Odd Problem Switching DNS Providers

One of my customers is having an odd problem receiving mail after moving their MX record to another ISP / DNS Host.

The customer has Comcast for business.  Comcast is only being used for the network access.  Their help desk people didn’t know what an MX record was and I decided to have a third party do their DNS.  Their original dial up ISP (prior to switching to Comcast) was hosting their DNS record after they switched to Comcast.  Another company hosts and designs their ecommerce web site.  Their “A” record for their web site and MX record for their internal email server was hosted there.  Everything was working fine.  Mail was being sent and received.

Their current web  provider (not Comcast) also does DNS hosting.  The company decided to simplify things by having their web provider host their DNS information.    They made the changes and got the hand off from the DNS host.  However, after three days since the change they still cannot receive email.

Their mail server can be resolved on the internet.

When I telnet, I get the Exchange server just fine.

Users sending mail to my customer get this error:
The following organization rejected your message: mail88.megamailservers.com.
mail88.megamailservers.com #550 5.7.1 <Administrator@mckeeganequip.com>... Relaying denied: You must check for new mail before sending mail. ##

When I run the test at DNS Report, their network passes all the tests except the “Duplicate MX Records”.  Here is the error:
WARNING: You have duplicate MX records. This means that mailservers may try delivering mail to the same IP more than once. Although technically valid, this is very confusing, and wastes resources. The duplicate MX records are:

mail.mckeeganequip.com. and mail.mckeeganequip.com. both resolve to
mail.mckeeganequip.com. and mail.mckeeganequip.com. both resolve to
mail.mckeeganequip.com. and mail.mckeeganequip.com. both resolve to

They also fail the “Connect to Mail Servers” test:
ERROR: I could not complete a connection to any of your mailservers!

mail.mckeeganequip.com: Timed out [Last data sent: [Did not connect]]
mail.mckeeganequip.com: Timed out [Last data sent: [Did not connect]]
mail.mckeeganequip.com: Timed out [Last data sent: [Did not connect]]

If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.

Since email was working fine prior to changing the DNS providers, obviously this is their issue, however they feel that the record is correct and it’s either Comcast or us.

Has anyone seen this before?  What is the best way to resolve this?  

Who is Participating?
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Hello there,

You need to go back to that MX Record. After a quick look I found that you don't actually have a valid MX at all, it all looks fine, but it's missing a really essential piece on information.

If we have another look at the output from here:


You should note the following:

5 mx1.mckeeganequip.com. [TTL=86400] IP=[No Glue, No A record]
1 mx.mckeeganequip.com. [TTL=86400] IP=[No Glue, No A record]

First of all, using MX as a Hostname (as above) is incredibly bad practice, the DNS server will read MX as a Record Type and not process it correctly as a record. The importance of this comes into play when you get to adding a Host Record for that server (which it's failing to find).

Without the Host Record your domain will not receive mail because no one knows where you mail servers actually are.

So, I recommend you change mx1 and mx to smtp1 and smtp2, then add host entries relevant to those two servers. If you don't have two servers that can receive mail then you will only need one MX record.

Hope that makes sense!

I'm immediately drawn to that "Relaying denied" message.  I've not seen an Exchange server reply with that SMTP message before, but the message itself is usually referred to as the "POP before SMTP" setting - to ensure that attempts to send mail are valid, many ISP SMTP servers will require users to check for new mail (and thus authenticate) before attempting to send mail.

I'm also questioning how megamailserver.com got into the mix, is that your ISP's SMTP server?  Are you using that server as a "smart host" that Exchange is sending all of its outgoing mail to?  If so, the issue may be your ISP may not have configured that megamailserver.com server to accept mail from your Exchange box's new IP?

I'm 99.several-nines% certain that this isn't an Exchange issue, per se.  Though you didn't specify, I'm assuming that your IP address space changed when you moved to having your web provider hosting your DNS, yes?  Assuming that's the case, this feels like an issue where that megamailservers.com server needed to be re-configured when you changed IP addresses and someone dropped the ball.

Hope this helps.

(As an aside for your benefit, when posting configuration information on a public website, it's best to sanitize the output that you're posting, particularly public IP addresses.  Think about it: you just told every hacker on the Internet the IP address of your SMTP server for them to go hack at it. :-))

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
tedwillAuthor Commented:
The ISP for connectivty is Comcast.  The customer's web developer is hosting their DNS for their "A" record for the web site and the MX record for their email.  The web developer said just to use DNS and not a smart host for the Exchange settings.

The same scenario worked fine when another DNS provider held their MX record.

The customer's IP adress did not change.

Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Oh, and once you've got the MX fixed and working you should of course verify that the Relay issue, as mentioned by Laura, is sorted out.

All Courses

From novice to tech pro — start learning today.