Simon
asked on
DNS - Mx Record Issues
Can't send an email to one of my customers, it stays in the outbound queue trying to connect.
After 2 days it would time-out with 4.4.7 Error.
The customer recently changed their mail system to use mycustomer-com.mail.protec tion.outlo ok.com.
However, they still have the old Mx record published as well mail.mycustomer.com which doesn't even work.
Here is my main concern: When using the NsLookup (set q=mx) from my in-house DNS server (which is connected outside with my ISP dns servers) I can only see their old Mx record. When testing with a different dns public server (Google 8.8.8.8) I actually see both Mx records.
I checked my firewall (router) and DNS queries on port 53 are not getting blocked.
Other hosts seem to be resolving fine.
I also removed the old pointer in my dns cache for this specific domain, but it still comes up with old Mx record/IP address only.
I am not sure what to test and do at this point; I did ask them to remove their old MX record, not sure if that will resolve my issue. They also told me that I am not blacklisted on their new server (not blacklisted in general).
Thanks for your help, much appreciated.
After 2 days it would time-out with 4.4.7 Error.
The customer recently changed their mail system to use mycustomer-com.mail.protec
However, they still have the old Mx record published as well mail.mycustomer.com which doesn't even work.
Here is my main concern: When using the NsLookup (set q=mx) from my in-house DNS server (which is connected outside with my ISP dns servers) I can only see their old Mx record. When testing with a different dns public server (Google 8.8.8.8) I actually see both Mx records.
I checked my firewall (router) and DNS queries on port 53 are not getting blocked.
Other hosts seem to be resolving fine.
I also removed the old pointer in my dns cache for this specific domain, but it still comes up with old Mx record/IP address only.
I am not sure what to test and do at this point; I did ask them to remove their old MX record, not sure if that will resolve my issue. They also told me that I am not blacklisted on their new server (not blacklisted in general).
Thanks for your help, much appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DNS server seems to be updating fine, recently tested with different hosts. Got the same results for icsgroup.com.
In DNS cache I deleted the stale record but it comes back with the same old info for that domain.
Is it recommended to use a public DNS (Google) server on your network?
I have two ISPs DNS servers currently listed. How do they exactly work? The first one is always being used and the second one is just a backup? So if I added a third one, it would be just a backup as well?
Thanks.
In DNS cache I deleted the stale record but it comes back with the same old info for that domain.
Is it recommended to use a public DNS (Google) server on your network?
I have two ISPs DNS servers currently listed. How do they exactly work? The first one is always being used and the second one is just a backup? So if I added a third one, it would be just a backup as well?
Thanks.
I recommend using local DNS server as it records devices on your network besides directing inquiries to the public. Particularly if you have shared folders.
1. I have seen the ISP DNS servers drop out of use and ISP doesn't let you know. So confirm with ISP correct DNS servers they want you to use.
2. Using Google is okay.
3. First time you go after icsgroup.com ( which I meant to obscure by the way - whoops!) it will not be in cache anywhere if you have never gone there before - therefore DNS server will fetch it.
4. Make sure you don't have an HOSTS file configured for your customer (due diligence)
5. Try just using google 8.8.8. as your only DNS server on the NIC then be sure and clean cache ( ipconfig /flushdns ) then try your customer using nslookup again.
6. Do you use Wireshark? Wireshark will show you where you are getting your mx record from and what is delivered. Remember to keep flushing dns cache.
1. I have seen the ISP DNS servers drop out of use and ISP doesn't let you know. So confirm with ISP correct DNS servers they want you to use.
2. Using Google is okay.
3. First time you go after icsgroup.com ( which I meant to obscure by the way - whoops!) it will not be in cache anywhere if you have never gone there before - therefore DNS server will fetch it.
4. Make sure you don't have an HOSTS file configured for your customer (due diligence)
5. Try just using google 8.8.8. as your only DNS server on the NIC then be sure and clean cache ( ipconfig /flushdns ) then try your customer using nslookup again.
6. Do you use Wireshark? Wireshark will show you where you are getting your mx record from and what is delivered. Remember to keep flushing dns cache.
Wireshark example:
C:\Users\jerry_000>nslooku p
Default Server: UnKnown
Address: 192.168.110.1
> set q=mx
> icsgroup.com
Server: UnKnown
Address: 192.168.110.1
Non-authoritative answer:
icsgroup.com MX preference = 0, mail exchanger = icsgroup-com.mail.protecti on
.outlook.com
> exit
C:\Users\jerry_000>ipconfi g /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jerry_000>set 8.8.8.8
Environment variable 8.8.8.8 not defined
C:\Users\jerry_000>nslooku p
Default Server: UnKnown
Address: 192.168.110.1
> server 8.8.8.8
Default Server: google-public-dns-a.google .com
Address: 8.8.8.8
> set q=mx
> icsgroup.com
Server: google-public-dns-a.google .com
Address: 8.8.8.8
Non-authoritative answer:
icsgroup.com MX preference = 0, mail exchanger = icsgroup-com.mail.protecti on
.outlook.com
>
> server 192.168.110.1
Default Server: [192.168.110.1]
Address: 192.168.110.1
> set q=mx
> icsgroup.com
Server: [192.168.110.1]
Address: 192.168.110.1
Non-authoritative answer:
icsgroup.com MX preference = 0, mail exchanger = icsgroup-com.mail.protecti on
.outlook.com
DNS1.jpg
DNS2.jpg
C:\Users\jerry_000>nslooku
Default Server: UnKnown
Address: 192.168.110.1
> set q=mx
> icsgroup.com
Server: UnKnown
Address: 192.168.110.1
Non-authoritative answer:
icsgroup.com MX preference = 0, mail exchanger = icsgroup-com.mail.protecti
.outlook.com
> exit
C:\Users\jerry_000>ipconfi
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jerry_000>set 8.8.8.8
Environment variable 8.8.8.8 not defined
C:\Users\jerry_000>nslooku
Default Server: UnKnown
Address: 192.168.110.1
> server 8.8.8.8
Default Server: google-public-dns-a.google
Address: 8.8.8.8
> set q=mx
> icsgroup.com
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
icsgroup.com MX preference = 0, mail exchanger = icsgroup-com.mail.protecti
.outlook.com
>
> server 192.168.110.1
Default Server: [192.168.110.1]
Address: 192.168.110.1
> set q=mx
> icsgroup.com
Server: [192.168.110.1]
Address: 192.168.110.1
Non-authoritative answer:
icsgroup.com MX preference = 0, mail exchanger = icsgroup-com.mail.protecti
.outlook.com
DNS1.jpg
DNS2.jpg
ASKER
Contacted my ISP (Rogers) and found out that my DNS servers were really old.
Set their new server as primary and Google public DNS (8.8.8.8) as secondary.
Everything seems to be working fine now, the email left the exchange outbound queue.
Thank you guys for your help.
Set their new server as primary and Google public DNS (8.8.8.8) as secondary.
Everything seems to be working fine now, the email left the exchange outbound queue.
Thank you guys for your help.
ASKER
I never used or added any other external/public DNS servers to my DNS/Firewall. Not sure what that would do to my environment. I just used Google public DNS as a test from my computer using NsLookup.