Solved

DNS - Mx Record Issues

Posted on 2014-12-04
7
198 Views
Last Modified: 2014-12-09
Can't send an email to one of my customers, it stays in the outbound queue trying to connect.
After 2 days it would time-out with 4.4.7 Error.
The customer recently changed their mail system to use mycustomer-com.mail.protection.outlook.com.
However, they still have the old Mx record published as well mail.mycustomer.com which doesn't even work.

Here is my main concern: When using the NsLookup (set q=mx) from my in-house DNS server (which is connected outside with my ISP dns servers) I can only see their old Mx record. When testing with a different dns public server (Google 8.8.8.8) I actually see both Mx records.

I checked my firewall (router) and DNS queries on port 53 are not getting blocked.
Other hosts seem to be resolving fine.
I also removed the old pointer in my dns cache for this specific domain, but it still comes up with old Mx record/IP address only.

I am not sure what to test and do at this point; I did ask them to remove their old MX record, not sure if that will resolve my issue. They also told me that I am not blacklisted on their new server (not blacklisted in general).

Thanks for your help, much appreciated.
0
Comment
Question by:cP6uH
  • 3
  • 3
7 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 40481262
If you do a query against your ISPs DNS servers directly, do they still return the old results? If so then the problem is not yours. Use the Google DNS records instead or Root Hints.

Simon.
0
 

Author Comment

by:cP6uH
ID: 40481300
I directly tested both ISPs DNS servers they resolve fine; However, for this specific domain I still get the old results.
I never used or added any other external/public DNS servers to my DNS/Firewall. Not sure what that would do to my environment. I just used Google public DNS as a test from my computer using NsLookup.
0
 
LVL 4

Assisted Solution

by:Jerry Mills
Jerry Mills earned 250 total points
ID: 40481323
Sounds like possible stale DNS cache or DNS serving not updating.  Make sure you only have 1 dns specified on your nic while testing.

Simple test of a known Microsoft outlook customer via netgear router.

C:\Users\jerry_000>nslookup
Default Server:  UnKnown
Address:  192.168.110.1

> set q=mx
> icsxxxx.com
Server:  UnKnown
Address:  192.168.110.1

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgrxxxx-com.mail.protection.outlook.com
>
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:cP6uH
ID: 40481650
DNS server seems to be updating fine, recently tested with different hosts. Got the same results for icsgroup.com.
In DNS cache I deleted the stale record but it comes back with the same old info for that domain.

Is it recommended to use a public DNS (Google) server on your network?
I have two ISPs DNS servers currently listed. How do they exactly work? The first one is always being used and the second one is just a backup? So if I added a third one, it would be just a backup as well?

Thanks.
0
 
LVL 4

Expert Comment

by:Jerry Mills
ID: 40481692
I recommend using local DNS server as it records devices on your network besides directing inquiries to the public.  Particularly if you have shared folders.

1.  I have seen the ISP DNS servers drop out of use and ISP doesn't let you know.  So confirm with ISP correct DNS servers they want you to use.
2.  Using Google is okay.
3.  First time you go after icsgroup.com ( which I meant to obscure by the way - whoops!) it will not be in cache anywhere if you have never gone there before - therefore DNS server will fetch it.
4.  Make sure you don't have an HOSTS file configured for your customer (due diligence)
5.  Try just using google 8.8.8. as your only DNS server on the NIC then be sure and clean cache ( ipconfig /flushdns ) then try your customer using nslookup again.
6.  Do you use Wireshark?  Wireshark will show you where you are getting your mx record from and what is delivered.  Remember to keep flushing dns cache.
0
 
LVL 4

Expert Comment

by:Jerry Mills
ID: 40481783
Wireshark example:

C:\Users\jerry_000>nslookup
Default Server:  UnKnown
Address:  192.168.110.1

> set q=mx
> icsgroup.com
Server:  UnKnown
Address:  192.168.110.1

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgroup-com.mail.protection
.outlook.com
> exit

C:\Users\jerry_000>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\jerry_000>set 8.8.8.8
Environment variable 8.8.8.8 not defined

C:\Users\jerry_000>nslookup
Default Server:  UnKnown
Address:  192.168.110.1

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> set q=mx
> icsgroup.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgroup-com.mail.protection
.outlook.com
>
> server 192.168.110.1
Default Server:  [192.168.110.1]
Address:  192.168.110.1

> set q=mx
> icsgroup.com
Server:  [192.168.110.1]
Address:  192.168.110.1

Non-authoritative answer:
icsgroup.com    MX preference = 0, mail exchanger = icsgroup-com.mail.protection
.outlook.com
DNS1.jpg
DNS2.jpg
0
 

Author Comment

by:cP6uH
ID: 40488765
Contacted my ISP (Rogers) and found out that my DNS servers were really old.
Set their new server as primary and Google public DNS (8.8.8.8) as secondary.

Everything seems to be working fine now, the email left the exchange outbound queue.
Thank you guys for your help.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now