DNS MX record cached

We are having an issue with DNS. We moved our MX records about 2 months ago from one spam filter (hosted) to another (hosted). Still after 2 months we are seeing e-mail traffic still going through our old one. (About 1-2% - 10-15 domains). Network Solutions hosts our DNS. I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

Luckily our old spam filter host still accepts and delivers mail. However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

I highly doubt these e-mail servers from the senders are caching old DNS records. Considering after we made the MX change mail almost immediately started going through the new host.

I'm lost, much help would be appreciated.

LVL 1
rbmacctAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
This sounds like your OLD DNS sever still has the zone/domain record loaded, and even though you have moved hosts, and DNS servers, anyone still using the OLD DNS servers will of course get the OLD answer.  Make sure that at the OLD DNS server, your zone has been completely deleted.  I doubt it's cache, nothing would live that long.
0
rbmacctAuthor Commented:
We didn't move the DNS hosts. We just updated the MX records that is and was hosted with Network Solutions.

0
moon_blue69Commented:

The cache will be there and valid until they manually clear the cache. I think this is applicable to clients, servers etc.

0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

rbmacctAuthor Commented:
I guess I shouldn't of used the word 'moved'. We just updated our MX records at the current DNS host (Network Solutions). Sorry for the confusion.
0
dacaseyCommented:
Can you identify the source to the mail that is misdirected?  Look at the headers for some of these 1-2% of the messages you should see a common mail server or servers.  These would be the places to continue your investigation.
0
Suliman Abu KharroubIT Consultant Commented:
Check you mail server settings.

specifically Send connector settings if it is an  exchange server .
0
Kent WSr. Network / Systems AdminCommented:
I'm taking it you moved MX spam filter services, like Postini, just from one service to another?
Decasey is correct, looking at the header of an email in question would tell you the chain, but it is starting to sound like to me your old spam filter service is the one caching the MX, which they sometimes do.
You can check a header and verify, but I bet somehow, especially since they are still accepting mail from you, they have it cached in their spam filter application, not necessarily in their DNS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kent WSr. Network / Systems AdminCommented:
I'm sorry, I forgot to put "why" this may be happening.  If your old filter service also provides other service (email, etc.), other user of their service / dns / filter may be finding your old MX, rather than the updated.
0
rbmacctAuthor Commented:
How would clients/servers get their DNS information from someplace that isn't my DNS host? They would have to go to the name servers first to get back to the old spam filter (old MX records) which they shouldn't because the MX records point elsewhere. I just don't understand how the old spam filter would cache/server DNS requests when they aren't even my DNS host nor do my MX records point there.

0
akhalighiCommented:
-Ask your DNS host to change MX Time to live ( TTL ) to something short ( e.g. 30 min)

-Make sure they didn't "ADD" your new spam filter hosts to your records ; they should also remove existing ones.
0
rbmacctAuthor Commented:
We already changed the TTL to 3600. I'm calling them again to see if I can get higher up the chain. I feel this is definitely a Network Solutions problem. It just doesn't make sense why mail is still going to a 2 month old MX record. I'll update after I speak with them again.

0
Kent WSr. Network / Systems AdminCommented:
I don't think you understood.  People using your old spam filter, if this is a popular service, could be picking up the old MX from the actual spam filter you were using, if their mail is routed through that service.  A lot of these services will cache MX, or just save DNS resolutions, within the service itself, independent of DNS MX.  The fact that they are still accepting mail for your domain is one clue that could be the issue.  Regular DNS MX caching and related issues seem to be getting you nowhere.  
0
Chris DentPowerShell DeveloperCommented:
> I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

If they host it they will not be caching anything, they will be providing authoritative answers.

My DNS server might cache a response to a query via network solutions (for example), but that won't be their fault, it'll be mine.

> However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

You know, I've seen a problem like this before. I don't suppose the people delivering via the "old MX" are also customers of the same anti-spam provider are they?

If they are you may find that mail is being routed internally through the anti-spam system, not delivery via the MX.

Chris
0
Chris DentPowerShell DeveloperCommented:

Actually, ignore that, it's exactly what mugojava said. Apologies for the repetition, need to pay more attention.

Chris
0
rbmacctAuthor Commented:
I did lookup's on the MX's for the domains that were going through our same old spam filter and they aren't pointed to the same filter, so that would tell me they aren't using the same spam filter as we were. I'm going to call ForeFront (old spam filter) and see what they have to say.
0
Chris DentPowerShell DeveloperCommented:
Ignore the MX, if it's routing internally through their system it will have nothing to do with the MX.

I used to have a problem like this with MessageLabs, shifted away from them but the account wasn't quite cancelled, stuff from their other customers was still delivered by the path they defined (not the path the MX defined).

That's what mugojava is getting at.

Chris
0
conradieCommented:
Dont take any DNS hosting company's word for it on what they say your MX records are, check it for yourself. Here is an easy way:

Go to this site and input your domain name:
http://www.mxtoolbox.com

It will report back what the internet is seeing as your MX records. What you may also want to do is verify that your name servers are where you think they are:

http://www.networksolutions.com/whois/index.jsp

At the bottom, you will find your name servers in listed order. Make sure these are the Network Solutions name servers.

Please report back what you find. Make sure to change the domain names to something fictitious, if you do post the results. That may be helpful.
 
0
rbmacctAuthor Commented:
It appears that was the problem.  The cloud for Microsoft was caching the MX records for other domains that were hosted in the same cloud. As soon as I removed our domains from MS ForeFront they removed their cached DNS and went off the public records.
0
Chris DentPowerShell DeveloperCommented:

If you go for closing, I recommend you pick http:#34158733 :)

Chris
0
Chris DentPowerShell DeveloperCommented:

Good enough :)

Chris
0
Kent WSr. Network / Systems AdminCommented:
Sweet.  Glad that helped :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.