OK, you were right about not being able to add "faxcore1.mwro.aspca.org. MX 10 faxcore1.mwro.aspca.org." being broken. Things with Cogent got straightened out, so I've added that record.
faxcore1.mrwo.aspca.org. IN MX 10 faxcore1.mwro.aspca.org. faxcore1.mwro IN A 63.85.204.151 faxcore1.mwro.aspca.org. IN MX 20 faxcore2.mwro.aspca.org. faxcore2.mwro IN A 38.96.187.231 Again the background - faxcore1 is an email-to-fax gateway. It needs to receive email addressed to it but be separate from the incoming mail from the rest of ASPCA.ORG. Faxcore2 is the same machine as faxcore1 (once it makes it into our wide area network), The purpose of all this is to provide a route for incoming fax mail through New York when the Illinois internet connection is broken. Sorry about using the term "MIP", but someone else realized I was using Juniper and answered those questions. Interesting thing, though... Only the MX 20 record is showing up in nslookup queries. Time to call Cogent... From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, May 16, 2012 6:24 AM To: NT System Admin Issues Subject: Re: Help w/DNS MX records On Wed, May 16, 2012 at 6:04 AM, Richard McClary <richard.mccl...@aspca.org<mailto:richard.mccl...@aspca.org>> wrote: > I was "distracted" by the presence of the trailing dots rather than the > absence of anything meaningful (like a domain name) prior to the dot. The two things are related. When it comes to a DNS server, unqualified names typically get the origin appended. Consider: $ORIGIN aspca.org<http://aspca.org>. faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. A 63.85.204.151 faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org> A 63.85.204.151 The above describes two different domains. They second record will be qualified with the origin. The computer thus ends up using: faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. A 63.85.204.151 faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>.aspca.org<http://aspca.org>. A 63.85.204.151 While technically valid, it's not very useful. :) This behavior exists so one can do things like this: $ORIGIN aspca.org<http://aspca.org>. www A 184.106.10.179 webmail A 65.206.80.44 $ORIGIN mwro.aspca.org<http://mwro.aspca.org>. faxcore1 A 63.85.204.151 foo A 192.0.2.37 As shorthand for: www.aspca.org<http://aspca.org>. A 184.106.10.179 webmail.aspca.org<http://aspca.org>. A 65.206.80.44 faxcore1.mwro.aspca.org<http://mwro.aspca.org>. A 63.85.204.151 foo.mwro.aspca.org<http://mwro.aspca.org>. A 192.0.2.37 > SO, the original MX, "faxcore1.mwro.", did nothing (but it did not get in > the way or otherwise break things). Correct. > Adding another one ... pointing to another address also did nothing... Correct. > MX record now says "faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. > MX 20 > faxcore2.mwro.aspca.org." Looks good as far as DNS is concerned. Without knowing anything about <faxcore2.mwro.aspca.org<http://faxcore2.mwro.aspca.org>.>, I can't comment on whether it will do anything sensible. :) > The record "faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. > MX > 10 faxcore1.mwro.aspca.org.", Cogent tells me, is redundant and won't be > created. That's broken. $ dig +noall +nocl +nottl +ans ANY faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. A 63.85.204.151 faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>. MX 20 faxcore2.mwro.aspca.org<http://faxcore2.mwro.aspca.org>. $ The above says two things: 1. <faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>.> is a host with IP address <63.85.204.151>. 2. Mail for <faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>.> is handled by <faxcore2.mwro.aspca.org<http://faxcore2.mwro.aspca.org>.> at all times. Note the complete absence of telling mail to go to <faxcore1.mwro.aspca.org<http://faxcore1.mwro.aspca.org>.> at any point. You really need to start looking at what these records mean. DNS tells the computer what to do. If you don't understand what you're telling the computer to do, you're going to have trouble. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin