Solved

Nameservers and Email

Posted on 2006-06-21
7
580 Views
Last Modified: 2013-12-06
Hi,

On Monday we had a problem where my SBS 2003 exchange server could not send email via the SMTP address - it got stuck in the outbound queue. Nor could I access the companies website.

I enquired to the web host, who told me that the IP addresses of the nameservers had been updated and that I was on a cached DNS server and would eventually clear up. It did, and things started to work again.

But today, the same thing happened, I enquired to the web host again who said there was a problem on the secondary nameserver and it was being fixed.


Now, the strange bit:

The SMTP address is provided by the ISP of the offices that we are in.

The webhost who control the domain name and the web hosting have absolutely nothing to do with the ISP in the slightest.

The web host tell me that the name servers IP being changed and the nameservers error today and the emails not being able to leave the exchange server was a coincidence (twice) -

They tell me that the problem with the nameservers will have absolutely nothing to do with the SMTP sending of email.

Is this true?

i.e, Host says, website problem, yes that our issue, Email problem, thats the ISPs issue..



The ISP has been getting me to change the SMTP address today and he eventually gave me an ip address to use as the smtp address, I can now send to most of my test emails, except for one (I know this address definately works) and nothing is stuck in MS Exchange Outbound queue!
I have always been able to receive email, the webhost has set us an MX record which points all mail direct to our exchange servers IP address.

Any ideas? Im confused by the whole situation with name servers and the like.

Any help would be appreciated.
0
Comment
Question by:JackHodson
  • 4
  • 3
7 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 500 total points
ID: 16950632
The relationship between DNS (i.e. nameservers) and SMTP email is vitally important.  So I think the comment:

>>They tell me that the problem with the nameservers will have absolutely nothing to do with the SMTP sending of email.

is totally false and the folks that told you this are either idiots (likely) or lying (also likely) or both.

SMTP cannot work without DNS since DNS is the "address" book that SMTP uses to find the destination server for the SMTP traffic is has to send.

DNS uses a number of different record types for different purposes.  The one you are most familiar with is probably the "A" or ADDRESS records.  This is used to resolve a hostname like "www.experts-exchange.com" to an IP address so that your web browser can open the correct web page.  You can query the DNS database using NSLOOKUP for the "A" record like:

> set type=a
> www.experts-exchange.com
Server:  [74.128.0.101]
Address:  74.128.0.101

Non-authoritative answer:
Name:    experts-exchange.com
Address:  64.156.132.140
Aliases:  www.experts-exchange.com

The "A" record for www.experts-exchange.com says thata the IP address of this host is 64.156.132.140.

There is another DNS record specifically for mail delivery and it is called the MX record.  You can also query for that like:

> set type=mx
> experts-exchange.com
Server:  [74.128.0.101]
Address:  74.128.0.101

Non-authoritative answer:
experts-exchange.com    MX preference = 1, mail exchanger = mail.experts-exchang
e.com

experts-exchange.com    nameserver = ns6.experts-exchange.com
experts-exchange.com    nameserver = ns5.experts-exchange.com
mail.experts-exchange.com       internet address = 64.156.132.251
ns6.experts-exchange.com        internet address = 64.156.132.252
ns5.experts-exchange.com        internet address = 64.156.132.253
>

So this says that the MX (or MAIL EXCHANGER) for the domain experts-exchange.com is a hostname called "mail.experts-exchange.com".  You can then use the "A" record and do another lookup to find the IP of mail.experts-exchange.com.  NSLOOKUP does this for you and shows the IP of this host as 64.156.132.251.

So if your SMTP server wants to deliver a message to some user at experts-exchange.com it will lookup the MX record to get the mail exchanger host (or hosts - there can be more than one) and then will lookup that hostname's "A" record and finally will open an SMTP connection (i.e. port 25) to that IP and attempt to deliver the mail.

If the DNS server for experts-exchange.com changes or the data in it changes, there will be a period of time while the CACHED DNS entries expire.  The way DNS works is that the queries don't go all the way back to the NAMESERVER (i.e. the NS record for the domain) but are cached along the way, including in your own computer's local cache in the likely event that the domain name gets resolved again.  This keeps redundant queries from overloading DNS servers since DNS entries don't usually change that often.  The cache expiry time varies depending on the settings used by the DNS admins at the site but is commonly a few hours to a few days.

I hope this helps.



0
 
LVL 32

Expert Comment

by:jhance
ID: 16950648
Oh, I meant to point out the:

"Non-authoritative answer:"

lines in the above traces.  This means that the DNS server that answered the DNS query is NOT authoritative for the domain experts-exchange.com.  In other words, the data is from the cache on the server and MAY be out of date.

If you want to FORCE a query from the authoritative DNS server you must go back to the listed NS name server for the domain.
0
 
LVL 4

Author Comment

by:JackHodson
ID: 16950736
Thank you jhance once again, I think I follow all your words.

One thing that has got me though, and im not sure this will make sense..

We have company X who is the ISP and provides the SMTP
and
we have company Z who provided my domain name and web hosting.



We have the SMTP given to us by company X (ISP), are you saying that the ISP uses the DNS entries from the domain nameservers on company Z?

If the above is true then it explains why company Z messing with the nameservers affected our email

BUT
I would have thought that if company X is providing the SMTP address, then they would use their own DNS to resolve it.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 32

Expert Comment

by:jhance
ID: 16950883
There ONLY nameservers which are authoritative for a domain are the ones listed in the NS records for the DNS record.  ONLY ONE organization has control of the DNS and that is the one that runs the DNS server that holds the records.

The ISP is NOT necessarily the one who holds the domain records although that is often the case.  There is actually another level of this complexity that I didn't mention.  That's the role of the domain REGISTRAR (like Verisign, GoDaddy, etc.).  This is the database that is used to find the authoritative DNS server for a particular domain name.  If you query the WHOIS database for a domain, you will get the domain server(s).  For example:

Registrant:
Experts Exchange, LLC
   P.O. Box 2781
   Paso Robles, CA 93447
   US

   Domain Name: EXPERTS-EXCHANGE.COM

   Administrative Contact:
      Miller, Austin  austin@experts-exchange.com
      Experts Exchange, LLC
      P.O. Box 2781
      Paso Robles, CA 93447
      US
      (805)787-0603 fax: 999 999 9999

   Technical Contact:
      Gardner, Brian  brian@experts-exchange.com
      Experts Exchange, LLC
      P.O. Box 2781
      Paso Robles, CA 93447
      US
      805-787-0603 fax: 999 999 9999

   Record expires on 14-Jul-2013.
   Record created on 15-Jul-1996.
   Database last updated on 21-Jun-2006 09:00:13 EDT.

   Domain servers in listed order:

   NS5.EXPERTS-EXCHANGE.COM     64.156.132.253
   NS6.EXPERTS-EXCHANGE.COM     64.156.132.252

Ok, so this says:

   NS5.EXPERTS-EXCHANGE.COM     64.156.132.253
   NS6.EXPERTS-EXCHANGE.COM     64.156.132.252

These are the TWO and ONLY TWO DNS servers that are authoritative for this domain.  Even though any idiot can put DNS records for experts-exchange.com in their DNS server, the registrar for experts-exchange.com says that these are the ones.  So you can go to them and find out the authoritative answer to any DNS queries.

What SPECIFIC domain are we talking about here.  If you post it I can examing the specifics and perhaps help you understand better.

0
 
LVL 4

Author Comment

by:JackHodson
ID: 16951020
it is infomedltd.co.uk
0
 
LVL 32

Expert Comment

by:jhance
ID: 16951651
Here's a good place to start looking for issues:

http://www.checkdns.net/quickcheck.aspx

I see a couple of minor issues (like the SOA warning) but nothing that would cause a real problem.



According to it:


CheckDNS.NET is asking root servers about authoritative NS for domain
  Got DNS list for 'infomedltd.co.uk' from nsc.nic.uk or nsc.nic.uk
  Found NS record: ns2.netpivotal.com[67.15.122.31], was resolved to IP address by a.gtld-servers.net
  Found NS record: ns1.netpivotal.com[207.44.250.106], was resolved to IP address by a.gtld-servers.net
  Domain has 2 DNS server(s)

CheckDNS.NET is verifying if NS are alive
  DNS server ns2.netpivotal.com[67.15.122.31] is alive and authoritative for domain infomedltd.co.uk
  DNS server ns1.netpivotal.com[207.44.250.106] is alive and authoritative for domain infomedltd.co.uk
  2 server(s) are alive

CheckDNS.NET checks if all NS have the same version
  Master DNS defined by SOA (ns.infomedltd.co.uk) was not found among NS records.
  All 2 your servers have the same zone version 1147706086

CheckDNS.NET verifies www servers
  Checking HTTP server www.infomedltd.co.uk [67.15.8.53]
  HTTP server www.infomedltd.co.uk[67.15.8.53] answers on port 80
  Received: HTTP/1.1 200 OK (Server: Apache/2.0.52 (Red Hat)) . Infomed Research & Training Limited. Welcome to. Infomed Research and Training Limited. At Infomed we are .committed.... "to strive to be the best facilitator of discussion, communications and .learning . amongst practicing doctors and consultants, by means of workshops, .seminars, . conferences and other forms of group and individual

CheckDNS.NET tests mail-servers
  Domain infomedltd.co.uk has only one mail-server
  Checking mail server (PRI=10) mail.infomedltd.co.uk [83.244.160.73]
  Mail server mail.infomedltd.co.uk[83.244.160.73] answers on port 25
  <<< 220 infomedltd.co.uk Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Wed, 21 Jun 2006 15:25:25 +0100
  >>> HELO www.checkdns.net
  <<< 250 infomedltd.co.uk Hello [195.60.98.252]
  >>> MAIL FROM: <dnscheck@uniplace.com>
  <<< 250 2.1.0 dnscheck@uniplace.com....Sender OK
  >>> RCPT TO: <postmaster@infomedltd.co.uk>
  <<< 250 2.1.5 postmaster@infomedltd.co.uk
  >>> QUIT
  Mail server mail.infomedltd.co.uk [83.244.160.73] accepts mail for infomedltd.co.uk
  All MX are configured properly
0
 
LVL 4

Author Comment

by:JackHodson
ID: 16952236
Many thanks for the help jhance, think I have is all sussed out now :)
hopefully the host wil lleave the nameservers alone for a while! :)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now