Using A instead of MX record, in spite of setting

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
ekkas
Advanced member
Advanced member
Posts: 112
Joined: Sat Sep 13, 2014 1:03 am

Using A instead of MX record, in spite of setting

Postby ekkas » Tue Jul 10, 2012 9:42 am

Hi all, (ZCS 7.2.0)

I've been having problem with my connection/server load.

Almost no mail goes out, all bounce back with 'Connection timeout' or 'Connection refused'

Upon closer inspection and head scratching, cursing at the upstream provider, etc. (The usual geek tantrums.), I've found that it seems Zimbra is not using the correct MX record to send out to.

This server has public static IP with reverse DNS, I've tried with/without split-DNS, different DNS namservers, all stays teh same.

I've tried to 'untick/tick' (turn it off and on again) the Use DNS option in ZCS web. Rebooted, etc. etc.
See what I mean below, in the logs, it shows trying to speak to intekom.co.za at 196.25.69.14 but if I do a dig, the MX is supposed to be 196.25.211.70
Any help how I can fix this? (I've tried to re-queue all messages in defereed queue, but they just pop right back)


Jul 10 16:31:17 mail postfix/error[16818]: 2FD465CC0113: to=, relay=none, delay=0.29, delays=0.16/0.04/0/0.09, dsn=4.4.1, status=deferred (delivery mporarily suspended: connect to intekom.co.za[196.25.69.14]:25: Connection refused)

[root@mail ~]# dig intekom.co.za mx
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> intekom.co.za mx

;; global options: printcmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:

;intekom.co.za. IN MX
;; ANSWER SECTION:

intekom.co.za. 654 IN MX 20 mail.intekom.com.
;; ADDITIONAL SECTION:

mail.intekom.com. 401 IN A 196.25.211.70
;; Query time: 58 msec

;; SERVER: 168.210.2.2#53(168.210.2.2)

;; WHEN: Tue Jul 10 16:31:32 2012

;; MSG SIZE rcvd: 79


soxfan
Outstanding Member
Outstanding Member
Posts: 958
Joined: Fri Sep 12, 2014 10:08 pm

Using A instead of MX record, in spite of setting

Postby soxfan » Tue Jul 10, 2012 10:17 am

So, your Zimbra server is directly connected to the Internet and you have authority / control over the DNS settings? I'm a bit confused about the "tried with/without Split DNS" comment. Typically you need to decide this prior to doing the install. If you make changes after the fact it could cause problems. Or did you re-install after making the changes?
Also, do you know about the 196.25.69.14 IP address? Is this another one of your servers or a firewall / router?
ekkas
Advanced member
Advanced member
Posts: 112
Joined: Sat Sep 13, 2014 1:03 am

Using A instead of MX record, in spite of setting

Postby ekkas » Tue Jul 10, 2012 10:57 am

Thanks for your reply.

No I did not change IPs or anything, just changed /etc/resolv.conf to either use local BIND or ISP DNS. Local BIND is setup to mirror the ISPs settings, i.t.o. MX, A records.

The point is if I do a DIG MX I get the correct MX & A (So on CentOS side all seems fine), but Zimbra seem to want to use the domain's A record instead of the MX record's IP.

"Use DNS" tick is on under "Global Settings" and "Server settings".

I did upgrade from 7.1.3 to 7.2.0 but after some issues started.
phoenix
Ambassador
Ambassador
Posts: 26677
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Using A instead of MX record, in spite of setting

Postby phoenix » Tue Jul 10, 2012 11:34 am

[quote user="ekkas"]No I did not change IPs or anything, just changed /etc/resolv.conf to either use local BIND or ISP DNS.[/QUOTE]That is incorrect, if you're behind a NAT router you should only use the DNS server on your LAN.
[quote user="ekkas"]Local BIND is setup to mirror the ISPs settings, i.t.o. MX, A records[/QUOTE]This is also incorrect. I'd suggest you change the resolv.conf as I've mentioned above then go to the Split DNS article in the wiki and provide the output from all the commands in the 'Verify...' section of the article.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
ekkas
Advanced member
Advanced member
Posts: 112
Joined: Sat Sep 13, 2014 1:03 am

Using A instead of MX record, in spite of setting

Postby ekkas » Tue Jul 10, 2012 11:36 am

It seems that after another reboot and some more deferred queue 'requeues', the mails are starting to be forwarded to proper MX instead of the A.

It appears that postfix (zimbra/amavis?) remembers the IP it originally wanted to send it on, and a requeue let it re-lookup the MX again, or so it seems to me anyways.
Mails are finally going out now.
ekkas
Advanced member
Advanced member
Posts: 112
Joined: Sat Sep 13, 2014 1:03 am

Using A instead of MX record, in spite of setting

Postby ekkas » Tue Jul 10, 2012 11:45 am

[quote user="10330phoenix"]That is incorrect, as you're behind a NAT router you should only use the DNS server on your LAN.
This is also incorrect. I'd suggest you change the resolv.conf as I've mentioned above then go to the Split DNS article in the wiki and provide the output from all the commands in the 'Verify...' section of the article.[/QUOTE]
Thank you for your effort, but I'm afraid you misunderstood my problem.

The server have a static, public IP, not NAT or other routers. I've setup split-DNS for the sole purpose that when the Internet is down, at last the server knows about it's own MX record and internal users can send to each other.

So in essense my split-DNS give the same results (MX & A) as what the public ISP DNS would give, just as an local copy on the server itself.

I did run the 'Verify' sections ad infinitum :)

My problem was that the OS (CentOS) DNS was working fine, but Zimbra tried to use the A record for that domain, instead of the MX record, which is what is supposed to happen if the 'Use DNS' option is unticked.

I was puzzled because it was ticked and still this happened. Seems it needed to be requeued/rebooted.

Time wounds all heals- John Lennon
ekkas
Advanced member
Advanced member
Posts: 112
Joined: Sat Sep 13, 2014 1:03 am

Using A instead of MX record, in spite of setting

Postby ekkas » Tue Jul 10, 2012 1:20 pm

Seems I'm still experiencing some Zimbra DNS issues:
Jul 10 20:17:16 mail postfix/smtp[18853]: 3E72A2168127: to=, relay=none, delay=7973, delays=6313/1640/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=daimler.com type=MX: Host not found, try again)

But seconds after"
[root@mail ~]# dig daimler.com mx
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> daimler.com mx

;; global options: printcmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:

;daimler.com. IN MX
;; ANSWER SECTION:

daimler.com. 2535 IN MX 0 mail-in.daimler.com.
;; ADDITIONAL SECTION:

mail-in.daimler.com. 2535 IN A 141.113.103.103
;; Query time: 1767 msec

;; SERVER: 168.210.2.2#53(168.210.2.2)

;; WHEN: Tue Jul 10 20:17:44 2012

;; MSG SIZE rcvd: 69

[root@mail ~]# telnet 141.113.103.103 25

Trying 141.113.103.103...

Connected to mail-in.daimler.com (141.113.103.103).

Escape character is '^]'.

220 mail-in.daimler.com ESMTP Postfix
soxfan
Outstanding Member
Outstanding Member
Posts: 958
Joined: Fri Sep 12, 2014 10:08 pm

Using A instead of MX record, in spite of setting

Postby soxfan » Tue Jul 10, 2012 2:09 pm

I'm not going to say your setup is wrong, but typically most people configure Zimbra in a LAN / DMZ with a private IP address behind a firewall, and have a Split DNS setup. I can't specifically say why your setup, being directly connected to the Internet, won't work, but it's just not typical. I also think you have a misunderstanding of what the "use DNS" option does. In my installation it says "Enable DNS lookups", so maybe I'm looking at a different option, but if not you should read the Admin Guide for a better description of what this is used for.
4610silbro
Posts: 46
Joined: Fri Sep 12, 2014 11:19 pm

Using A instead of MX record, in spite of setting

Postby 4610silbro » Tue Jul 10, 2012 2:54 pm

Hey
I have a similar setup. This is what I would do:
1) /etc/hostname

mail-in
2) /etc/hosts:

mail-in.daimler.com

127.0.0.1 localhost
3) Log into the admin interface and go to server settings and add the external ip to the trusted MTA-Networks -> ip/prefix
4) /etc/resolf.conf -> 2 nameservers that resolve the mail-in.daimler.com to your correct external ip address.
5) I have selected activate DNS lookups
The first error was because your mailserver resolved the name to the external IP and it wouldnt allow it to connect to itself (that is what the trusted mta networks is for)
Does this help ? If not I'll try to help you more
cheers
ekkas
Advanced member
Advanced member
Posts: 112
Joined: Sat Sep 13, 2014 1:03 am

Using A instead of MX record, in spite of setting

Postby ekkas » Wed Jul 11, 2012 8:56 am

Thanks for your replies.

I initially installed the server many years ago in a completely different setup like that. Tried to change the IP twice (to move from public to DMZ) since, but had to revert to backups as I didn't have joy. However, I do not think this is what the problem here is though.

For example, look here:
Jul 11 13:47:12 mail postfix/smtp[21229]: D7FC478097: to=, relay=none, delay=53773, delays=52888/865/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=tiscali.co.za type=MX: Host not found, try again)

Jul 11 13:47:12 mail postfix/qmgr[10674]: 9244FE2595: removed


And 3 seconds later: (please not server used is 127.0.0.1, I get similar issues if I use my ISP DNS, sometime MX not found by Zimbra, but from the OS I always resolve correctly.



  • I've stopped iptables, just in case

  • ISP says no firewall is blocking anything

  • it works sometimes


[root@mail ~]# dig tiscali.co.za mx
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.1 <<>> tiscali.co.za mx

;; global options: printcmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 5
;; QUESTION SECTION:

;tiscali.co.za. IN MX
;; ANSWER SECTION:

tiscali.co.za. 9 IN MX 10 mx-wol.smp.mweb.co.za.
;; AUTHORITY SECTION:

co.za. 86252 IN NS ns.coza.net.za.

co.za. 86252 IN NS ns0.is.co.za.

co.za. 86252 IN NS ns0.plig.net.

co.za. 86252 IN NS ns0.neotel.co.za.

co.za. 86252 IN NS ns1.coza.net.za.

co.za. 86252 IN NS ns4.iafrica.com.

co.za. 86252 IN NS coza1.dnsnode.net.
;; ADDITIONAL SECTION:

mx-wol.smp.mweb.co.za. 309 IN A 196.28.76.15

ns.coza.net.za. 4203 IN A 206.223.136.200

ns0.plig.net. 1732 IN A 195.40.6.40

ns4.iafrica.com. 181 IN A 196.7.142.131

coza1.dnsnode.net. 3433 IN A 194.146.106.74
;; Query time: 2133 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Jul 11 13:47:47 2012

;; MSG SIZE rcvd: 316

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 10 guests