Here is a curve ball (at least for me it is). We stopped receiving outside emails yesterday night but did not know about it until this morning. Nor could we access our webmail account or our plesk sites to put forwards or auto replies ect. We use a hosting service for our emails which uses linux and qmail on a VPS. I narrowed the problem down to be a DNS issue since nslookup did not return any records. I called their support department who said the same thing. We have had them for at least 7 years and they were (according to what I understood for 7 years) our DNS provider for that domain/email. They claim that the DNS was hosted by someone I had never heard of and asked me to go to the registrar to point have them point to our DNS service. Well, the registrar did not host our DNS, some weird company did according to them. That company was owned by the same people that are hosting our email. When I called them back they said that our account was suspended with the DNS provider and they did not know why. They claim their company sold off zones years ago and that even though the IP addresses were registered to them and showed up in ARIN to be theirs that a customer of their was using them and selling DNS service to us. I reminded them that we never had DNS service thru an outside entity for that server and that maybe they contracted the other company on our behalf or to provide the service as part of our package. The company they gave me no longer exists and the site listed in ARIN forwards to another site. They got tier to involved who with hundreds of records showed that it was a DNS issue which I already knew. The company that it redirects to has a website and under contact us their data center is listed with the exact same address as the email hosting provider! Anyway I contacted them and based on the info I provided in my email they found that the IP address I gave them did not match what they had and they had to rebuild our zone file with that IP address. No one has been able to explain how we got our DNS to be hosted by an outside company (allegedly), how our account had been suspended (allegedly) and most importantly how a DNS record point us to another hotel replaced our DNS records!!! I think I would have better luck asking a random person in the street for help than contacting their support. I know the guy who had been helping was lying about a few things so I did not feel like asking him anything further. But is there anyway to see which company changed our DNS records causing email issues? Since they said to contact the registrar and they did not provide us with DNS and when I called they offered it to me I went for it. ARIN shows our records as being updated today but had not seen any changes before that.Is there any way to call them out on who made changes? Could we have been compromised but why would the only thing they do is change where our DNS points to? I have not logged into the server because I don't want the logs to show my entry but only two IP addresses normally appear there, ours and the hosting provider. Again, I did not want to ask the same "illustrious" person that had me running around calling 3 different companies when it was a change in DNS setting from a provider I had never heard of who's address is the same as the hosting service. Needless to say, I will be moving everything over with the registrar.
Ahhh any insight or any commands I can throw in Linux to look into this would be helpful as I only know the very basics in Linux.