Solved

DNS MX record cached

Posted on 2010-11-17
21
1,500 Views
Last Modified: 2012-05-10
We are having an issue with DNS. We moved our MX records about 2 months ago from one spam filter (hosted) to another (hosted). Still after 2 months we are seeing e-mail traffic still going through our old one. (About 1-2% - 10-15 domains). Network Solutions hosts our DNS. I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

Luckily our old spam filter host still accepts and delivers mail. However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

I highly doubt these e-mail servers from the senders are caching old DNS records. Considering after we made the MX change mail almost immediately started going through the new host.

I'm lost, much help would be appreciated.

0
Comment
Question by:rbmacct
  • 6
  • 5
  • 5
  • +5
21 Comments
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
This sounds like your OLD DNS sever still has the zone/domain record loaded, and even though you have moved hosts, and DNS servers, anyone still using the OLD DNS servers will of course get the OLD answer.  Make sure that at the OLD DNS server, your zone has been completely deleted.  I doubt it's cache, nothing would live that long.
0
 
LVL 1

Author Comment

by:rbmacct
Comment Utility
We didn't move the DNS hosts. We just updated the MX records that is and was hosted with Network Solutions.

0
 
LVL 10

Expert Comment

by:moon_blue69
Comment Utility

The cache will be there and valid until they manually clear the cache. I think this is applicable to clients, servers etc.

0
 
LVL 1

Author Comment

by:rbmacct
Comment Utility
I guess I shouldn't of used the word 'moved'. We just updated our MX records at the current DNS host (Network Solutions). Sorry for the confusion.
0
 
LVL 5

Expert Comment

by:dacasey
Comment Utility
Can you identify the source to the mail that is misdirected?  Look at the headers for some of these 1-2% of the messages you should see a common mail server or servers.  These would be the places to continue your investigation.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Check you mail server settings.

specifically Send connector settings if it is an  exchange server .
0
 
LVL 12

Accepted Solution

by:
Kent W earned 250 total points
Comment Utility
I'm taking it you moved MX spam filter services, like Postini, just from one service to another?
Decasey is correct, looking at the header of an email in question would tell you the chain, but it is starting to sound like to me your old spam filter service is the one caching the MX, which they sometimes do.
You can check a header and verify, but I bet somehow, especially since they are still accepting mail from you, they have it cached in their spam filter application, not necessarily in their DNS.
0
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 250 total points
Comment Utility
I'm sorry, I forgot to put "why" this may be happening.  If your old filter service also provides other service (email, etc.), other user of their service / dns / filter may be finding your old MX, rather than the updated.
0
 
LVL 1

Author Comment

by:rbmacct
Comment Utility
How would clients/servers get their DNS information from someplace that isn't my DNS host? They would have to go to the name servers first to get back to the old spam filter (old MX records) which they shouldn't because the MX records point elsewhere. I just don't understand how the old spam filter would cache/server DNS requests when they aren't even my DNS host nor do my MX records point there.

0
 
LVL 10

Expert Comment

by:akhalighi
Comment Utility
-Ask your DNS host to change MX Time to live ( TTL ) to something short ( e.g. 30 min)

-Make sure they didn't "ADD" your new spam filter hosts to your records ; they should also remove existing ones.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Comment

by:rbmacct
Comment Utility
We already changed the TTL to 3600. I'm calling them again to see if I can get higher up the chain. I feel this is definitely a Network Solutions problem. It just doesn't make sense why mail is still going to a 2 month old MX record. I'll update after I speak with them again.

0
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
I don't think you understood.  People using your old spam filter, if this is a popular service, could be picking up the old MX from the actual spam filter you were using, if their mail is routed through that service.  A lot of these services will cache MX, or just save DNS resolutions, within the service itself, independent of DNS MX.  The fact that they are still accepting mail for your domain is one clue that could be the issue.  Regular DNS MX caching and related issues seem to be getting you nowhere.  
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
> I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

If they host it they will not be caching anything, they will be providing authoritative answers.

My DNS server might cache a response to a query via network solutions (for example), but that won't be their fault, it'll be mine.

> However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

You know, I've seen a problem like this before. I don't suppose the people delivering via the "old MX" are also customers of the same anti-spam provider are they?

If they are you may find that mail is being routed internally through the anti-spam system, not delivery via the MX.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Actually, ignore that, it's exactly what mugojava said. Apologies for the repetition, need to pay more attention.

Chris
0
 
LVL 1

Author Comment

by:rbmacct
Comment Utility
I did lookup's on the MX's for the domains that were going through our same old spam filter and they aren't pointed to the same filter, so that would tell me they aren't using the same spam filter as we were. I'm going to call ForeFront (old spam filter) and see what they have to say.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
Ignore the MX, if it's routing internally through their system it will have nothing to do with the MX.

I used to have a problem like this with MessageLabs, shifted away from them but the account wasn't quite cancelled, stuff from their other customers was still delivered by the path they defined (not the path the MX defined).

That's what mugojava is getting at.

Chris
0
 
LVL 9

Expert Comment

by:conradie
Comment Utility
Dont take any DNS hosting company's word for it on what they say your MX records are, check it for yourself. Here is an easy way:

Go to this site and input your domain name:
http://www.mxtoolbox.com

It will report back what the internet is seeing as your MX records. What you may also want to do is verify that your name servers are where you think they are:

http://www.networksolutions.com/whois/index.jsp

At the bottom, you will find your name servers in listed order. Make sure these are the Network Solutions name servers.

Please report back what you find. Make sure to change the domain names to something fictitious, if you do post the results. That may be helpful.
 
0
 
LVL 1

Author Comment

by:rbmacct
Comment Utility
It appears that was the problem.  The cloud for Microsoft was caching the MX records for other domains that were hosted in the same cloud. As soon as I removed our domains from MS ForeFront they removed their cached DNS and went off the public records.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

If you go for closing, I recommend you pick http:#34158733 :)

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Good enough :)

Chris
0
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
Sweet.  Glad that helped :)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now