Solved

MX Records Problem?

Posted on 2012-03-29
34
433 Views
Last Modified: 2012-04-03
I was told this:

"To avoid further email issues, etc., we need to discuss how they are currently being routed through quite a few different servers. This needs to be simplified".

the person is referring to the Exchange's MX Records. What does that really mean? I looked at the MX records and I don't see any problem. Sending/Receiving email works just fine.  I'm thinking he's trying to sell us hosted MX record services (like barracuda's).

how do I test my MX records for problems? I'm curious as to what this person is referring to.  I'm new to the company so don't have much information.  I'm just wondering if there is a tool out there that will show me the problems that this person is referring to.
0
Comment
Question by:fstinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 9
  • 4
  • +3
34 Comments
 
LVL 19

Expert Comment

by:suriyaehnop
ID: 37785516
You can do nslookup and telnet and verify that the MX is resolve to the correct host records. I'm with you, the person tryong to sell the MX. If everthing is working just ignore it.

You also verify your MX records at www.centralops.net and http://www.mxtoolbox.com/
0
 

Author Comment

by:fstinc
ID: 37785528
I can perform a nslookup and returns the name servers, but how do i look up the host records?
0
 
LVL 40

Accepted Solution

by:
footech earned 167 total points
ID: 37785563
If you want to use nslookup....
nslookup
server 8.8.8.8      <------this is to query Google's public DNS.  If your internal domain name is different from your external, then you don't need this.
set type=all
yourdomain.com

If you need to query specific records, change set type= to whatever (mx, a, ptr, etc.), and then enter the FQDN or IP that you want to query.

However, as suriyaehnop mentioned, MXtoolbox can tell you all this.

In your original question, you mentioned "To avoid further email issues..."  What were these issues?  Are you using a smarthost to send, to receive, both, or none?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 21

Expert Comment

by:Papertrip
ID: 37785571
Who said that and in what context?  Sounds like marketing.

Put your domain name into http://mxtoolbox.com which provides several different types of tests.  The default test will resolve your MX records, then you can click on further testing links from there such as blacklists and open relay checks.
0
 
LVL 17

Assisted Solution

by:WORKS2011
WORKS2011 earned 166 total points
ID: 37785574
another great tool is intodns, it gives you everything all at once.
0
 

Author Comment

by:fstinc
ID: 37785665
please see results attached. any helpful information and direction on how to fix this would be greatly appreciated. is there a change i need to make on exchange?

i tried pinging the meganameservers.com NS servers but they're not responding.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785668
there's no attachment
0
 

Author Comment

by:fstinc
ID: 37785670
0
 

Author Comment

by:fstinc
ID: 37785671
sorry.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785681
FYI your MX record is fine, you're talking about fixing the "Missing nameservers reported by parent" errors, correct?

May happen if there is a mismatch or old IP between the DNS at the registrar and the ones in your DNS.

run dcdiag /test:dns on the server and post the results.
0
 

Author Comment

by:fstinc
ID: 37785687
on the DC? i can't run that command from the EXCH server.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785690
yes on the DC, what server OS are you running for your DC
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785694
do you have access to the DNS portal where your domain is registered you should check DNS entries here as well.
0
 

Author Comment

by:fstinc
ID: 37785695
here are the results.


C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ServerExchDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ServerExchDC
      Starting test: Connectivity
         ......................... ServerExchDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ServerExchDC

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ServerExchDC passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : ServerExch

   Running enterprise tests on : ServerExch.in
      Starting test: DNS
         ......................... ServerExch.in passed test DNS

C:\Users\Administrator>
0
 

Author Comment

by:fstinc
ID: 37785702
dns info attached.
dns-mgr.pdf
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785713
run this test:  dcdiag /test:dns /f:dnslogfile.txt do a search for logfile.txt and post it, I don't believe you got all the dcdiag test results posted.
0
 

Author Comment

by:fstinc
ID: 37785723
identical results in txt file (not attached)
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785726
you ran this on your exchange server, correct? What about your DC, don't you have DNS installed on that?
0
 

Author Comment

by:fstinc
ID: 37785728
i ran this on the DC. this command will not run on the EXCH
0
 

Author Comment

by:fstinc
ID: 37785733
Performing initial setup:

   Trying to find home server...

   ***Error: serverExc is not a Directory Server.  Must specify

   /s:<Directory Server> or  /n:<Naming Context> or nothing to use the local

   machine.
   ERROR: Could not find home server.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785734
I didn't think so but usually there's allot more info, sorry had to ask. Give me a second to look something up.

wouldn't hurt to do a ipconfig /flushdns on the server and run the test again.

Do the ip addresses in the portal look correct to you?
0
 

Author Comment

by:fstinc
ID: 37785737
yes. I don't know where it's getting ns1.meganameservers.com from though.

the name servers at ns1.covad.net and nds2.covad.net for the website. the website is hosted at a third party via A record. just FYI.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37785748
did you ever have pop mail, possibly before your exchange mail? Or maybe you popped mail into exchange? Does anything like this sound familiar?
0
 

Author Comment

by:fstinc
ID: 37785750
no
0
 
LVL 40

Expert Comment

by:footech
ID: 37788188
The DCDIAG results are normal.  If you included the /v switch there would be a lot more info, but all the tests passed, so I don't think there's much point to it.  The results you're seeing from the test at intodns.com are not related to your internal DNS.

It appears from the report that your nameservers have nameservers and they don't know about each other.  Frankly I don't know what that means, but it would be something that your hosting company has to work out, there's nothing you can do about it.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37788228
It looks like the NS records in your zone file at covad are incorrect, do you control those records?.  If you could provide the domain name in question I can do thorough testing and explain what needs to be done.
0
 

Author Comment

by:fstinc
ID: 37788276
how do i email it to you in private?
0
 

Author Comment

by:fstinc
ID: 37788285
yes, i have access to the DNS zone.  I can change the covad servers.  the domain is registered at godaddy, but the website has a hosting service at megapath (covad), but the website is pointing to another provider for hosting via A name record.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37788297
Checking your domain now...
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 167 total points
ID: 37788431
Alright so first off in regards to your NS problem, both the covad and megapath nameservers resolve queries for your domain just fine and have the same serial so I'm assuming it's the same zone file.  The problem is that your glue records at the registrar are pointing to covad, but your NS records point to megapath.  An easy solution would be to change the glue records to point to the megapath servers, below are your NS records.  This assumes that when you edit your zone files that you are doing so on the megapath/meganameservers.com nameservers.

;; AUTHORITY SECTION:
yourdomain.com.	86400	IN	NS	ns1.meganameservers.com.
yourdomain.com.	86400	IN	NS	ns2.meganameservers.com.
yourdomain.com.	86400	IN	NS	ns3.meganameservers.com.

Open in new window



In regards to the original "simplified" mail routing question, I don't know what that person is talking about, sounds like he's trying to sell you something.  I did notice however that when telnet'ing to your mail server that the SMTP Banner / HELO is not a resolvable domain.  To clarify it is resolvable since it ends in .in but the domain as a whole does not exist, guessing that is your .in(ternal) name?  Anyways if that is what your sending server is announcing itself as to the Internet then that will definitely cause deliverability problems.  It needs to be internet-resolvable with matching A and PTR records.
0
 

Author Comment

by:fstinc
ID: 37788651
yes, that is the internal name. email is being delivered fine so that's probably not the issue right?
0
 

Author Comment

by:fstinc
ID: 37788661
i put all call to covad to edit the zone file. I only see ns1/ns2.covad.net when I login, so I may not have access to edit meganameservers.com NS servers.
0
 
LVL 40

Expert Comment

by:footech
ID: 37788884
Some mail servers will block you when your SMTP Banner isn't a valid FQDN and/or doesn't match with the FQDN that the PTR record for the IP you're sending from resolves to.  For example, if the IP you're sending from is 100.200.300.400, and the PTR record for that IP resolves to mail-out.example.com, then your SMTP Banner should be mail-out.example.com.  And the A record for mail-out.example.com should resolve to 100.200.300.400.  If you're sending and receiving from different addresses, this doesn't have to match up with your MX record (your MX record could be for mail-in.example.com).
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37794875
we need to discuss how they are currently being routed through quite a few different servers

I don't think that the records state is being questioned...they're talking about quite a few different servers.
In outlook, locate an email that was sent from outside your domain.
Right-click the message and select "Message Options"
Check the number of servers that your message was sent to before it was delivered to the mailbox.

How simplified do they want it without affecting your ability to protect you environment?
If you have 3x servers between you and the senders SMTP server then I'd be happy.

Server1: @ISP doing spam and virus checks and mail distribution, e.g. holding large mails for after hours
Server2: In your DMZ offering your mailbox servers protection from spam/flooding. That way you can block incoming/outgoing mail in the event of spam attack/virus while not affecting your ability to route email internally. Will be used as a smart host for your internal SMTP(Server3)
Server3: your Exchange server which handles internal routing/mail bridghead.

Anything simplier reduces your ability to be agile when things go wrong.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question