MX records not responsive in DNS
|
From: CMElec on 28 Jul 2010 22:18 When I enter a new MX record, DNS is not recognizing it. I can go to another domain, emulate its setup precisely, and it will not be visible externally. In a domain that I do have running, if I delete the working MX record and re-enter it, it will not work if queried externally, but it was working fine before I deleted it. I also noticed when I sort using the data column, the old entries sort with the MX records all in order. If I enter a new one, the new one that is NOT working shows up below the SOA in the list, while the working one will be above the SOA in the sort order. This is very perplexing, and I am under a DNS DoS attack now for the entire week. Does anyone have any ideas? One more thing, In the attack that I am getting, they have tried to access the server using the administrator user name with all sorts of incorrect passwords. I counted more than 6000 attempts (about 1 every 2 seconds in the log). I also had to increase the MSExchangeIS 8192 quota limit which was exceeded due to Event 9667. Thanks
From: Cris Hanna [SBS - MVP] on 28 Jul 2010 22:57 MX records do not belong on your internal DNS Server...they should be on public DNS Server -- Cris Hanna [SBS - MVP] (since 1997) Co-Contributor, Windows Small Business Server 2008 Unleashed http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1 Owner, CPU Services, Belleville, IL A Microsoft Registered Partner ------------------------------------ MVPs do not work for Microsoft Please do not submit questions directly to me. "CMElec" <CMElec(a)discussions.microsoft.com> wrote in message news:4E7F7495-BC08-4DCE-93C3-40481A96B7FA(a)microsoft.com... When I enter a new MX record, DNS is not recognizing it. I can go to another domain, emulate its setup precisely, and it will not be visible externally. In a domain that I do have running, if I delete the working MX record and re-enter it, it will not work if queried externally, but it was working fine before I deleted it. I also noticed when I sort using the data column, the old entries sort with the MX records all in order. If I enter a new one, the new one that is NOT working shows up below the SOA in the list, while the working one will be above the SOA in the sort order. This is very perplexing, and I am under a DNS DoS attack now for the entire week. Does anyone have any ideas? One more thing, In the attack that I am getting, they have tried to access the server using the administrator user name with all sorts of incorrect passwords. I counted more than 6000 attempts (about 1 every 2 seconds in the log). I also had to increase the MSExchangeIS 8192 quota limit which was exceeded due to Event 9667. Thanks
From: CMElec on 29 Jul 2010 10:49 Hi Chris, They are on a public DNS server... which is the same one as my internal DNS server, so they must have MX records or SMTP servers cannot connect to it. I know, not standard or acceptable practice according to MS. I do have a router on the front end performing NAT, and port forwarding, and only open the ports necessary. Windows firewall is turned off to allow serving DNS publicly. My attitude is MS must be willing and able to secure its OS from malicious activity or it isn't worth having and I'll switch to something else permanently. I also run a server AV product on the SBS server. Ace was able to provide what I was looking for, so the issue has been resolved completely. Thanks "Cris Hanna [SBS - MVP]" wrote: > MX records do not belong on your internal DNS Server...they should be on public DNS Server > > -- > Cris Hanna [SBS - MVP] (since 1997) > Co-Contributor, Windows Small Business Server 2008 Unleashed > http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1 > Owner, CPU Services, Belleville, IL > A Microsoft Registered Partner > ------------------------------------ > MVPs do not work for Microsoft > Please do not submit questions directly to me. > > "CMElec" <CMElec(a)discussions.microsoft.com> wrote in message news:4E7F7495-BC08-4DCE-93C3-40481A96B7FA(a)microsoft.com... > When I enter a new MX record, DNS is not recognizing it. > > I can go to another domain, emulate its setup precisely, and it will not be > visible externally. > > In a domain that I do have running, if I delete the working MX record and > re-enter it, it will not work if queried externally, but it was working fine > before I deleted it. > > I also noticed when I sort using the data column, the old entries sort with > the MX records all in order. If I enter a new one, the new one that is NOT > working shows up below the SOA in the list, while the working one will be > above the SOA in the sort order. > > This is very perplexing, and I am under a DNS DoS attack now for the entire > week. > > Does anyone have any ideas? > > One more thing, In the attack that I am getting, they have tried to access > the server using the administrator user name with all sorts of incorrect > passwords. I counted more than 6000 attempts (about 1 every 2 seconds in the > log). I also had to increase the MSExchangeIS 8192 quota limit which was > exceeded due to Event 9667. > > Thanks
From: Joe on 30 Jul 2010 18:27 On 29/07/10 15:49, CMElec wrote: > > My attitude is MS must be willing and able to secure its OS from malicious > activity or it isn't worth having and I'll switch to something else > permanently. > > I also run a server AV product on the SBS server. > > Ace was able to provide what I was looking for, so the issue has been > resolved completely. > Excellent. With regard to the point above, Microsoft does sell server software that can be used to provide DNS and/or other services securely. SBS isn't it. Any service may have bugs, or may be compromised by other means, particularly by local users/malware. The more services you run from a single server, the larger the attack surface, and the more services that can be killed by a single vulnerability. SBS runs many services, and generally also has local users, so that it cannot be considered a secure platform, and it isn't sold as such. In particular, nothing which runs a general-purpose web server can ever be a secure platform for other services. As to switching to something else, you cannot avoid the issue. If you run multiple services on any OS, you make it less secure than if it is optimised and hardened for a single purpose. I run a server which isn't Windows, but the large range of services make it impossible to secure, and it is separated from the Net by layers of independent security. My OS, like Windows Server, is widely used in public servers on the Net, but not while running the range of services I use, which is broadly similar to that provided by SBS. -- Joe
From: Larry Struckmeyer[SBS-MVP] on 31 Jul 2010 07:38 Not to be flippant, but ttbomk the only platform that would be "secure from malicious activity" is a typewriter, and only then if you keep it under lock and key. If there were such a platform in the computer world, why would *anyone* particulary government, use anything else? -Larry -Please post the resolution to your issue so others may benefit. -Get Your SBS Health Check at www.sbsbpa.com > Hi Chris, > > They are on a public DNS server... which is the same one as my > internal DNS server, so they must have MX records or SMTP servers > cannot connect to it. I know, not standard or acceptable practice > according to MS. I do have a router on the front end performing NAT, > and port forwarding, and only open the ports necessary. Windows > firewall is turned off to allow serving DNS publicly. > > My attitude is MS must be willing and able to secure its OS from > malicious activity or it isn't worth having and I'll switch to > something else permanently. > > I also run a server AV product on the SBS server. > > Ace was able to provide what I was looking for, so the issue has been > resolved completely. > > Thanks > > "Cris Hanna [SBS - MVP]" wrote: > >> MX records do not belong on your internal DNS Server...they should be >> on public DNS Server >> >> -- >> >> Cris Hanna [SBS - MVP] (since 1997) >> >> Co-Contributor, Windows Small Business Server 2008 Unleashed >> >> http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672 >> 329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1 >> >> Owner, CPU Services, Belleville, IL >> >> A Microsoft Registered Partner >> >> ------------------------------------ >> >> MVPs do not work for Microsoft >> >> Please do not submit questions directly to me. >> >> "CMElec" <CMElec(a)discussions.microsoft.com> wrote in message >> news:4E7F7495-BC08-4DCE-93C3-40481A96B7FA(a)microsoft.com... >> >> When I enter a new MX record, DNS is not recognizing it. >> >> I can go to another domain, emulate its setup precisely, and it will >> not be visible externally. >> >> In a domain that I do have running, if I delete the working MX record >> and re-enter it, it will not work if queried externally, but it was >> working fine before I deleted it. >> >> I also noticed when I sort using the data column, the old entries >> sort with the MX records all in order. If I enter a new one, the new >> one that is NOT working shows up below the SOA in the list, while the >> working one will be above the SOA in the sort order. >> >> This is very perplexing, and I am under a DNS DoS attack now for the >> entire week. >> >> Does anyone have any ideas? >> >> One more thing, In the attack that I am getting, they have tried to >> access the server using the administrator user name with all sorts of >> incorrect passwords. I counted more than 6000 attempts (about 1 every >> 2 seconds in the log). I also had to increase the MSExchangeIS 8192 >> quota limit which was exceeded due to Event 9667. >> >> Thanks >>
|
Next
|
Last
Pages: 1 2 Prev: Windows mail asks for certificate confirmation Next: GHD MK4 Hair Straighter |