Solved

DNS MX record cached

Posted on 2010-11-17
21
1,550 Views
Last Modified: 2012-05-10
We are having an issue with DNS. We moved our MX records about 2 months ago from one spam filter (hosted) to another (hosted). Still after 2 months we are seeing e-mail traffic still going through our old one. (About 1-2% - 10-15 domains). Network Solutions hosts our DNS. I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

Luckily our old spam filter host still accepts and delivers mail. However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

I highly doubt these e-mail servers from the senders are caching old DNS records. Considering after we made the MX change mail almost immediately started going through the new host.

I'm lost, much help would be appreciated.

0
Comment
Question by:rbmacct
  • 6
  • 5
  • 5
  • +5
21 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 34157006
This sounds like your OLD DNS sever still has the zone/domain record loaded, and even though you have moved hosts, and DNS servers, anyone still using the OLD DNS servers will of course get the OLD answer.  Make sure that at the OLD DNS server, your zone has been completely deleted.  I doubt it's cache, nothing would live that long.
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34157024
We didn't move the DNS hosts. We just updated the MX records that is and was hosted with Network Solutions.

0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34157035

The cache will be there and valid until they manually clear the cache. I think this is applicable to clients, servers etc.

0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Author Comment

by:rbmacct
ID: 34157036
I guess I shouldn't of used the word 'moved'. We just updated our MX records at the current DNS host (Network Solutions). Sorry for the confusion.
0
 
LVL 5

Expert Comment

by:dacasey
ID: 34157040
Can you identify the source to the mail that is misdirected?  Look at the headers for some of these 1-2% of the messages you should see a common mail server or servers.  These would be the places to continue your investigation.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34158098
Check you mail server settings.

specifically Send connector settings if it is an  exchange server .
0
 
LVL 12

Accepted Solution

by:
Kent W earned 250 total points
ID: 34158174
I'm taking it you moved MX spam filter services, like Postini, just from one service to another?
Decasey is correct, looking at the header of an email in question would tell you the chain, but it is starting to sound like to me your old spam filter service is the one caching the MX, which they sometimes do.
You can check a header and verify, but I bet somehow, especially since they are still accepting mail from you, they have it cached in their spam filter application, not necessarily in their DNS.
0
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 250 total points
ID: 34158202
I'm sorry, I forgot to put "why" this may be happening.  If your old filter service also provides other service (email, etc.), other user of their service / dns / filter may be finding your old MX, rather than the updated.
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34158417
How would clients/servers get their DNS information from someplace that isn't my DNS host? They would have to go to the name servers first to get back to the old spam filter (old MX records) which they shouldn't because the MX records point elsewhere. I just don't understand how the old spam filter would cache/server DNS requests when they aren't even my DNS host nor do my MX records point there.

0
 
LVL 10

Expert Comment

by:akhalighi
ID: 34158506
-Ask your DNS host to change MX Time to live ( TTL ) to something short ( e.g. 30 min)

-Make sure they didn't "ADD" your new spam filter hosts to your records ; they should also remove existing ones.
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34158528
We already changed the TTL to 3600. I'm calling them again to see if I can get higher up the chain. I feel this is definitely a Network Solutions problem. It just doesn't make sense why mail is still going to a 2 month old MX record. I'll update after I speak with them again.

0
 
LVL 12

Expert Comment

by:Kent W
ID: 34158733
I don't think you understood.  People using your old spam filter, if this is a popular service, could be picking up the old MX from the actual spam filter you were using, if their mail is routed through that service.  A lot of these services will cache MX, or just save DNS resolutions, within the service itself, independent of DNS MX.  The fact that they are still accepting mail for your domain is one clue that could be the issue.  Regular DNS MX caching and related issues seem to be getting you nowhere.  
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34159451
> I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

If they host it they will not be caching anything, they will be providing authoritative answers.

My DNS server might cache a response to a query via network solutions (for example), but that won't be their fault, it'll be mine.

> However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

You know, I've seen a problem like this before. I don't suppose the people delivering via the "old MX" are also customers of the same anti-spam provider are they?

If they are you may find that mail is being routed internally through the anti-spam system, not delivery via the MX.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34159463

Actually, ignore that, it's exactly what mugojava said. Apologies for the repetition, need to pay more attention.

Chris
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34159498
I did lookup's on the MX's for the domains that were going through our same old spam filter and they aren't pointed to the same filter, so that would tell me they aren't using the same spam filter as we were. I'm going to call ForeFront (old spam filter) and see what they have to say.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34159523
Ignore the MX, if it's routing internally through their system it will have nothing to do with the MX.

I used to have a problem like this with MessageLabs, shifted away from them but the account wasn't quite cancelled, stuff from their other customers was still delivered by the path they defined (not the path the MX defined).

That's what mugojava is getting at.

Chris
0
 
LVL 9

Expert Comment

by:conradie
ID: 34164848
Dont take any DNS hosting company's word for it on what they say your MX records are, check it for yourself. Here is an easy way:

Go to this site and input your domain name:
http://www.mxtoolbox.com

It will report back what the internet is seeing as your MX records. What you may also want to do is verify that your name servers are where you think they are:

http://www.networksolutions.com/whois/index.jsp

At the bottom, you will find your name servers in listed order. Make sure these are the Network Solutions name servers.

Please report back what you find. Make sure to change the domain names to something fictitious, if you do post the results. That may be helpful.
 
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34191436
It appears that was the problem.  The cloud for Microsoft was caching the MX records for other domains that were hosted in the same cloud. As soon as I removed our domains from MS ForeFront they removed their cached DNS and went off the public records.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34191458

If you go for closing, I recommend you pick http:#34158733 :)

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34191460

Good enough :)

Chris
0
 
LVL 12

Expert Comment

by:Kent W
ID: 34193082
Sweet.  Glad that helped :)
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Raising the domain level - can i do this during production 17 74
Cisco RSTP portfast 3 69
DNS spf record 14 53
Additional DC vs Child Domain 12 17
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question