Linux – MX Dns Record Not Detected

domain-name-systememail-serverlinuxmx-record

It's been 24 hours since I added an MX record

The name was @, type was MX and value was mail.heeldiaries.com

There's also an A record with mail.heeldiaries.com pointing to the IP of the server.

When I do a mail-tester.com test it is saying

We didn't find a mail server (MX Record) behind your domain name heeldiaries.com

We check if there is a mail server (MX Record) behind your domain name heeldiaries.com.

You may want to publish a DNS record (MX type) for the domain name heeldiaries.com or use a different bounce email address.

Have I setup this up wrongly or is there another problem?

Best Answer

You have much bigger problems in play here. When I attempted to run a dig +trace +additional on your domain, this is what I saw at the tail end of the output:

heeldiaries.com.        172800  IN      NS      ns1.heeldiaries.com.
heeldiaries.com.        172800  IN      NS      ns2.heeldiaries.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20160915044336 20160908033336 27452 com. xNERKmnAlkb3XiEf76OahP52D10WKZLu7GcWpYhVT4be0SBbmq9Kn+XV AnaMG/Ywu1/4VPyMfDxnw+XJLMXLn3NJN7TbNLA9Z0TqcpbRZcnTq1Na cO9/iuAx32Oaf5pbJIwuSS7HAhfDY4tahpYuSYDz8xOQzyf5W6wnjWAL sAc=
QJOOMS3U9KGEU3Q28GLBBD9JQUPTIIHO.com. 86400 IN NSEC3 1 1 0 - QJOQ3610JU9ONV7GVL7AF1JS331CDLT7 NS DS RRSIG
QJOOMS3U9KGEU3Q28GLBBD9JQUPTIIHO.com. 86400 IN RRSIG NSEC3 8 2 86400 20160914041706 20160907030706 27452 com. KMBTolTWT5O+kSWb6jxfV1KJwQ4BSuhdet4Z5de62vstjHsbIqbE0/De P+B3ueyu89cKi38Umht4PmZo8s33VSuuWpglncPxAZ5SR+IzE2KGNnsk mwjFrAtpvmp3CkVk9IP8yfud22WV/yNMvCpURBZ1kcx6VNapJFUDfMJJ Y6Q=
ns1.heeldiaries.com.    172800  IN      A       62.100.204.133
ns2.heeldiaries.com.    172800  IN      A       62.100.204.133
dig: couldn't get address for 'ns1.heeldiaries.com': no more

The domain doesn't comply with BCP 16. Two nameservers sharing an IP is something you simply don't do, and it doesn't matter how small your site is. (adding another IP from the same datacenter won't help you here - make sure to read section 3.2)
My upstream DNS server (Linode) choked when asked to return the authoritative answer for ns1.heeldiaries.com. While it's clear that glue exists for this DNS entry, there is a problem obtaining it from your DNS server.

Next, let's check for the presence of SOA and NS records. This should tell us whether the zone lives on the server at all, and whether we have some form of glue record mismatch.

$ dig @62.100.204.133 +short heeldiaries.com SOA
ns1.localhost.ltd. root.heeldiaries.com. 2016091014 7200 3600 1209600 180
$ dig @62.100.204.133 +short heeldiaries.com NS
ns1.localhost.ltd.
ns2.localhost.ltd.

There is a glue record mismatch here. You have configured your registrar to return NS records of ns1 and ns2.heeldiaries.com, but the authoritative NS records living on your DNS server are returning those localhost.ltd entries instead. Considering that localhost.ltd is a bogus domain that doesn't exist, the fact that things are broken should not surprise anyone.

$ dig localhost.ltd SOA | grep status
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39368

Further, even if we ignore the fact that your domain completely breaks when the NS records are refreshed, you don't have A records defined for the nameservers in your glue:

$ dig @62.100.204.133 ns1.heeldiaries.com | grep status
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60693
$ dig @62.100.204.133 ns2.heeldiaries.com | grep status
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5663

In short, your entire DNS configuration is hosed. If you were not the one who set this up, please have some stern words with the person who did. I strongly encourage you to move this domain to any number of free and reputable DNS hosting companies. You would not have had these problems if your company wasn't trying to host its own DNS with neither the appropriate resources (geo-redundancy) or training.

Related Solutions

DNS A vs NS record

Some examples out of the fictitious foo.com zone file

 ....... SOA record & lots more stuff .......
 foo.com.      IN        NS        ns1.bar.com.

 foo.com.      IN        A         192.168.100.1
 ....... More A/CNAME/AAAA/etc. records .......

A Record = "The host called foo.com lives at address 192.168.100.1"
NS Record = "If you want to know about hosts in the foo.com zone, ask the name server ns1.bar.com"

MX Record, Exchange 2007 Question

There is more then one DNS step to ensure a mail server you have on a company network can send/receive email from the Internet.

Your internal Active Directory DNS server is usually not related to incoming email. If your host your domainname.com on your internal DNS server as well as Internet DNS, that's known as "split brain DNS" and is the proper way for most people to do it. For now ignore it for troubleshooting incoming mail.
Your Internet DNS needs at least two records. One A record giving a name to your email server public IP, and a MX record pointing your domainname.com to a specific A record. They together would look something like this

mail.domainname.com A 3600 333.333.333.333
domainname.com MX 3600 mail.domainname.com
Like Hyppy says, get your ISP who gave you the public IP for your mail server to change your reverse DNS for that IP to the same name as the A record.
Recommended but not required for outgoing email is to make a SPF record http://old.openspf.org/wizard.html which tells the world that email coming from your mail server IP is legit and should be trusted, while any email pretending to be you coming from unknown IP's is not to be trusted. This helps keep your email from ending up in other companies spam folders.
Yyou should also ensure your Exchange 2007 server has a separate anonymous-only SMTP receive connector for incoming Internet mail, that has the EHLO response header the same as your Internet A record. i.e. mail.domainname.com

Internet SMTP servers don't generally use PKI Certificates for communications, although modern Exchange servers (and maybe others) are trying to change this.

Best Answer

Related Solutions

DNS A vs NS record

MX Record, Exchange 2007 Question

Related Topic