Solved

DNS/MX/CNAME issue

Posted on 2011-02-14
9
917 Views
Last Modified: 2012-05-11
I apologize if this has been addressed elsewhere; I am a completely newbie to DNS.  Unfortunately I do not know anything about the servers or firewalls or any other specifics other than what I mention below.

We have a client with the domain company.com.  In order for our supporting employees to use a similar email address, we asked the client to setup a sub domain such as sub.company.com.  We also asked them to setup a CNAME record pointing to fbc0de12-3456-7890-f123-g4h5ij6kl78m.sub.company.com with a value of admin.messaging.microsoft.com; and an MX record pointing to mail.messaging.microsoft.com.  We also asked them to setup an A record pointing to one of our marketing websites.  

The client set this up on both their internal and external DNS.  The problem is that it works intermittently – 1 out of 10 tries works, to either email or hit the sub domain (as sub.company.com or www.sub.company.com or http://sub.company.com).  We have had other clients set this up successfully and it does not appear that there is any difference between this client’s setup and other clients’ setups.  

Any ideas on why this would be working intermittently?  

Thank you in advance -
0
Comment
Question by:tancat
  • 6
  • 2
9 Comments
 

Author Comment

by:tancat
ID: 34888871
I should also mention that I have used mxtoolbox.com to check the setup, and again it works intermittently.  When it doesn't work, the error message that I receive says, "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 34889789
A cname can't be used for an MX record (It's not clear if you are or are not).  Use a fully qualified domain name that has an Address record.

If you could identify the domain, it would be much easier to troubleshoot.
0
 

Author Comment

by:tancat
ID: 34890069
I can’t give out the domain or sub domain since they don’t belong to my company.  I don’t believe we are using a CNAME for an MX record, and I’m fairly certain that these three records, CNAME, MX, and A, are set up identical to our other clients where we have implemented this successfully.  I’m just not sure why it would work intermittently, like, is there anywhere along the way where signals could get crossed or sent in multiple directions?  

Possibly this is not specifically a DNS question, but other networking-related?  

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 20

Assisted Solution

by:thehagman
thehagman earned 500 total points
ID: 34890204
So it appears you have something like

www.sub.mycompany.com.     A     12.34.56.78
fbc0de12-3456-7890-f123-g4h5ij6kl78m.sub.company.com.     CNAME     admin.messaging.microsoft.com.
sub.mycompany.com.     MX   10   mail.messaging.microsoft.com.

This suggests that mails for your sub-domain are to be processed by microsoft and that anybody using that cryptic name should end up at another microsoft site. So far so good, if that's what you are up to.
However, the error you report (connection attempt failed) indicates rather a connectivity (firewall?) problem than a DNS problem.
0
 

Author Comment

by:tancat
ID: 34890374
Yes, that is exactly the setup.  Would a firewall setup cause intermittent connectivity issues?  I will suggest this to the client IT (who is also new at this DNS/networking stuff).  Would you care to expand on those possibilities?  

The purpose of this setup is so that our employees do not have to use two email systems and try to remember which system to email the client's customers from.  We set the sub domain address (such as first.last@sub.company.com) as their primary SMTP on our system, and then our employees just have to use one email management system and it always says its FROM the sub domain.  We were using POP3/IMAP but that setup is not always "authorized" in the system (as it was explained to me) so blacklisting could be a problem - we even blacklisted ourselves a couple of times.  
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 34890510
Do you have an Address record for the MX server (mail.subdomain.com)?
0
 

Author Comment

by:tancat
ID: 34891579
Is the Address record the same as the A record?  They did set up an A record pointing to one of our static IP's (one of our servers that hosts a website, currently the IP points to the Apache/CPanel page on that server).  
0
 

Accepted Solution

by:
tancat earned 0 total points
ID: 34908243
My client figured out that his predecessor had created a new Zone instead of a new sub domain.  Once he fixed this, everything now works as expected.  
0
 

Author Closing Comment

by:tancat
ID: 34941327
The problem was solved by me emailing everything that I knew about the problem to the client, including the suggestion that it could be a connectivity issue.  I don't know if creating a new Zone instead of a sub domain is a connectivity issue, but I very much appreciated that thehagman was able to understand exactly what I was asking.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question