Jump to content

DNS Issues


jefft

Recommended Posts

A couple of years ago, we began to take steps to help make the system more robust in the event of network failures or DOS attacks. We had always run two DNS servers, on two different networks. That gave us network redundancy, but when we experienced a DOS attack on the two nameservers, it pointed out a limitation in the network. It would be nice to expand to more servers, on more networks, and move those servers away from the main web and mail servers. That way, an attack on one wouldn't bring down the other.

So, we moved DNS for spamcop.net to Akamai and for cesmail.net and cqmail.net to name-services.com, a paid DNS service run by the enom domain name registry. When testing them, they appeared to have about 8 nameservers spread across 5 different names, in 5 different geographic locations. And, for the last couple of years, we've had no problems with them at all. DNS has had 100% uptime and I'm not aware of any DNS-related issues.

That all changed on Sunday when we started receiving complaints of sporadic DNS problems. It didn't appear to be a problem specific to our network because we had reports from different mailservers worldwide which couldn't resolve one or the other of the domain names. Obviously, something was going on but we've yet to actually see a query here that didn't succeed. Manual testing consistently shows good results from all of the name-services.com nameservers. I'm aware that dnsreport.com is reporting errors on our domain name, but it's clear that they don't test in real-time. They apparently cache results, either for the whole report or for individual lookups. Because of that, it's hard to tell whether an error they report is happening now or 10 minutes ago.

Regardless of the testing, it's clear that there's a problem so we've begun the process of moving all DNS to a different DNS provider. Unfortunately, this brings about another problem. Because of the antiquated DNS system, for a while some servers will continue to ask our OLD nameservers for information instead of our NEW nameservers. This will probably result in mail delays for the cesmail.net and cqmail.net domains sporadically, although I don't expect any mail to bounce.

I apologize about the hassle and inconvenience. We thought we had exercised good diligence in setting up the DNS. We still don't have an explanation as to why name-services.com is doing what they are doing. Once the transition is over, we expect that things will be smooth again. Please bear with us as we work to make sure that the system is as reliable as possible.

Thanks

JT

Link to comment
Share on other sites

Im still not getting any mails to cqmail account. Any estimation regarding the fix guys ?

19825[/snapback]

Please send yourself (and/or have someone send you)some more tests.
Link to comment
Share on other sites

At issue right now is one of the things JT had already pointed out ... DNS propagation .... Changes have been made at JT's end, the new DNSs have been put into play ... the catch is that this info has to make it out into the world and replace the data that's out there now. Some ISPs keep things in cache for a long time, in theroy making a better user experience as the contents don't "fade out" ... However, this alsomeans that this new data won't be updated until their cache does get refreshed.

The suggestion to "write yourself a test message" is so that if it's failing, you'll get the failure message. If it's something along the lines of "Domain does not exist" .. you're dealing with the DNS issue.

Link to comment
Share on other sites

Is the problem with Akami, nameservices, or somewhere else? Seems to me it would be good to know that first given their good history so far.

Did you actually read JT's explanation? It was the Julian/Ironport side of the house that went the big-buck route with Akamai.

Link to comment
Share on other sites

Never mind i've sorted it.

19823[/snapback]

Better may have been to simply delete your post, as there's no one that can tell just what it is that you've sorted out .... thus leaving this statement stand on its own is kind of silly.

Link to comment
Share on other sites

It is name-services.com that is returning the bogus results. The email side of the house doesn't use Akamai because Akamai doesn't do email, only web pages.

If you can't get to your POP mail, try changing your POP server to pop.spamcop.net. That might be more reliable than pop.cesmail.net for the next day or so.

There's absolutely nothing we can do to speed things up. It's all about DNS propagation and cache expiration times and it's all over the world. Our servers are all returning appropriate results, but caches all over the world might return stale data for a while.

JT

Link to comment
Share on other sites

I can't login to my spamcop.net email account either from the IP address 216.154.195.51. What other options do I have? Right now, I have no mail access at all and spamcop is my central mail system, pop'ing all my mail accounts. It'd completely inaccessable.

In the past, when I've had DNS issues, it's taken days to a week to sort address propogation out for some customers. What other options do I have here? Am I (and everyone else) SOL until this sorts itself out?

Link to comment
Share on other sites

1. Have you tried the alternatives (You don't mention which is failing for you):

https://webmail.spamcop.net

https://webmail.cesmail.net

http://webmail.spamcop.net

http://webmail.cesmail.net

2. Have you tried placing webmail.spamcop.net and/or webmail.cesmail.net into your local hosts file?

Win9x: C:\WINDOWS

Win2k: C:\WINNT\system32\drivers\etc

Format:

127.0.0.1 localhost

216.154.195.51 webmail.spamcop.net

216.154.195.51 webmail.cesmail.net

Remember to remove them when the fever breaks.

Link to comment
Share on other sites

For those who may want to know, the Internet address of webmail.spamcop.net is 216.154.195.51.

I tried browsing webmail by the IP number (pasting the number into the URL field of my browser, after "http://").  The login screen comes up.  But every time I try to log in, I get "Your Mail session has expired. Please login again.".

19847[/snapback]

Please add a line "216.154.195.51 webmail.spamcop.net" to your hosts file for a few days. You may have to restart your dns resolver or your computer to have this change take effect. In Windows, the easiest way to do this is to run "notepad C:\WINNT\system32\drivers\etc\hosts."
Link to comment
Share on other sites

Sitting at the wrong system at present, but ... did a quick hit per JT's last suggestion of going the pop.spamcop.net route ... SamSpade for Windows is coming back with the following (have to go upstairs to hit another machine to do some other digging around, just surprised a bit here at this)

Dig pop.spamcop.net[at]asia3.akam.net (65.203.234.27) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]use1.akam.net (63.209.170.136) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]ns1-117.akam.net (193.108.91.117) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]ns1-109.akam.net (193.108.91.109) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]ns1-93.akam.net (193.108.91.93) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]ns1-90.akam.net (193.108.91.90) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]ns1-73.akam.net (193.108.91.73) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]ns1-11.akam.net (193.108.91.11) ...

failed, couldn't connect to nameserver

Dig pop.spamcop.net[at]199.5.157.128 ...

Non-authoritative answer

Recursive queries supported by this server

Query for pop.spamcop.net type=255 class=1

pop.spamcop.net A (Address) 216.154.195.50

spamcop.net NS (Nameserver) ns1-73.akam.net

spamcop.net NS (Nameserver) ns1-90.akam.net

spamcop.net NS (Nameserver) ns1-93.akam.net

spamcop.net NS (Nameserver) ns1-109.akam.net

spamcop.net NS (Nameserver) asia3.akam.net

Dig spamcop.net[at]ns1-93.akam.net (193.108.91.93) ...

failed, couldn't connect to nameserver

Dig spamcop.net[at]ns1-90.akam.net (193.108.91.90) ...

failed, couldn't connect to nameserver

Dig spamcop.net[at]ns1-73.akam.net (193.108.91.73) ...

failed, couldn't connect to nameserver

Dig spamcop.net[at]asia3.akam.net (65.203.234.27) ...

failed, couldn't connect to nameserver

Dig spamcop.net[at]ns1-109.akam.net (193.108.91.109) ...

failed, couldn't connect to nameserver

Dig spamcop.net[at]199.5.157.128 ...

Non-authoritative answer

Recursive queries supported by this server

Query for spamcop.net type=255 class=1

spamcop.net MX (Mail Exchanger) Priority: 5 mx.spamcop.net

spamcop.net TXT (Text Field)

v=spf1 ?all

spamcop.net SOA (Zone of Authority)

Primary NS: akamai.com

Responsible person: hostmaster[at]akamai.com

serial:2004000127

refresh:3600s (60 minutes)

retry:1800s (30 minutes)

expire:3600000s (410 days)

minimum-ttl:3600s (60 minutes)

spamcop.net NS (Nameserver) ns1-90.akam.net

spamcop.net NS (Nameserver) ns1-93.akam.net

spamcop.net NS (Nameserver) ns1-109.akam.net

spamcop.net NS (Nameserver) asia3.akam.net

spamcop.net NS (Nameserver) ns1-73.akam.net

spamcop.net NS (Nameserver) ns1-93.akam.net

spamcop.net NS (Nameserver) ns1-109.akam.net

spamcop.net NS (Nameserver) asia3.akam.net

spamcop.net NS (Nameserver) ns1-73.akam.net

spamcop.net NS (Nameserver) ns1-90.akam.net

mx.spamcop.net A (Address) 216.154.195.36

Dig cesmail.net[at]ns6.zoneedit.co.uk (217.160.131.209) ...

Authoritative Answer

Query for cesmail.net type=255 class=1

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

cesmail.net SOA (Zone of Authority)

Primary NS: ns6.zoneedit.co.uk

Responsible person: soacontact[at]zoneedit.com

serial:1099966601

refresh:14400s (4 hours)

retry:7200s (2 hours)

expire:950400s (11 days)

minimum-ttl:7200s (2 hours)

cesmail.net MX (Mail Exchanger) Priority: 0 mx.cesmail.net

cesmail.net MX (Mail Exchanger) Priority: 5 mx2.cesmail.net

cesmail.net A (Address) 0.0.0.0

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

Dig cesmail.net[at]ns17.zoneedit.com (209.126.159.118) ...

Authoritative Answer

Query for cesmail.net type=255 class=1

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

cesmail.net SOA (Zone of Authority)

Primary NS: ns6.zoneedit.co.uk

Responsible person: soacontact[at]zoneedit.com

serial:1099966601

refresh:14400s (4 hours)

retry:7200s (2 hours)

expire:950400s (11 days)

minimum-ttl:7200s (2 hours)

cesmail.net MX (Mail Exchanger) Priority: 0 mx.cesmail.net

cesmail.net MX (Mail Exchanger) Priority: 5 mx2.cesmail.net

cesmail.net A (Address) 0.0.0.0

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

Dig cesmail.net[at]ns13.zoneedit.com (216.122.4.160) ...

Authoritative Answer

Query for cesmail.net type=255 class=1

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

cesmail.net SOA (Zone of Authority)

Primary NS: ns6.zoneedit.co.uk

Responsible person: soacontact[at]zoneedit.com

serial:1099966601

refresh:14400s (4 hours)

retry:7200s (2 hours)

expire:950400s (11 days)

minimum-ttl:7200s (2 hours)

cesmail.net MX (Mail Exchanger) Priority: 0 mx.cesmail.net

cesmail.net MX (Mail Exchanger) Priority: 5 mx2.cesmail.net

cesmail.net A (Address) 0.0.0.0

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

Dig cesmail.net[at]199.5.157.128 ...

Non-authoritative answer

Recursive queries supported by this server

Query for cesmail.net type=255 class=1

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

cesmail.net NS (Nameserver) ns13.zoneedit.com

cesmail.net NS (Nameserver) ns17.zoneedit.com

cesmail.net NS (Nameserver) ns6.zoneedit.co.uk

Link to comment
Share on other sites

Actually, I wanted to clarify - I CAN log into spamcop.net to read my e-mail, but it is not being forwarded (or not able to be retrieved by my ISP). When I log directly onto my ISP site, there is no mail in my inbox (which should be coming from spamcop).

This morning when I tried to retrieve e-mail, I received the following message:

The Server could not be found. (Account: 'mail.comcast.net', pop3 server:'mail.spamcop.net', Error Number:0x800ccc0d).

Is this a problem with my ISP or Spamcop?

Thanks.

Nancy

19849[/snapback]

Link to comment
Share on other sites

This morning when I tried to retrieve e-mail, I received the following message:

The Server could not be found. (Account: 'mail.comcast.net', pop3 server:'mail.spamcop.net', Error Number:0x800ccc0d).

Is this a problem with my ISP or Spamcop?

19849[/snapback]

Please add a line "216.154.195.50 mail.spamcop.net mail.cesmail.net pop.spamcop.net pop.cesmail.net imap.spamcop.net imap.cesmail.net" without quotes to your hosts file for a few days. You may have to restart your dns resolver or your computer to have this change take effect. In Windows NT, 2000, XP, and 2003, the easiest way to do this is to run "notepad C:\WINNT\system32\drivers\etc\hosts." In Windows 95 and 98, the easiest way to do this is to run "notepad C:\WINDOWS\hosts." You could also temporarily change your POP3 client to use 216.154.195.50, but be warned that in practice with OE doing so breaks "leave on server" so that you end up downloading all the mail again.
Link to comment
Share on other sites

Actually, I wanted to clarify - I CAN log into spamcop.net to read my e-mail, but it is not being forwarded (or not able to be retrieved by my ISP).  When I log directly onto my ISP site, there is no mail in my inbox (which should be coming from spamcop).

I think you have to clarify a bit more with specific details. If you have SpamCop forwarding, there's something else going on. If you have your ISP POPing, then the DNS issues are involved.

Link to comment
Share on other sites

Actually, I wanted to clarify - I CAN log into spamcop.net to read my e-mail, but it is not being forwarded (or not able to be retrieved by my ISP).  When I log directly onto my ISP site, there is no mail in my inbox (which should be coming from spamcop).

19859[/snapback]

Sorry, our posts crossed. Is the SpamCop Email System supposed to be forwarding to your email address at your ISP, or is your ISP supposed to be POPping the mail for you? If the former, please ask your ISP to flush the dns cache on whatever nameservers its mailservers use. If the latter, please try asking your ISP to POP from 216.154.195.50 on your behalf for a few days.
Link to comment
Share on other sites

Sorry, I said forwarding, but I'm set up for my ISP to POP.

Sorry to be so ignorant, but I don't know what you mean about configuring the host. I believe the way I originally set this up was for e-mail that come into my ISP to be forwarded to Spamcop, the POP'd back. Does that make sense? Maybe the safest thing for me to do right now is unforward the mail from my ISP. I may have to put up with spam for a few days, but I'm leery of changing settings on my computer, unless someone walks me step by step through it.

Thanks for the help.

Nancy

I think you have to clarify a bit more with specific details.  If you have SpamCop forwarding, there's something else going on.  If you have your ISP POPing, then the DNS issues are involved.

19861[/snapback]

Link to comment
Share on other sites

Sorry, I said forwarding, but I'm set up for my ISP to POP. 

Sorry to be so ignorant, but I don't know what you mean about configuring the host.  I believe the way I originally set this up was for e-mail that come into my ISP to be forwarded to Spamcop, the POP'd back.  Does that make sense?  Maybe the safest thing for me to do right now is unforward the mail from my ISP.  I may have to put up with spam for a few days, but I'm leery of changing settings on my computer, unless someone walks me step by step through it.

Thanks for the help.

Nancy

19865[/snapback]

When you write "I'm set up for my ISP to POP", do you mean that your ISP is POPping your mail from SpamCop on your behalf. If so, then you need to ask your ISP to fix this for you, or POP directly from SpamCop yourself. If an email program on your desktop is POPping from SpamCop, then you can fix this yourself - if you need help doing that after reviewing Getting Mail From The SpamCop Email System, it would be helpful to know which email program and operating system you are using.
Link to comment
Share on other sites

add . . . to your hosts file . . .

Not to detract from any other solution offered, but for what it's worth, I can now access my mail over the web, since I configured my TCP/IP configuration to get its DNS info from two DN servers I happen to know about and that have the correct number for webmail.spamcop.net. Previously I was configured to take some kind of automatic DNS settings from my ISP. I suppose it wouldn't hurt to ask my ISP to flush their cache.

Link to comment
Share on other sites

WRT the remaining DNS issues for the MX values for "cesmail.net" -- visit these two URLs:

http://www.dnsstuff.com/tools/ptr.ch?ip=216.154.195.36

http://www.dnsstuff.com/tools/ptr.ch?ip=216.154.195.53

The first is for the IP address for mx.cesmail.net, and the second for mx2.cesmail.net. Unfortunately, the second one is currently producing a serious error, which is the lack of PTR records -- here's what the tool reports:

Answer:

No PTR records exist for 216.154.195.53. [Neg TTL=1800 seconds]

Details:

ns4.edeltacom.com. (an authoritative nameserver for 195.154.216.in-addr.arpa., which is in charge of the reverse DNS for 216.154.195.53)

says that there are no PTR records for 216.154.195.53.

The domain "edeltacom.com" is where the mail servers are hosted, so to me, it looks like the "ns4.edeltacom.com" isn't quite properly configured (although I admit to not really knowing that much about DNS...but I can run a tool and see errors).

Speaking of errors....the tool at "squish.net" that JT referred to is also producing errrors for both of the MX entries for cesmail.net.

DT

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...