hosting service since that's all you need... zoneedit.com is pretty good for that.

Jeff
TechSoEasy




0
 
LVL 1

Author Comment

by:3p0cHx
ID: 13881571
My appologies, the MX record that was on file with Register.com was nordlawmail.nordstrandlaw.com, not nordlawmail.nordstrandlaw.local. Yes, the IP address you said to remove from my MX records is the Verizon/GTE static address. I was thinking since  nordlawmail.nordstrandlaw.com wasn't resolving I could enter the IP instead. Thanks for the info on IP addresses not being allowed in MX records.

I spoke with a rep at register.com and he claims that my issue could be resolved with the following changes: Under Register.com's Domain Manager, 'Change IP' screen, the rep added "*.nordstrandlaw.com points to 66.15.204.208", as well as "mail.nordstrandlaw.com points to 66.15.204.208". Additionally, he changed my MX record from "nordstrandlaw.com      Hi      nordlawmail.nordstrandlaw.com" to "nordstrandlaw.com      Hi      mail.nordstrandlaw.com". The name of my server internally is "nordlawmail.nordstrandlaw.local". I'm not sure what name it is from outside my LAN.  

Sorry for my lack of decisiveness but where exactly should I add the registered reverse DNS address "bdsl.66.15.204.gte.net"? Should I add it to the MX Records, (along with 'nordstrandlaw.com      Hi      mail.nordstrandlaw.com') or replace it completely? Should I add the reverse DNS address in the "Change IP" screen along with:

*.nordstrandlaw.com        points to           66.15.204.208
nordstrandlaw.com       points to         66.15.204.208
mail.nordstrandlaw.com       points to         66.15.204.208
bdsl.66.15.204.gte.net    points to      66.15.204.208  <---- add this line?

You're right, 'mail.nordstrandlaw.com/remote' is a little easier to type than 'nordlawmail.nordstrandlaw.com'. ;-)

Is Zoneedit.com a free DNS hosting service? Will any entries I make within Zoneedit.com affect the Register.com entries? Would this finally override Cedant's insistance that nordstrandlaw.com is pointing to 66.175.25.73?

You stated this: "When a request is made on the Internet for nordstrandlaw.com the first place that is checked are those name servers... and if they do not contain your authoritative zone file, there's little likelyhood that the request will get any further along." I'm sure this is exactly what's happening. If I do go ahead and use Zoneedit, will I then need to change my Domain Name Servers at Register.com to Zoneedit's servers?

Thanks for all your help Jeff, I know I've asked a lot of questions but I want to get this right as changes I make only take effect after anywhere from 2 hours to 36 hours...I want to get it right as soon as possible so my clients can get their inbound mail... :-)

Jason
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 13883848
No problem... dns can be rather confusing.  From what I can see in the historical files available on the Internet, you've had your domain's DNS at register.com for a few years... as long as you haven't changed your Name Servers (dns14.register.com and dns15.register.com) there isn't really any propagation period.  Any change you make in the zone file should take effect immediately.  You should be able to ALWAYS check your work by going to http://www.DNSReport.com to see if there are any errors.  Make DNSReport.com your friend.  :-)

BUT your name servers are still not working... that is still a problem and no matter what you've changed, you won't know if it's working unless you get the name server issue resolved.  You need to call register.com back and ask them why dns14.register.com and dns15.register.com aren't listing your domain.

After you've resolved that here are my thoughts on your zone file:

The reason he changed your mx record to mail.nordstrandlaw.com is because, as you just found out, you can't use an IP address... so creating an MX record requires two entries --- the first one he made was "mail.nordstrandlaw.com  points to 66.15.204.208" --- once that's established, then the MX entry will understand how to route to mail.nordstrandlaw.com.  He could just as easily created the "nordlawmail.nordstrandlaw.com  points to 66.15.204.208" entry instead but he did what was easier for himself.  It doesn't really matter what sub-domain (the first part BEFORE .nordstrandlaw.com) is used -- in fact you don't need to use a sub-domain there at all because you have only one mail server... it just makes it easier to switch mail servers or to use a back-up mail server because the sub-domain will then differentiate between different servers.

Don't worry about the bdsl.66.15.204.gte.net for right now... it doesn't seem to work correctly anyhow.  Also, the name you've given your server only matters internally.  Externally, all that matters is the public IP address -- which is supposed to be found by the instructions in your DNS Zone File.  That being said... you didn't state whether you had a router or other hardware firewall in front of yoru SBS, but it doesn't sound as though you changed anything locally.  If you did, and if you have a router, you need to make sure that it's configured properly.  (http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx)

Regarding ZoneEdit... it's a free service if you have less than 5 domain names.  You only have one, so it's free.  Using this service WOULD require that you change the NAME SERVERS at register.com -- but from what you've now told me and considering the current state of your dns issues... i'd just try to work it out where you are by getting register.com to get you the proper name server entries.

Lastly... it's generally not the best or safest practice to host a public website on your sbs other than the simple site you currently have.  I am only mentioning this so that you keep it in mind if you ever consider expanding your web presence.  Also, make sure to watch your performance reports -- it's possible that your internal use of the server may slow down the delivery of your website.

Good Luck!

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:3p0cHx
ID: 13888512
I spoke with Register.com again and the rep claimed that I had an invalid domain alias. She removed it for me and claims that it will take another 6-12 hours for the correction to propagate. Here are the entries:
ftp.nordstrandlaw.com         points to         nordstrandlaw.com
lawyer.nordstrandlaw.com         points to         nordstrandlaw.com
www.nordstrandlaw.com         points to         nordstrandlaw.com
www.nordstrandlaw.com     points to     www.nordstrandlaw.com   <== This entry was removed.

I feel really dumb if it was something this easy, but live and learn. She claims this will resolve the MX record problem as well. Now I play the waiting game again, but I feel a little more confident this was the issue.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13889557
Ah... that would probably cause the problem.  Register.com's zone file editing is a bit unique... it doesn't use the standard format and language.  In their effort to make it "easier" they've made it more difficult if you want to seek help from someone other than them or to host your site elsewhere for that matter.

If you were able to get to the ACTUAL zone file you could change the "TTL" or "Time To Live" entry which would make your propagation period shorter.  But, for now, it's probably just best to wait it out.  

Keep checking the DNSReport.com results to make sure everything works.

Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13889981
Jason,

I still think you have a problem... using DLINT, a direct query is made to the name server... so there is NO propagation period.  This is the result:

;; dlint version 1.4.0, Copyright (C) 1998 Paul A. Balyoz <pab@domtools.com>
;; Dlint comes with ABSOLUTELY NO WARRANTY.
;; This is free software, and you are welcome to redistribute it
;; under certain conditions. Type 'man dlint' for details.
;; command line: /usr/local/bin/dlint nordstrandlaw.com.
;; flags: normal-domain recursive.
;; using dig version 9.2.1
;; run starting: Thu Apr 28 13:57:51 MST 2005
;; ============================================================
;; Now linting nordstrandlaw.com.
;; Checking serial numbers per nameserver
;; 200504145 dns14.register.com.
;; dns15.register.com.
WARNING: nameservers don't seem to agree on the zone's serial number.
 Dlint will query nameserver with largest serial number first.
;; Now caching whole zone (this could take a minute)
;; trying nameserver dns14.register.com.
ERROR: no A records found.
;; no subzones found below nordstrandlaw.com., so no recursion will take place.
;; ============================================================
;; dlint of nordstrandlaw.com. run ending with errors.
;; run ending: Thu Apr 28 13:58:13 MST 2005

Final Results: 1 error, 1 warning

You can try it for yourself http://www.domtools.com/dlint/ , but I still think Register.com has a problem that needs to be fixed... perhaps flushing out their cache?

Jeff
0
 
LVL 1

Author Comment

by:3p0cHx
ID: 13890144
Everything is working correctly now. Apparently it was the bad alias that was causing all the problems. I can see the site at it's domain name and mail is being sent and received correctly. Dnsreport.com still says this: The following nameservers are lame: 216.21.234.78, but as long as the website and mail can be seen correctly then I'm okay with one lame nameserver. Also, it reports: WARNING: Your SOA RETRY interval is : 86400 seconds. This is way too high. - Oh well, register.com's site won't allow me to change this setting anyway so I'll disregard it.

Thanks for your advice on the website being hosted on something other than my SBS server. I agree, and I have the website running on an Apache/Debian box that my router/firewall passes only port 80 to that server. At 1:45 this morning, however, someone tried to log in to the remote site as administrator and failed. I think I'll be seeing a lot of this maybe because of this post? :-p     I do have ICMP blocked on my firewall, though so hopefully I won't have to worry too much about script kiddies. I really like SBS's reporting feature. I get emails with critical events, backup reports, failed login attempts and processor usage. I am beginning to really like SBS.

I'll close this question now, thanks again for your help!


0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13891075
Jason,

Glad it all worked out... great that you have the website on a separate machine, but I'd suggest that you put it in FRONT of your router as a DMZ and outside of your LAN.  It's easier to do if you have multiple IP addresses, but if you have port forwarding set up for the other necessary ports to the SBS then it should work out fine.

Take care...

Jeff
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question