Catchy title ;P A company contacted me regarding receiving a fatal error their email encounters when sending to our domain.
I saw the error message they are receiving, their email server, trying to resolve our domain using a local DNS in their premises and failing to do so.
This is how I troubleshooted:
- Checked our flow of emails, we are receiving and sending emails
- We have received emails from that company in the morning
- I nslookup-ed our email entries against our domain
- I used an external DNS and all our entries we resolving just fine
- I used external email account to send and receive emails with/without attachment (that took quite a while to reach its destination)
So I told them it’s a DNS problem, you’re having problem looking up our MX records in order to send us emails, check your DNS server.
Actually I was glad everything was fine from our end and left it at that and didn’t investigate thoroughly. The next day their IT person sends a report stating one of our DNS is giving them problems, so a temporarily solution, all DNS queries are forwarded to the functioning one!
WTF, I forgot to check the secondary DNS and what do you know, it’s not loading any records in any of the zones configured!!
So you see, they were having a problem, because their email server was querying our MX records against our secondary DNS server which had a problem. It wasn’t down or else it would’ve gone to the primary one, it was up and running with empty zones ;P
CONCLUSION, it was a DNS problem, but it was OURS not theirs ;P
Our secondary DNS is of course located in the DMZ, it’s running two services, DNS and FTP, each having their own IP. The issue was for security reasons, you configure your primary zone to allow zone transfers to listed IPs, I listed the seconday DNS IP but just to make sure you have configured the correct IP.
In DNS management console, right click the DNS server and select nslookup, the DNS IP should appear, that IP should be configured on the primary DNS.
Our problem, it was receiving DNS queries with one IP and loading zone information from primary DNS with the IP assigned for the FTP services!
I’m not quite sure why it’s doing that … I just included both IPs as trusted in the primary DNS configuration and voila it worked 
Sat down and wrote an apology email to the company and believe it or not when sending to their other company handling their IT services I got another error:
smtp; 550 5.5.0 Invalid EHLO/HELO domain.
What I did to solve this problem ;P used my gmail account to send the apology email to the IT person ;P I’ll just leave that to another day or as we all know tomorrow ;P
#1 by MBH on May 13, 2009 - 10:01 AM
*cough* Microzift *cough*
In Linux, you can bind the service to a specific IP.
I think your problem can be solved if you slap in a second Network Interface Card (NIC) and assign the FTP IP to it.
#2 by Bashar on May 14, 2009 - 10:12 AM
Is this the sorry letter problem
#3 by Bloggylife on May 14, 2009 - 7:43 PM
MBH, LOOOL,the problem isn’t with assigning FTP service the IP, it’s the DNS
Bashar, yes hehehehe
#4 by MBH on May 14, 2009 - 9:59 PM
Don’t both services run on the same server? If you can’t (or didn’t?) bind the DNS IP to the service, then slap in another NIC and put one IP per NIC.
#5 by Bloggylife on May 16, 2009 - 9:39 PM
The thing is I didn’t find any configuration to bind DNS service to a specific IP! If you have configured a list of IPs on an interface it’ll take the first one, so I just changed the order ;P haven’t tried the two nics scenario, but since I can’t bind DNS to IP, it’ll take the IP of the first nic, that’s what I think