need DNS record help
am 08.05.2007 17:26:51 von dboltz
I'm lost here and really need some help. I'm trying to determine why
some email is not getting through to *some* outside domains. From
everything I'm reading, the problem looks like a DNS records. Even
more so since we recently had changed our email to use two domain
names. My biggest problem is that I'm not understanding exactly how
our reverse lookup should be setup. We use a domino server inside for
email. The outgoing email does not go through our spam filter relay
but all incoming email does. Here is an example:
- We send outgoing email direct and it doesn't go through the relay so
it shows as coming from (domino.server.one.on.ca)
- The email address is formulated with the new domain we acquired let
say (user@server.ca)
- The MX records for both domains (server.on.ca and server.ca) are set
to the same mx1.server.on.ca system.
- Everything works as expected and most email does get received
outside and all email does get received under both email addresses
coming in. ie:user@server.on.ca and user@server.ca
Could someone please give me some pointers on what records I need to
check and for what server along with what the response should be?
Any help will be greatly appreciated.
Regards,
Dave B.
Re: need DNS record help
am 08.05.2007 20:53:37 von Garen Erdoisa
dboltz wrote:
> I'm lost here and really need some help. I'm trying to determine why
> some email is not getting through to *some* outside domains. From
> everything I'm reading, the problem looks like a DNS records. Even
> more so since we recently had changed our email to use two domain
> names. My biggest problem is that I'm not understanding exactly how
> our reverse lookup should be setup. We use a domino server inside for
> email. The outgoing email does not go through our spam filter relay
> but all incoming email does. Here is an example:
> - We send outgoing email direct and it doesn't go through the relay so
> it shows as coming from (domino.server.one.on.ca)
> - The email address is formulated with the new domain we acquired let
> say (user@server.ca)
> - The MX records for both domains (server.on.ca and server.ca) are set
> to the same mx1.server.on.ca system.
> - Everything works as expected and most email does get received
> outside and all email does get received under both email addresses
> coming in. ie:user@server.on.ca and user@server.ca
>
> Could someone please give me some pointers on what records I need to
> check and for what server along with what the response should be?
>
Just a cursory investigation of this shows that you have some DNS lookup
problems with server.on.ca
host -t mx server.on.ca
Host server.on.ca not found: 3(NXDOMAIN)
No mx record found for this server.
host server.on.ca
Host server.on.ca not found: 3(NXDOMAIN)
No DNS record of any type found for this server either.
host on.ca
Host on.ca not found: 3(NXDOMAIN)
whois server.on.ca
[Querying whois.cira.ca]
[whois.cira.ca]
Status: UNAV
Domain: server.on.ca
Code: 01114
Error: Domain name is reserved: names of other level exist. (server.ca)
whois on.ca
[Querying whois.cira.ca]
[whois.cira.ca]
Status: UNAV
Domain: on.ca
Code: 01043
Error: Domain name is restricted.
No DNS records at all for "on.ca" or "server.on.ca"
It's not surprising you are having troubles with that hostname if there
are no nameserver entries for that or the upstream according to the
whois record.
For the other name you mentioned "server.ca"
host -t mx server.ca
server.ca mail is handled by 10 server.ca.
host -t a server.ca.
server.ca has address 204.202.9.64
host 204.202.9.64
64.9.202.204.in-addr.arpa domain name pointer vps004.coolcom.com.
host vps004.coolcom.com.
vps004.coolcom.com has address 204.202.9.64
It appears that the mx for "server.ca" eventaully resolves to
vps004.coolcom.com.
So long as a mail daemon is running on vps004.coolcom.com that is
configured to route mail for server.ca then you should be able to
receive mail via that route.
You may want to add an SPF record for server.ca in your DNS.
Something like:
server.ca TXT "v=spf1 mx ?all"
See www.openspf.org for more information on SPF. Also they have a wizard
on the web page to help with setting up correct SPF records.
--
Garen
Re: need DNS record help
am 09.05.2007 00:53:16 von Sam
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.
--=_mimegpg-commodore.email-scan.com-18266-1178664793-0006
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
dboltz writes:
> I'm lost here and really need some help.
Ok.
> - The email address is formulated with the new domain we acquired let
> say (user@server.ca)
So let me understand you:
You do not have much knowledge or experience regarding technical aspects of
DNS.
You are having DNS configuration issues.
Rather than showing your actual DNS records, actual mail bounces, etc, you
choose to obfuscate them with made-up fantasy domain names.
And you expect someone to be able to help you?
Exactly how do you expect someone to accomplish such an impressive feat?
When your car breaks down and you call the shop, do you tell them the make
or the model of the car, or is just mentioning that it's a "four door sedan
made 5-10 years ago" is sufficient, in your town?
--=_mimegpg-commodore.email-scan.com-18266-1178664793-0006
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBGQP9Zx9p3GYHlUOIRAo3UAJ9bEdSBFJa7Sp2IohCryCsAd5G02QCf XcgC
dMtKP02nBSYAu2h/j3rd+/o=
=+khp
-----END PGP SIGNATURE-----
--=_mimegpg-commodore.email-scan.com-18266-1178664793-0006--
Re: need DNS record help
am 09.05.2007 05:37:59 von Steve Baker
On 8 May 2007 08:26:51 -0700, dboltz wrote:
>My biggest problem is that I'm not understanding exactly how
>our reverse lookup should be setup. We use a domino server inside for
>email. The outgoing email does not go through our spam filter relay
>but all incoming email does. Here is an example:
>- We send outgoing email direct and it doesn't go through the relay so
>it shows as coming from (domino.server.one.on.ca)
MX records shouldn't matter. The IP address of
domino.server.one.on.ca should be the IP address that is trying to
send the email, and that IP address should resolve back to
domino.server.one.on.ca. You should be saying Helo as
domino.server.one.on.ca. Problems could arise if there is no reverse
lookup on the sending IP address, or the reverse lookup looks
"generic". Or, to a lesser degree, if it resolves to something other
than the Helo. The Helo should at least *look* like a real host name,
something like "Helo server1" could cause trouble. Some folks won't
like it if the Helo doesn't resolve to the connecting IP address.
--
Steve Baker
Re: need DNS record help
am 09.05.2007 16:44:01 von dboltz
Well I was looking to get some general information on things I should
check. The reason I didn't post any real domain names is because I
don't want our servers to become a target by posting here.
Thanks Steve for the information. One strange thing that I did notice
is when I use DNSStuff.com to check the reverse lookup I get the
correct return most of the time but sometimes it says that there is
not PTR record found. I'm not sure if this would be the tool messing
up or something else.
Regards,
Dave B.
On May 8, 11:37 pm, Steve Baker wrote:
> On 8 May 2007 08:26:51 -0700, dboltz wrote:
>
> >My biggest problem is that I'm not understanding exactly how
> >our reverse lookup should be setup. We use a domino server inside for
> >email. The outgoing email does not go through our spam filter relay
> >but all incoming email does. Here is an example:
> >- We send outgoing email direct and it doesn't go through the relay so
> >it shows as coming from (domino.server.one.on.ca)
>
> MX records shouldn't matter. The IP address of
> domino.server.one.on.ca should be the IP address that is trying to
> send the email, and that IP address should resolve back to
> domino.server.one.on.ca. You should be saying Helo as
> domino.server.one.on.ca. Problems could arise if there is no reverse
> lookup on the sending IP address, or the reverse lookup looks
> "generic". Or, to a lesser degree, if it resolves to something other
> than the Helo. The Helo should at least *look* like a real host name,
> something like "Helo server1" could cause trouble. Some folks won't
> like it if the Helo doesn't resolve to the connecting IP address.
>
> --
> Steve Baker
Re: need DNS record help
am 09.05.2007 16:56:29 von dboltz
Something else I notice. When I do the DNS traversal for my domain I
see a message at the bottom that reads...
"Status: Records DO NOT all match: Results from hermes.cdcfiber.co (0
Answeres) do not match results from apollo.cdcfiber.com (1 answered)"
Does this mean anything to anyone?
Regards,
Dave B.
On May 9, 10:44 am, dboltz wrote:
> Well I was looking to get some general information on things I should
> check. The reason I didn't post any real domain names is because I
> don't want our servers to become a target by posting here.
>
> Thanks Steve for the information. One strange thing that I did notice
> is when I use DNSStuff.com to check the reverse lookup I get the
> correct return most of the time but sometimes it says that there is
> not PTR record found. I'm not sure if this would be the tool messing
> up or something else.
>
> Regards,
> Dave B.
>
> On May 8, 11:37 pm, Steve Baker wrote:
>
> > On 8 May 2007 08:26:51 -0700, dboltz wrote:
>
> > >My biggest problem is that I'm not understanding exactly how
> > >our reverse lookup should be setup. We use a domino server inside for
> > >email. The outgoing email does not go through our spam filter relay
> > >but all incoming email does. Here is an example:
> > >- We send outgoing email direct and it doesn't go through the relay so
> > >it shows as coming from (domino.server.one.on.ca)
>
> > MX records shouldn't matter. The IP address of
> > domino.server.one.on.ca should be the IP address that is trying to
> > send the email, and that IP address should resolve back to
> > domino.server.one.on.ca. You should be saying Helo as
> > domino.server.one.on.ca. Problems could arise if there is no reverse
> > lookup on the sending IP address, or the reverse lookup looks
> > "generic". Or, to a lesser degree, if it resolves to something other
> > than the Helo. The Helo should at least *look* like a real host name,
> > something like "Helo server1" could cause trouble. Some folks won't
> > like it if the Helo doesn't resolve to the connecting IP address.
>
> > --
> > Steve Baker
Re: need DNS record help
am 09.05.2007 18:43:17 von Steve Baker
On 9 May 2007 07:56:29 -0700, dboltz wrote:
>Something else I notice. When I do the DNS traversal for my domain I
>see a message at the bottom that reads...
>
>"Status: Records DO NOT all match: Results from hermes.cdcfiber.co (0
>Answeres) do not match results from apollo.cdcfiber.com (1 answered)"
>
>Does this mean anything to anyone?
Seeing as how hermes.cdcfiber.com and apollo.cdcfiber.com both seem
to resolve to 216.40.33.31, it could mean that the nameserver there is
spotty. Or it could mean something completely different. Not having a
PTR record is something that would definitely cause email problems,
but without knowing the domain you're talking about there's no way to
figure out exactly why you don't always have a PTR record.
Aha, here we go. Sometimes hermes.cdcfiber.com resolves to
72.1.193.252, and there doesn't seem to be a nameserver there. Your
ISP (HawkNet) has to get this sorted out, it's not something you can
fix on your own.
--
Steve Baker
Re: need DNS record help
am 10.05.2007 07:58:27 von Jem Berkes
> Could someone please give me some pointers on what records I need to
> check and for what server along with what the response should be?
Those domains you listed were examples, right? If you could either post or
email me the real domain name perhaps I can help out.
--
Jem Berkes
www.sysdesign.ca
Re: need DNS record help
am 10.05.2007 15:57:55 von dboltz
On May 10, 1:58 am, Jem Berkes wrote:
> > Could someone please give me some pointers on what records I need to
> > check and for what server along with what the response should be?
>
> Those domains you listed were examples, right? If you could either post or
> email me the real domain name perhaps I can help out.
>
> --
> Jem Berkeswww.sysdesign.ca
Ok Ok here's the information on my domains. The domains we use are
user_at_sym_cornwall.ca and user_at_sym_city.cornwall.on.ca. The
sending mail server is domino.city.cornwall.on.ca. Our receiving
relay is mx1.city.cornwall.on.ca
Does this help at all?
Regards,
Dave B
Re: need DNS record help
am 11.05.2007 09:46:35 von Steve Baker
On 10 May 2007 06:57:55 -0700, dboltz wrote:
>The
>sending mail server is domino.city.cornwall.on.ca.
Domino.city.cornwall.on.ca-->206.130.227.103. The DNS servers
hermes.cdcfibre.com and apollo.cdcfibre.com are designated to provide
PTR records (resolving an IP address to a name) for that IP address.
Hermes.cdcfibre.com isn't working. Tell your ISP about it. The DNS
servers for the domain domino.city.cornwall.on.ca have nothing to do
with providing PTR records for that IP address.
--
Steve Baker
Re: need DNS record help
am 14.05.2007 22:03:54 von Jem Berkes
Steve Baker wrote in
news:f2171901mio@news1.newsguy.com:
>>The
>>sending mail server is domino.city.cornwall.on.ca.
>
> Domino.city.cornwall.on.ca-->206.130.227.103. The DNS servers
> hermes.cdcfibre.com and apollo.cdcfibre.com are designated to provide
> PTR records (resolving an IP address to a name) for that IP address.
> Hermes.cdcfibre.com isn't working. Tell your ISP about it. The DNS
> servers for the domain domino.city.cornwall.on.ca have nothing to do
> with providing PTR records for that IP address.
Yes, what Steve said. You can do a whois lookup on 206.130.227.0 which
indicates the two nameservers responsible for reverse mapping IP addresses
in that subnet. Only one of those nameservers is answering.
When you contact your ISP, indicate that the problem is for the entire
subnet 206.130.227.0/24 as this affects other sites besides your own.
--
Jem Berkes
www.sysdesign.ca