Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Changing MX record and DNS cache

Posted on 2016-10-02
12
Medium Priority
?
294 Views
Last Modified: 2016-10-05
Recently I have to configure new Spam filter on my Exchange server 2003.
The mx record looked like this before change;

xxx.com MX mail.xxx.com
mail.xxx.com A 222.222.222.222(my exchange server)

Now pointed mail.xxx.com to 333.333.333.333(spam filter)

333.333.333.333 will forward the filtered emails to my exchange server 222.222.222.222

From now, I will say 222.222.222.222 as 2 and 333.333.333.333 as 3.

After the change, about half of emails are sent directly to 2, not to 3, and most of them are spams.
I guess this is caused by the spam sender's DNS cache still has our MX and A records.
I thought if I change A record of mail.xxx.com from 2 to 3, the emails will be all redirected to 3, but as I inspected headers of spams, they are still sending emails directly to 2. How can I fix this problem? Should I change the MX record as well, like 'xxx.com MX mail2.xxx.com'? Is there anyway to propagate DNS record change immediately? TTL on both MX and A records are 3600 sec in Dyn.com. They said DNS cache will be cleared at most 24 hours, but it doesn't look like. I changed last Friday, still I'm getting lots of spams directly to my exchange server.
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 27

Expert Comment

by:MAS
ID: 41825554
Hi,
First of all you are running an unsupported Exchange server. Please consider upgrading to a supported version version.
I guess you configured new spam filer on both IPs.
Antispam is supposed to work like below.
Antispam flow
Your email is supposed to receive in the spamfiler and spamfilter will forward the genuine emails to mailbox server/Transport server.

Please check the below images for your understanding of mail flow and Exchange IOPS in different version of Exchange servers.
Mail flow
Mail flow
Exchange IOPs
Exchange IOPs
MAS
1
 
LVL 29

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 300 total points
ID: 41825556
Both the A record and the MX record for your mail receiver should be pointing to the same IP address.  This allows ill-written software that does an A lookup instead of an MX lookup to still get mail through.

It can take up to 2 days in bad cases for a record change to propagate all the way up to the root level.  After that it will start to propagate down to individual network DNS caches.
1
 
LVL 27

Expert Comment

by:MAS
ID: 41825566
As commented above it will take sometime to get updated over the web.
That could be one reason for the spam received directly.
1
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 1

Author Comment

by:crcsupport
ID: 41825578
Dr. Klahn,
what do you mean this part? "Both the A record and the MX record for your mail receiver should be pointing to the same IP address. "

MX record is pointing to A record (mail.xxx.com) and A record is pointing to IP address.
Do you mean I have to get rid of A record and make the MX to point to IP address like below?

xxx.com MX 333.333.333.333

I thought a proper way to configure is MX to A, then A to IP address.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 41825580
Also, TTL is configured at very low. And I guess the problem is not DNS update from my ANS to root, but root to spam senders. I thought spam senders keep their only DNS cache TTL ignoring my configured TTL.
0
 
LVL 27

Assisted Solution

by:MAS
MAS earned 300 total points
ID: 41825583
@crcsupport,
You are correct.
MX should point to A record and A record should point to IP.
FYI you cannot point MX record to IP. It can only point to A record.
1
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 600 total points
ID: 41825766
now you have to set a transport/firewall rule to only accept external mail from your antispam vendors ip address and reject from other internet addresses.
1
 
LVL 37

Accepted Solution

by:
bbao earned 800 total points
ID: 41825777
> TTL is configured at very low. And I guess the problem is not DNS update from my ANS to root, but root to spam senders.

you have done everything correctly from your side

 the reason of keeping receiving spam at the old email server (actually still the current email server with a new MX record) is simply because the spammer side haven't changed the IP per your new MX record.

what's the point for them to change if they could keep successfully sending spam to an IP? the spammers don't care domain names and MX records, actually using IP directly is a good practice for them to avoid to be fooled by the what you are doing. be aware an IP is location associated and not easy to be changed while a domain name can be easily pointed to anywhere, especially for an IP that the spammers have used for years. if you are the spammer, wha t do you do?
1
 
LVL 37

Expert Comment

by:bbao
ID: 41825786
therefore keep observing for a while. if there is no significant changes, consider getting a new IP for your mail server, OR simply swap the IPs of your mail server and antispam gateway if possible.
1
 
LVL 1

Author Comment

by:crcsupport
ID: 41826971
Now I'm attracted to David's suggestion and convinced more reading Bing's.
It's been about 70 hours, we are still getting spams, guess Bing is right, spammers use IP address, not MX records, don't know why and how they operate, but it sound very possible.

Maybe I have to change IP between my server and the antispam cloud which won't affect my DNS records or block all but antispam cloud server.



I'll let you know guys
0
 
LVL 1

Author Comment

by:crcsupport
ID: 41830338
I blocked all but only SMTP 25 for cloud Antispam to us and all spams are gone.

I also found Barracuda works very well, almost all spams getting caught. I used to use GFI Mail Essential, too much headache, their spam filtering is way off standard.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 41830344
By the way, until I make changes to firewall to block all ports, spams have been coming even after 4 days,96 hours. Half spams were sent to new MX record, half spams were still sent to old MX record.
So, I guess many spam senders are just ignoring DNS record change of recipients, maybe to reduce the load on their spam sending server or something else.

Anyway, it's good to know.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question