[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

DNS - Mx Record Issues

Posted on 2014-12-04
7
Medium Priority
?
253 Views
Last Modified: 2014-12-09
Can't send an email to one of my customers, it stays in the outbound queue trying to connect.
After 2 days it would time-out with 4.4.7 Error.
The customer recently changed their mail system to use mycustomer-com.mail.protection.outlook.com.
However, they still have the old Mx record published as well mail.mycustomer.com which doesn't even work.

Here is my main concern: When using the NsLookup (set q=mx) from my in-house DNS server (which is connected outside with my ISP dns servers) I can only see their old Mx record. When testing with a different dns public server (Google 8.8.8.8) I actually see both Mx records.

I checked my firewall (router) and DNS queries on port 53 are not getting blocked.
Other hosts seem to be resolving fine.
I also removed the old pointer in my dns cache for this specific domain, but it still comes up with old Mx record/IP address only.

I am not sure what to test and do at this point; I did ask them to remove their old MX record, not sure if that will resolve my issue. They also told me that I am not blacklisted on their new server (not blacklisted in general).

Thanks for your help, much appreciated.
0
Comment
Question by:cP6uH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 750 total points
ID: 40481262
If you do a query against your ISPs DNS servers directly, do they still return the old results? If so then the problem is not yours. Use the Google DNS records instead or Root Hints.

Simon.
0
 

Author Comment

by:cP6uH
ID: 40481300
I directly tested both ISPs DNS servers they resolve fine; However, for this specific domain I still get the old results.
I never used or added any other external/public DNS servers to my DNS/Firewall. Not sure what that would do to my environment. I just used Google public DNS as a test from my computer using NsLookup.
0
 
LVL 4

Assisted Solution

by:Jerry Mills
Jerry Mills earned 750 total points
ID: 40481323
Sounds like possible stale DNS cache or DNS serving not updating.  Make sure you only have 1 dns specified on your nic while testing.

Simple test of a known Microsoft outlook customer via netgear router.

C:\Users\jerry_000>nslookup
Default Server:  UnKnown
Address:  192.168.110.1

> set q=mx
> icsxxxx.com
Server:  UnKnown
Address:  192.168.110.1

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgrxxxx-com.mail.protection.outlook.com
>
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:cP6uH
ID: 40481650
DNS server seems to be updating fine, recently tested with different hosts. Got the same results for icsgroup.com.
In DNS cache I deleted the stale record but it comes back with the same old info for that domain.

Is it recommended to use a public DNS (Google) server on your network?
I have two ISPs DNS servers currently listed. How do they exactly work? The first one is always being used and the second one is just a backup? So if I added a third one, it would be just a backup as well?

Thanks.
0
 
LVL 4

Expert Comment

by:Jerry Mills
ID: 40481692
I recommend using local DNS server as it records devices on your network besides directing inquiries to the public.  Particularly if you have shared folders.

1.  I have seen the ISP DNS servers drop out of use and ISP doesn't let you know.  So confirm with ISP correct DNS servers they want you to use.
2.  Using Google is okay.
3.  First time you go after icsgroup.com ( which I meant to obscure by the way - whoops!) it will not be in cache anywhere if you have never gone there before - therefore DNS server will fetch it.
4.  Make sure you don't have an HOSTS file configured for your customer (due diligence)
5.  Try just using google 8.8.8. as your only DNS server on the NIC then be sure and clean cache ( ipconfig /flushdns ) then try your customer using nslookup again.
6.  Do you use Wireshark?  Wireshark will show you where you are getting your mx record from and what is delivered.  Remember to keep flushing dns cache.
0
 
LVL 4

Expert Comment

by:Jerry Mills
ID: 40481783
Wireshark example:

C:\Users\jerry_000>nslookup
Default Server:  UnKnown
Address:  192.168.110.1

> set q=mx
> icsgroup.com
Server:  UnKnown
Address:  192.168.110.1

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgroup-com.mail.protection
.outlook.com
> exit

C:\Users\jerry_000>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\jerry_000>set 8.8.8.8
Environment variable 8.8.8.8 not defined

C:\Users\jerry_000>nslookup
Default Server:  UnKnown
Address:  192.168.110.1

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> set q=mx
> icsgroup.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgroup-com.mail.protection
.outlook.com
>
> server 192.168.110.1
Default Server:  [192.168.110.1]
Address:  192.168.110.1

> set q=mx
> icsgroup.com
Server:  [192.168.110.1]
Address:  192.168.110.1

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgroup-com.mail.protection
.outlook.com
DNS1.jpg
DNS2.jpg
0
 

Author Comment

by:cP6uH
ID: 40488765
Contacted my ISP (Rogers) and found out that my DNS servers were really old.
Set their new server as primary and Google public DNS (8.8.8.8) as secondary.

Everything seems to be working fine now, the email left the exchange outbound queue.
Thank you guys for your help.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question