On Tue, Jul 26, 2011 at 10:18 AM, <[email protected]> wrote: > faxcore1. A 12.15.29.135
That's a bit weird. In standard notation, a trailing dot on a name means it is fully qualified, so don't append any additional DNS search path names. The above would then mean a single-label domain name, <faxcore1.> without any <com.> or <us.> or anything. I wonder if you or your provider are using non-standard notation? If so... stop that. :) > faxcore1.mwro IN A 63.85.204.151 Assuming your origin (kind of like "current directory for DNS") is <aspca.org.>, the above would define a domain name <faxcore1.mwro.aspca.org.>, with an address record of <63.85.204.151>. Assuming that IP address is correct, looks good. > @.mwro IN MX 10 faxcore1.mwro.aspca.org. That's fairly weird. In DNS zone notation, the at symbol (@) is normally used to explicitly represent the origin. But then you're tacking more on to it. I'm not even sure that's valid syntax, and even if it's accepted it prolly won't do anything useful. I suspect you want something like this: mwro IN MX 10 faxcore1.mwro.aspca.org. Or perhaps nothing at all, if you are always specifying <[email protected].> for an email address, and never <[email protected].>. You might want to make your LHS names fully-qualified to avoid confusion or collateral damage from typos: mwro.aspca.org. IN MX 10 faxcore1.mwro.aspca.org. faxcore1.mwro.aspca.org. IN MX 10 faxcore1.mwro.aspca.org. faxcore1.mwro.aspca.org. IN A 63.85.204.151 > 1. I believe the entry "@.mwro" should be deleted, correct? Yes. > 2. Is the context of the line "faxcore1.mwro.aspca.org" correct? I don't understand this question. > 3. Finally, is the fact that no fax requests came into the fax server for a > two hour period most likely due to our hosted mail relay not seeing the > updated MX records at the "new" DNS location? I suspect you did not have any valid MX records for <mwro.aspca.org.> at the time. However, if you are sending mail to <[email protected].>, then only the MX record for <faxcore1.mwro.aspca.org.> would be used. DNS records don't inherit. > That is, had we given the > connections, DNS settings, etc 4-8 hours, might the fax requests have begun > arriving at faxcore1.mwro.aspa.org? That depends entirely on the TTL (Time To Live) of the DNS records. You can get TTL to as long as you want -- weeks even. Currently I get several different TTLs for various records: faxcore1.mwro.aspca.org. 300 IN MX 10 faxcore1.mwro.aspca.org. faxcore1.mwro.aspca.org. 6000 IN A 12.15.29.135 mwro.aspca.org. 86400 IN NS cmtu.mt.ns.els-gms.att.net. So 5 minutes for the MX record, 100 minutes for the A record, and one day for the delegation. The delegation is important because if the rest of the Internet is still asking your old nameservers, it won't matter if you've changed things in the parent zone. What you should do is, as you approach the cut-over, reduce the TTL on all applicable records. Maybe two days ahead, reduce the TTL on the delegation from 86400 to 3600 (one hour). Two hours ahead, reduce the TTL on all affected records to 600 (ten minutes). Then when you do the actual cut-over, any cached entries should expire quickly. Ideally, you also wouldn't change your DNS delegation at the same time as you are changing the IP address of your fax server. Remember, the IP addresses you type into DNS do not have to have anything to do with any given provider. So a better way would be to configure the authoritative nameservers for <aspca.org> with records for all the various <mwro.aspca.org> names, *exactly as they are now*, minus the removal of delegation. Make that change and wait for TTL to expire. Nothing else changes, all mail keeps flowing exactly as it does now, all web servers stay the same, etc. The only thing that is different is which nameserver answers the question. *Then*, since everything is now at the one DNS host for <aspca.org.>, reduce TTL and change records for faxcore1, as a separate project. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
