Solved

External mail domain name disappearing from DNS

Posted on 2010-08-31
14
415 Views
Last Modified: 2012-05-10
For the last few days we've been having problems with the domain name mail.colourcentre.net.au.
Approximately every 5-6 hours it stops resolving to an IP address so all emails to this domain start failing and get queued instead.

I've worked out that opening AD DNS and going 'Clear Cache' on the two primary AD servers fixes the resolution problem temporarily and then the queued emails slowly start filtering through again.

This is an external domain but we've heard from them that they changed host on Friday the 27th which is now 5 days ago.

Anyone have any idea what could be happening and how to resolve this issue? I'm now assuming the DNS problems must be on our end as doing the cache clear gets it resolving again straight away. However we are not aware of any problems with other domains and can't see any errors in event logs on the AD servers.
0
Comment
Question by:andoss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
14 Comments
 
LVL 8

Author Comment

by:andoss
ID: 33572684
I forgot to mention the problem is happening with both:
mail.colourcentre.net.au
colourcentre.net.au

Seem to need both resolving for emails to go out.
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 33572748
It looks like there's no A record in DNS to go along with the MX record for mail.colourcentre.net.au.  "mail.colourcentre.net.au" does not resolve to an IP.  Whoever runs your public DNS needs to add the A record for mail.colourcentre.net.au on IP 218.214.41.39.  That's what I'm seeing anyway.
 
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 33572777
I take that back.  Some DNS servers can resolve mail.colourcentre.net.au to an IP, but others cannot resolve it.  Google's public DNS can resolve it, but our ISP's DNS cannot.  Also, the nameservers for the domain colourcentre.net.au are reported as  "ns1.theplanet.host" and "ns2.theplanet.host".  Someone will have to educate me on that because I've never seen a ".host" before and those don't resolve to anything.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33572792
First thing I see on a nslookup locally trying to find you:
mail.colourcentre.net.au        internet address = 218.214.41.39
colourcentre.net.au     nameserver = ns2.theplanet.host
colourcentre.net.au     nameserver = ns1.theplanet.host

I don't know if that's the old address... and things just haven't timed out in the caches up stream yet.

Umm... those name servers have a top level domain of 'host'?
Assuming it should be at theplanet.com, the name servers also seem to deny my queries... *shrug*

Looking at ns5.aftershock.com.au, I see:
colourcentre.net.au     MX preference = 0, mail exchanger = mail.colourcentre.net.au
colourcentre.net.au
        primary name server = ns1.theplanet.host
        responsible mail addr = info.174.122.249.106
        serial  = 2010082703
        refresh = 86400 (1 day)
        retry   = 7200 (2 hours)
        expire  = 3600000 (41 days 16 hours)
        default TTL = 86400 (1 day)
colourcentre.net.au     nameserver = ns1.theplanet.host
colourcentre.net.au     nameserver = ns2.theplanet.host
colourcentre.net.au     internet address = 174.122.249.106
mail.colourcentre.net.au        internet address = 218.214.41.39

The name servers in there are still... umm... looking wrong.  http://whois.ausregistry.net.au/whois indicates that your name server should be ns5.aftershock.com.au ?  (And again, I can't resolve the .host top level domain.)

So, at this point, I'm not sure what name server thinks it is authoritative for you...
0
 
LVL 8

Author Comment

by:andoss
ID: 33572793
From what you've just said would you be thinking the problem is on their end at the moment still?

Do you think creating forwarders for those two domains to a public DNS server that can resolve them be a decent temporary resolution?
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33572798
Oops... sorry IT-Monkey, you posted while I was still navigating around trying to figure out what is going on.  *blush*
0
 
LVL 8

Author Comment

by:andoss
ID: 33572831
Hi Razmus,

I have nothing to do with colourcentre.net.au or mail.colourcentre.net.au setup.
I'm working for another company that corresponds with them via email and we are having problems with our mail server queuing up emails because we aren't able to resolve their domain via DNS.

I believe from what you are saying is that the problem appears to be on their end and my DNS servers are working as they should?
It's just weird that a clear cache fixes the problem? I'm not very knowledgeable on AD DNS but is it possible some of the root servers have the right DNS for this domain and others don't which might explain the cache clear fix?
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33575716
A few more questions:
Is 218.214.41.39 the correct or incorrect IP address for your mail server?
Confirm: Your AD domain doesn't use colourcentre.net.au domain name?

Basically, I believe you are picking up the wrong address from somewhere, which is saying that it's authoritative for your domain.  The next time it happens, before you clear the cache, drill down into the cache and look at the address assigned to mail.colourcentre.net.au and see (1) if it's wrong, and (2) jot down what it is, which will help track down where it's coming from.
0
 
LVL 8

Author Comment

by:andoss
ID: 33582355
As i've said this is not my mail server or my domain name.
It's a company we regularly correspond with and due to this problem are now unable to (until i clear the cache).

Just trying to work out if the problem is on our end or theirs and if it's on theirs is there a workaround we can use until they fix their end?
0
 
LVL 13

Accepted Solution

by:
IT-Monkey-Dave earned 250 total points
ID: 33582452
What if you create a new forward lookup zone on your internal AD DNS server(s) for the domain colourcentre.net.au and populate it with a single A record for mail.colourcentre.net.au at IP 218.214.41.39.  Maybe also an MX record for that mail server too.  That's assuming 218.214.41.39 is the correct IP, which I'm not sure we've confirmed.  That way your internal DNS server(s) will never have to look outside to resolve mail.colourcentre.net.au and therefore they should have the correct IP at all times.  But only if you already know the correct IP.
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 250 total points
ID: 33582483
Ah! I misunderstood what you meant this not being your systems.

On your DNS Servers, can you confirm what bad information is ending up in your cache?

If it were me, and it were only emails I was concerned about, I'd make a static entry for their mail server in the HOSTS file on my mail server, and I'd send an email to myself with delayed delivery in two weeks to go back and check to see if they have fixed their issue yet, so I could strip that entry out later.  (I wouldn't want anyone else to find that entry in some number of months or years after spending forever troubleshooting a mail delivery issue.)  The MX entry looks like it might be correct... so this could be sufficient.  *crosses.fingers*
0
 
LVL 8

Author Comment

by:andoss
ID: 33582572
I  think creating the additional forward lookup zone will be the best option and then i'll just remove it once they resolve their issues.
It is just emails we are concerned about but there are a number of different servers that are sending these emails so static entries on each of these would end up messy.

Thanks for both your help I'll give that a shot.
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 33582584
Hope it works.  Let us know what happens.
0
 
LVL 8

Author Closing Comment

by:andoss
ID: 33614127
I ended up creating a forwarder for the colourcentre.net.au domain to our ISP's DNS server.

Thanks for both your help.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question