We help IT Professionals succeed at work.

DNS issues and email problems

Jim Wobig
Jim Wobig asked
on
107 Views
Last Modified: 2015-09-28
I just started working for a company that the old admin had placed their own external DNS server on the internet and it has died.  He didn't document the server or the setting so I cant recreate.  I decided the easiest way to get their web, email, and VPN solution back up was to register with Network Solutions.  All is working properly but email which I can send/receive to most companies we work with but there are several domain that I cant send to.  It doesn't give me a non-delivery error but Exchange will say after several day that it given up on trying to deliver the message. If I do a DNS report it says the following:

"One or more addresses referenced by MX records do not have a matching reverse DNS entry" and this is what I have registered:
206.188.198.41 has mx.mycompany.com. | 70.xx.xx.10 listed.
205.178.190.41 has mx.mycompany.com. | 70.xx.xx.10 listed.

We had our ISP do a reverse lookup entry which took them four weeks but I still can send email to some domains.  Here is the revers DNS lookup;

Server: 4.2.2.1
Address: 4.2.2.1#53

Non-authoritative answer:
10.xx.xx.70.in-addr.arpa canonical name = mx.mycompany.com.

Authoritative answers can be found from:
mycompany.com
      origin = NS81.WORLDNIC.com
      mail addr = namehost.WORLDNIC.com
      serial = 114041815
      refresh = 10800
      retry = 3600
      expire = 604800
      minimum = 3600

I really need to get this fixed and appreciate any input to get this resolved.
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
I know EE says don't publish the IPs but this is on the public internet and there is no security issue with identifying both the domain name and MX records.

That would help a lot.
Jim WobigSr. Network/Systems Anaylist

Author

Commented:
mx.domain.com
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
There is absolutely no need to publish IP's or domain names - it just makes you a bigger target, so please don't publish them.

If you are having problems sending emails to certain domains, you can use telnet to manually test mail-flow from your server to their server and see if you get any obvious errors.

http://support.microsoft.com/kb/153119

Alan
(EE Zone Advisor)
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
This is a DNS problem related to matching forward and inverse records.

Security by obscurity is not security.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Having seen the domain and having checked that myself, I can confirm that that isn't the problem.

Alan
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
This is a DNS error:

"One or more addresses referenced by MX records do not have a matching reverse DNS entry"
Jim WobigSr. Network/Systems Anaylist

Author

Commented:
It is a problem because we cant send email to certain domain.  Jesper, how would I fix this problem?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
I take that back - I ran a lookup on the domain posted and then a reverse lookup on my Mac and got the same result, but running the same check on www.blacklistalert.org shows a problem with no Reverse DNS.

So you need to call your ISP and ask them to add Reverse DNS to your fixed IP address as mx.yourdomain.com and that should help.

If that doesn't completely resolve the issue, please have a read of my article:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html

Alan
Jim WobigSr. Network/Systems Anaylist

Author

Commented:
I have called them and it took me 4 weeks to have them make add the reverse entry.  Up until today if I did a reverse lookup I would get nothing but now I get this;


Server: 4.2.2.1
Address: 4.2.2.1#53

Non-authoritative answer:
Name: mx.mycompany.com
Address: 70.xx.xx.10

And thank you Alan for the advice, I was hesitant to publish but am desperate to get answers.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Just visit www.blacklistalert.org and put in your IP Address - it will be obvious that there still isn't Reverse DNS set properly or there is a DNS problem because they don't see Reverse DNS, yet I do see it on my Mac!

Alan
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
You can also run a command prompt nslookup on your IP Address and you should get mx.yourdomain.com returned as the result.

e.g., nslookup 70.xx.xx.10
CERTIFIED EXPERT
Most Valuable Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
No-one has said it violates any security - it is just preferred by EE not to disclose such details and it isn't necessary to know such details to be able to resolve a problem like this.  If the problem is Reverse DNS, then we can advise the person asking the question to go to somewhere like www.blacklistalert.org where they can put their own IP Address into the website and find out for themselves if it is set or not.  Then if it isn't and they don't know how to set it, they can ask for advise and we can offer it.

I'm totally for you getting the points for this question because you pointed out about Reverse DNS 1st, and can make sure that happens if it doesn't, assuming that lack of Reverse DNS resolves the problem, despite it supposedly having been added by the ISP, which it doesn't appear they have done properly.

Alan
Jim WobigSr. Network/Systems Anaylist

Author

Commented:
Per Alan's response I tried to telnet to the mail server (mx.mycompany.com).  I get e response but it is from our Symantec Messaging Gateway server and not the mail server.  I also ran Dig and got the following results;


C:\>dig mycomany.com

; <<>> DiG 9.9.5-W1 <<>> mycompany.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycompany.com.                        IN      A

;; ANSWER SECTION:
mycompany.com.         11936   IN      A       70.xxx.xxx.13

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 12 10:17:46 Pacific Daylight Time 2014
;; MSG SIZE  rcvd: 48


C:\>dig mycompany.com MX

; <<>> DiG 9.9.5-W1 <<>> mycompany.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycompany.com.                        IN      MX

;; ANSWER SECTION:
mycompany.com.         13142   IN      MX      10 mx.mycompany.com.

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 12 10:18:16 Pacific Daylight Time 2014
;; MSG SIZE  rcvd: 51
c:\

I'm not sure if this matters or not but could the problem be that some external email servers get a response from the Symantec gateway and not the email server?

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.