Topic: MX Records and Email Setup

[Nate Jenkins]

I am having trouble with setting up Email.  I have a DSL line that my LAN is connected to the Internet with.  I am running E-Smith Server and Gateway 4.0.1 with a static IP.

I understand that MX Records are kept at the ISP which are used in directing our Email to our mail server...

I can send mail INTERNALLY on the LAN to users defined on the E-Smith Server.
I can send mail EXTERNALLY to any email addresses on the Internet.
I can receive mail INTERNALLY from any users on the LAN defined on E-Smith Sever.
I cannot receive mail EXTERNALLY from any email addresses on the Internet.

I have run this command from the Command Line:
nslookup -query=mx mydomain.com

This has reported that the mx records at my ISP are mail.mydomain.com
However to be able to send and receive as listed above.  (POP3) I had to change my email application mail sever names to be mail.e-smith.mydomain.com

Is the name e-smith required in the mail server name?  If not, how can I change this?

How can I get my mail comming from the outside world into our LAN???

[Charlie Brady]

Nate Jenkins wrote:

> I understand that MX Records are kept at the ISP which are
> used in directing our Email to our mail server...

Good.

> I cannot receive mail EXTERNALLY from any email addresses on
> the Internet.

Then you probably have a problem with your MX record.

> I have run this command from the Command Line:
> nslookup -query=mx mydomain.com
>
> This has reported that the mx records at my ISP are
> mail.mydomain.com

OK, so does mail.mydomain.com resolve to the external IP of your server?

> However to be able to send and receive as listed above.
> (POP3) I had to change my email application mail sever names
> to be mail.e-smith.mydomain.com

mail.e-smith.mydomain.com is only for use on your LAN. It doesn't have anything to do with your problem with external mail.

Charlie

[Nate Jenkins]

Thanks Charlie for your response,

> OK, so does mail.mydomain.com resolve to the external IP of your server?

Actually when I execute:
nslookup -query=mx mydomain.com

It outputs:
Server: localhost
Address: 127.0.0.1

*** localhost can't find mydomain.com: Non-existent host/domain

.....................................................................

When I do:
nslookup -query=mx e-smith.mydomain.com

It outputs:
Server: localhost
Address: 127.0.0.1

e-smith.mydomain.com preference = 5, mail exchanger = mail.e-smith.mydomain.com
e-smith.mydomain.com nameserver = old-yeller.e-smith.mydomain.com
mail.e-smith.mydomain.com   internet address = 192.168.1.1
old-yeller.e-smith.mydomain.com   internet address = 192.168.1.1

.....................................................................


So what would you recomend at this point?  I need to have lunch and uncloud my mind of this for a few minutes...  

Thanks,

Nate

[Garret]

I might be wrong here, and probably am,but doesn't the mx record at the isp (or their dns servers) have to point to his external ip address? I was having the same problem until I had the dns servers resolve the mx records to my public ip. Isn't that what tells the worlds where to send the mail so to speak?

Garret

[Michael Doerner]

Nate Jenkins wrote:
 ..cut..
> Actually when I execute:
> nslookup -query=mx mydomain.com
>
> It outputs:
> Server: localhost
> Address: 127.0.0.1
>
> *** localhost can't find mydomain.com: Non-existent host/domain
>
> .....................................................................
>
> When I do:
> nslookup -query=mx e-smith.mydomain.com
..cut..

Nate,
you are aware that "mydomain.com" is only the example's domain name and that you will have to substitute this with your "real" domain name?
Like Charly would run that nslookup check for their company as
nslookup -query=mx e-smith.com
for example.

If you give us your real domain name, everybody can run that nslookup for you and can see to which IP addresses it points.

Does that help?

Regards,
Michael Doerner

[Justin]

Whats your domain I will look at the records for you?

Justin

[Nate Jenkins]

>Author: Michael Doerner (michael_AT_baypc.co.nz)
>Date:   01-24-01 15:31

>Nate Jenkins wrote:
>..cut..
>> Actually when I execute:
>> nslookup -query=mx mydomain.com
>>
>> It outputs:
>> Server: localhost
>> Address: 127.0.0.1
>>
>> *** localhost can't find mydomain.com: Non-existent host/domain
>>
>> .....................................................................
>>
>> When I do:
>> nslookup -query=mx e-smith.mydomain.com
>..cut..

>Nate,
>you are aware that "mydomain.com" is only the example's domain name and that >you will have to substitute this with your "real" domain name?
>Like Charly would run that nslookup check for their company as
>nslookup -query=mx e-smith.com
>for example.

Yes, I am aware of that.  However its is important to know that first off.  I appologize for not clarifying it earlier.

uniwest.com

The issue here is this...  We are replacing our server...  The server that we are replacing works well enough but I am trying to build a server using E-Smith to "cut and paste" in the current server's place...

The current server, like I said works just fine when I use the command "nslookup..."
However the new machine I built with E-Smith is the local host that can't find uniwest.com when I try it.

What is happeneing is we will put the "current server to be replaced" online and then take it offline to test the "new replacing E-Smith server" in its place.  And then all over again...

Therefore if you test our mx records everything will checkout fine because we have the old one online at the present time.

What could help is if anyone can tell me how to modify whatever files I need to, so that the mx records are correct on the new E-Smith machine.  In other words, I need to fix the problem of "local host can't find uniwest.com..." on the new one.





>If you give us your real domain name, everybody can run that nslookup for you >and can see to which IP addresses it points.

>Does that help?

>Regards,
>Michael Doerner

Thanks Michael and Justin,

- Nate

[Michael Doerner]

Nate Jenkins wrote:
...cut...
>
> uniwest.com
>
> The issue here is this...  We are replacing our server...
> The server that we are replacing works well enough but I am
> trying to build a server using E-Smith to "cut and paste" in
> the current server's place...
>
> The current server, like I said works just fine when I use
> the command "nslookup..."
> However the new machine I built with E-Smith is the local
> host that can't find uniwest.com when I try it.
>
That means the new server doesn't have proper access to a DNS server or that (internal?) DNS server doesn't forward properly to another (external = real world?) DNS server.
It also depends on your network design. Does the old server have 2 interfaces, therefore acting as a gateway between external (Internet) and internal?

Which DNS server does the old server point to or to which DNS server does it forward the requests that it can't resolve itself?

Did you setup the new E-smith server as a gateway (with 2 NICs) or a standalone server only?

... cut ...
> Therefore if you test our mx records everything will checkout
> fine because we have the old one online at the present time.

Are you sure that the old server really acts as a public DNS server for that IP address?
Isn't it more likely to be sitting behind a router that represents the public IP address and that router does some routing/IP forwarding to the old server's (internal) IP address?

So I believe that anybody else in the world most probably will be able to run the nslookup for uniwest.com and will get a response, even when you shutdown your old server. (Guessing here).
>
> What could help is if anyone can tell me how to modify
> whatever files I need to, so that the mx records are correct
> on the new E-Smith machine.  In other words, I need to fix
> the problem of "local host can't find uniwest.com..." on the
> new one.
I hope I can help with that. I don't want to confuse.

Regards,
Michael Doerner

[Dan Brown]

[root@e-smith dan]# dig uniwest.com

; <<>> DiG 8.2 <<>> uniwest.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      uniwest.com, type = A, class = IN

;; ANSWER SECTION:
uniwest.com.            1S IN A         207.173.56.241

;; AUTHORITY SECTION:
uniwest.com.            1S IN NS        dns1.uniwest.com.
uniwest.com.            1S IN NS        dns2.uniwest.com.

;; ADDITIONAL SECTION:
dns1.uniwest.com.       1S IN A         207.173.56.241
dns2.uniwest.com.       1S IN A         207.173.56.241

Apologies for the bad wrapping above, but I thought this might be instructive.

OK, now I can see what your problem is.  Your problem is that your NT box is acting as your public DNS server for your domain.  Actually, it's acting as the public primary AND secondary DNS servers, which is bad design, and probably violates some RFCs.  When it's taken offline, the world doesn't know who uniwest.com is, and has no way of finding out.

The best solution would be to have your DNS hosted elsewhere.  You can go to zoneedit.com or granitecanyon.com and get DNS hosted for free (zoneedit.com has a limit of 5 domains for free; after that, you need to pay).

The alternate solution would be to set up your e-smith box to also serve DNS publically.  This can be done, as e-smith is, for all relevant intents and purposes, RedHat--but it's well beyond the design goals of the system.  To find out how to set up a DNS server, your best bet is probably the DNS HOWTO, which you can find at http://www.linuxdoc.org.  This is suboptimal, though, for a number of reasons.  First, properly administering a public DNS server is a non-trivial task.  Second, you're supposed to have two separate servers, to prevent exactly the problem you're having.  Third, this would require fairly major hacking on the e-smith machine, and your changes would probably be lost when you decided to upgrade.  There are probably other reasons, but these strike me as the most obvious.

[Nate Jenkins]

....................................... cut start #1
That means the new server doesn't have proper access to a DNS server or that (internal?) DNS server doesn't forward properly to another (external = real world?) DNS server.
It also depends on your network design. Does the old server have 2 interfaces, therefore acting as a gateway between external (Internet) and internal?

Which DNS server does the old server point to or to which DNS server does it forward the requests that it can't resolve itself?

Did you setup the new E-smith server as a gateway (with 2 NICs) or a standalone server only?
....................................... cut end #1

First of all our layout looks like this:
We have a DSL modem that connects us to the ISP...  Our Server plugs into it directly via ethernet.  The server has two NICs.  One incoming from DSL Modem and the other is our Out to LAN.  So the latter goes via Ethernet to an internal router...  Yes, it is our gateway and firewall.  It is our mail server, file server, and web server...  We have dns1.uniwest.com, dns2.uniwest.com, www.uniwest.com, mail.uniwest.com and some others all at 207.173.56.241...

Our Current Server is a stripped down Linux Box too, (Dan Brown, I thought I would say that because I think you thought it might be NT)...  However its Redhat 6.1.

We want to have our DNS going here but not necessarily public as Dan Brown mentioned.

Yes we set it up with two Nics and as a server and gateway.

....................................... cut start #2
Are you sure that the old server really acts as a public DNS server for that IP address?
Isn't it more likely to be sitting behind a router that represents the public IP address and that router does some routing/IP forwarding to the old server's (internal) IP address?

So I believe that anybody else in the world most probably will be able to run the nslookup for uniwest.com and will get a response, even when you shutdown your old server. (Guessing here).
....................................... cut end #2

I am not sure if the current server acts as a public DNS or not but I don't want to have to mess with it as much as Dan Brown mentioned it would be...  As far as I understand about our topology it is as listed above and no router between us and the ISP...  I don't know about the ISP end though.

We had access to the Internet when we took the current server down and tried the new one.  This is how we attempted to see if the mx records were still fine but thats when it said "localhost can't find uniwest.com"...

Thanks, Nate

[Dan Brown]

I thought you'd said that the old server was an NT box; apparently I was mistaken.  It's not particularly relevant to this discussion, though.

What is relevant to this discussion is that the Internet as a whole asks dns1.uniwest.com or dns2.uniwest.com when it wants to know the IP address for any machine in the uniwest.com domain.  This is determined by what you told your domain registrar (Network Solutions, in your case), and can be changed to anything else you like.  dns1 and dns2 are the same as www. or anything else in uniwest.com.  Since you've said that this server plugs directly into the DSL modem, it certainly sounds as though the server is providing public DNS service for your domain.  This is not a great idea, for the reasons I mentioned earlier.

This is complicated by the fact that your zone records are written with a _very_ short (one second) time-to-live, which means that they'll never be cached by the rest of the internet, and as soon as your (old) server goes down, uniwest.com won't resolve anywhere.  It also means that you're going to use much more bandwidth serving DNS than you'd need to if you had a more sane (like one hour) ttl.

I advise that you (1) go to network solutions and change your DNS servers.  Tell NSI that your primary DNS server is ns1.zoneedit.com, and your secondary DNS server is ns5.zoneedit.com.  (2) go to zoneedit.com, sign up (it's free for the first five domains), and tell them to serve DNS for uniwest.com.  (3)  Fill out their form listing IP addresses for uniwest.com and www.uniwest.com of 207.173.56.241, and an alias of *.uniwest.com to uniwest.com.  You don't need to enter anything for "mail servers" (mx).  That's all you need to do, and your problem will be taken care of.

Zoneedit has the servers, bandwidth, backups, and expertise to admin a DNS server fairly well, and that removes one headache from you.