Solved

DNS MX record cached

Posted on 2010-11-17
21
1,692 Views
Last Modified: 2012-05-10
We are having an issue with DNS. We moved our MX records about 2 months ago from one spam filter (hosted) to another (hosted). Still after 2 months we are seeing e-mail traffic still going through our old one. (About 1-2% - 10-15 domains). Network Solutions hosts our DNS. I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

Luckily our old spam filter host still accepts and delivers mail. However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

I highly doubt these e-mail servers from the senders are caching old DNS records. Considering after we made the MX change mail almost immediately started going through the new host.

I'm lost, much help would be appreciated.

0
Comment
Question by:rbmacct
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 5
  • +5
21 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 34157006
This sounds like your OLD DNS sever still has the zone/domain record loaded, and even though you have moved hosts, and DNS servers, anyone still using the OLD DNS servers will of course get the OLD answer.  Make sure that at the OLD DNS server, your zone has been completely deleted.  I doubt it's cache, nothing would live that long.
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34157024
We didn't move the DNS hosts. We just updated the MX records that is and was hosted with Network Solutions.

0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34157035

The cache will be there and valid until they manually clear the cache. I think this is applicable to clients, servers etc.

0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 1

Author Comment

by:rbmacct
ID: 34157036
I guess I shouldn't of used the word 'moved'. We just updated our MX records at the current DNS host (Network Solutions). Sorry for the confusion.
0
 
LVL 5

Expert Comment

by:dacasey
ID: 34157040
Can you identify the source to the mail that is misdirected?  Look at the headers for some of these 1-2% of the messages you should see a common mail server or servers.  These would be the places to continue your investigation.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34158098
Check you mail server settings.

specifically Send connector settings if it is an  exchange server .
0
 
LVL 12

Accepted Solution

by:
Kent W earned 250 total points
ID: 34158174
I'm taking it you moved MX spam filter services, like Postini, just from one service to another?
Decasey is correct, looking at the header of an email in question would tell you the chain, but it is starting to sound like to me your old spam filter service is the one caching the MX, which they sometimes do.
You can check a header and verify, but I bet somehow, especially since they are still accepting mail from you, they have it cached in their spam filter application, not necessarily in their DNS.
0
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 250 total points
ID: 34158202
I'm sorry, I forgot to put "why" this may be happening.  If your old filter service also provides other service (email, etc.), other user of their service / dns / filter may be finding your old MX, rather than the updated.
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34158417
How would clients/servers get their DNS information from someplace that isn't my DNS host? They would have to go to the name servers first to get back to the old spam filter (old MX records) which they shouldn't because the MX records point elsewhere. I just don't understand how the old spam filter would cache/server DNS requests when they aren't even my DNS host nor do my MX records point there.

0
 
LVL 10

Expert Comment

by:akhalighi
ID: 34158506
-Ask your DNS host to change MX Time to live ( TTL ) to something short ( e.g. 30 min)

-Make sure they didn't "ADD" your new spam filter hosts to your records ; they should also remove existing ones.
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34158528
We already changed the TTL to 3600. I'm calling them again to see if I can get higher up the chain. I feel this is definitely a Network Solutions problem. It just doesn't make sense why mail is still going to a 2 month old MX record. I'll update after I speak with them again.

0
 
LVL 12

Expert Comment

by:Kent W
ID: 34158733
I don't think you understood.  People using your old spam filter, if this is a popular service, could be picking up the old MX from the actual spam filter you were using, if their mail is routed through that service.  A lot of these services will cache MX, or just save DNS resolutions, within the service itself, independent of DNS MX.  The fact that they are still accepting mail for your domain is one clue that could be the issue.  Regular DNS MX caching and related issues seem to be getting you nowhere.  
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34159451
> I have called them twice to verify they aren't caching any old MX records and they insist that they are NOT.

If they host it they will not be caching anything, they will be providing authoritative answers.

My DNS server might cache a response to a query via network solutions (for example), but that won't be their fault, it'll be mine.

> However I'm now stuck as to why mail is still going to an 2 month old MX record that doesn't exist anywhere anymore.

You know, I've seen a problem like this before. I don't suppose the people delivering via the "old MX" are also customers of the same anti-spam provider are they?

If they are you may find that mail is being routed internally through the anti-spam system, not delivery via the MX.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34159463

Actually, ignore that, it's exactly what mugojava said. Apologies for the repetition, need to pay more attention.

Chris
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34159498
I did lookup's on the MX's for the domains that were going through our same old spam filter and they aren't pointed to the same filter, so that would tell me they aren't using the same spam filter as we were. I'm going to call ForeFront (old spam filter) and see what they have to say.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34159523
Ignore the MX, if it's routing internally through their system it will have nothing to do with the MX.

I used to have a problem like this with MessageLabs, shifted away from them but the account wasn't quite cancelled, stuff from their other customers was still delivered by the path they defined (not the path the MX defined).

That's what mugojava is getting at.

Chris
0
 
LVL 9

Expert Comment

by:conradie
ID: 34164848
Dont take any DNS hosting company's word for it on what they say your MX records are, check it for yourself. Here is an easy way:

Go to this site and input your domain name:
http://www.mxtoolbox.com

It will report back what the internet is seeing as your MX records. What you may also want to do is verify that your name servers are where you think they are:

http://www.networksolutions.com/whois/index.jsp

At the bottom, you will find your name servers in listed order. Make sure these are the Network Solutions name servers.

Please report back what you find. Make sure to change the domain names to something fictitious, if you do post the results. That may be helpful.
 
0
 
LVL 1

Author Comment

by:rbmacct
ID: 34191436
It appears that was the problem.  The cloud for Microsoft was caching the MX records for other domains that were hosted in the same cloud. As soon as I removed our domains from MS ForeFront they removed their cached DNS and went off the public records.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34191458

If you go for closing, I recommend you pick http:#34158733 :)

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34191460

Good enough :)

Chris
0
 
LVL 12

Expert Comment

by:Kent W
ID: 34193082
Sweet.  Glad that helped :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question