Subdomain MX Records incorrect

[ginaric]

Problem: Mail sent to fa.mscpas.com is not reading the correct mx records. The mail is coming to my server and sitting instead of moving through the mx records.

Facts:
fa.mscpas.com is setup as its own domain name.

I have an A record setup in mscpas.com to point to fa.mscpas.com to its IP.

2 MX records exist in DNS management. This records also exist if i ssh in and look at the zone file.

[root@arc /]# cat /var/named/fa.mscpas.com.db | grep MX
fa.mscpas.com. 14400 IN MX 10 spam3.smarsh.com.
fa.mscpas.com. 14400 IN MX 20 spam4.smarsh.com.

When I do an mxlookup it reads the mail server as mail.fa.mscpas.com which I do not have setup anywhere.

Any help would be appreciated.

Thanks,
Rick

 

[tillo]

Are you sure there isn't a "fa.mscpas.com. 14400 IN MX 10 mail.fa.mscpas.com." or "fa 14400 IN MX 10 mail.fa.mscpas.com." line in your "mscpas.com." zone? Of course that zone has priority over the "fa.mscpas.com." zone.

Also, did you reload BIND's name daemon?

# /etc/init.d/named reload

 

[ginaric]

Couldn't find an instance of either, heres the mx from mscpas.com:

[root@arc /]# cat /var/named/mscpas.com.db | grep MX
mscpas.com. 14400 IN MX 10 mscpas.com.s7a1.psmtp.com.
mscpas.com. 14400 IN MX 20 mscpas.com.s7a2.psmtp.com.
mscpas.com. 14400 IN MX 30 mscpas.com.s7b1.psmtp.com.
mscpas.com. 14400 IN MX 40 mscpas.com.s7b2.psmtp.com.

BIND has been reloaded, but still getting the incorrect name outside the server.

 

[nobaloney]

Try this dig (from any linux/unix system):

dig fa.mscpas.com mx +trace

and check to see if the mx record ends up at the right place.

Jeff

 

[ginaric]

mx wrong

No they appear to be calling the wrong ones as well.

;; global options: printcmd
. 82413 IN NS D.ROOT-SERVERS.NET.
. 82413 IN NS E.ROOT-SERVERS.NET.
. 82413 IN NS F.ROOT-SERVERS.NET.
. 82413 IN NS G.ROOT-SERVERS.NET.
. 82413 IN NS H.ROOT-SERVERS.NET.
. 82413 IN NS I.ROOT-SERVERS.NET.
. 82413 IN NS J.ROOT-SERVERS.NET.
. 82413 IN NS K.ROOT-SERVERS.NET.
. 82413 IN NS L.ROOT-SERVERS.NET.
. 82413 IN NS M.ROOT-SERVERS.NET.
. 82413 IN NS A.ROOT-SERVERS.NET.
. 82413 IN NS B.ROOT-SERVERS.NET.
. 82413 IN NS C.ROOT-SERVERS.NET.
;; Received 500 bytes from 205.177.13.7#53(205.177.13.7) in 16 ms

com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
;; Received 491 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 12 ms

mscpas.com. 172800 IN NS ns3.arcdesignnc.com.
mscpas.com. 172800 IN NS ns4.arcdesignnc.com.
;; Received 111 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 9 ms

fa.mscpas.com. 14400 IN MX 10 mail.fa.mscpas.com.
fa.mscpas.com. 14400 IN NS ns3.arcdesignnc.com.
fa.mscpas.com. 14400 IN NS ns4.arcdesignnc.com.
;; Received 148 bytes from 67.202.68.54#53(ns3.arcdesignnc.com) in 30 ms

 

[tillo]

Try this:

$ egrep -in '^fa.+IN\s+MX' /var/named/*.db

A misplaced MX record in any other domain's zone may interfere.

 

[ginaric]

No, its the only one of its kind. I am still stumped.

/var/named/fa.mscpas.com.db:20:fa.mscpas.com. 14400 IN MX 10 spam3 .smarsh.com.
/var/named/fa.mscpas.com.db:21:fa.mscpas.com. 14400 IN MX 20 spam4 .smarsh.com.

thanks so much for your continued assistance!

 

[tillo]

I've been able to do an AXFR of both zones from ns3.arcdesignnc.com [67.202.68.54] and ns4.arcdesignnc.com [216.86.150.112]: both nameservers contain "fa.mscpas.com. 14400 IN MX 10 mail.fa.mscpas.com." within the "fa.mscpas.com." zone.

Are you sure you are actually configuring the correct nameserver?

 

[ginaric]

so if I am to understand correctly. it may be correct in the fa.mscpas.com zone but is not pulling into the nameserver zone properly?

I am not trying to be a novice but I am letting my head work that way in order to solve this issue.

Thanks.

 

[tillo]

Let's analyse the problem a little:
a) the zone files you where working on seem correctly configured
b) you confirm that the machine where you are working is indeed the one having both IP addresses 67.202.68.54 and 216.86.150.112 (or at least it has one of them, and it is the zone master)
c) when I query both addresses, the answer is wrong

This leads to just one possible conclusion: the "named" instance has not been reading and/or loading the new zone files.
Possible reasons:
1) you have an error in one or more of your new zone files (for example two CNAME records on the same hostname) and named refuses to load them
2) when you reload named, you don't actually send the signal to the correct "named" process or it is stuck and doesn't reload because of a bug
3) the zone files you are modifying are not the right ones, there may be multiple copies (/etc/bind, /var/bind, /etc/named and others are often used)

Solutions:
1) read the log and see if there is any error, then fix it
2) run "killall -9 named" and "/etc/init.d/named start" (init file may be called "bind" or "bind9" instead) as root
3) search for the correct zones directory

 

[nobaloney]

Is this part of the issue:

What is the serial number on your zone file? On axfr transfers from both ns3.arcdesignnc.com and ns4.arcdesignnc.com I'm getting a serial number of 2009092900. If DirectAdmin is managing this zone file and you've made any changes to it since September 29, then this means the master nameserver hasn't been properly restarted.

Jeff

 

[ginaric]

well played chaps. Your solution was right on.

An error in my fa.mscpas.com zone was preventing the nameserver zone file from updating.

All is updating now. I am getting the correct reading and new mail is moving through.

One additional question, is it possible to push the mail already on the server through to the correct mail server?

Thanks for you all your help.

Rick

 

[tillo]

You may try with imapsync, look for the package in your distribution's repository.