mx1.us.opalstack.com not using OS DNS servers?

hedronist

I'm in the final phases of moving a buttload of domains (mostly friends and family email) from WF to OS.

tl;dr: mx1.us.opalstack.com does not appear to be using OS DNS servers, or at least not checking them first, because it is sending email to WF, not to the OS.

Backstory to explain the problem.

I can check my domains' DNS using (from the command line):
dig @ns1.us.opalstack.com -t mx oneofmydomains.com
and get the expected mx1.us.opalstack.com, etc. Note: putting the '@' in there tells dig to use that specific DNS server, not just any one that is handy.

So I know the OS DNS servers have the right stuff. I can check my websites by changing the DNS on my desktop to using ns1(or 2).us.opalstack.com and things look good. I also know that opal3.opalstack.com Apache server is using the US OS DNS because I have a domain that does a redirect and it is handled correctly. I know it's not the WF site because I stick a "Hi, Mom!" in the top of the OS index page for that domain.

I can check mail forwarding to gmail accounts by using smtp.opalstack.com and it arrives where expected.

The problem happens when I try to send mail to an address that maps to a mailbox on OpalStack. E.g. Email to peter@mydomain.us (my real address) is sent to WF, not stored in my mailbox on OS. This would appear to mean that the SMTP server is not using OS DNS. Weirdly enough, if I send email from the command line on opal3, I get the same problem. Is the Apache server using different DNS servers than the shell on opal3?

I'm guessing that since the OS DNS servers do not allow recursion, the SMTP server uses some DNS that does allow recursion, and that means it finds the current DNS for my domain, not the OS DNS.

I really like to check things from A to Z before cutting over about 25 domains. Most of my friends and family have Clue Zero about any of this stuff, and if I can't check things first it will lead to many looong AnyDesk sessions to try and get them setup correctly.

I've had too many beers to try and figure this out tonight.

TIA

klynton

Hi,

A quick look at the MX records for your domain show:

[root@server ~]# dig mx yourdomain.us
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> mx yourdomain.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45938
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;yourdomain.us.			IN	MX

;; ANSWER SECTION:
yourdomain.us.		3600	IN	MX	10 mx7.webfaction.com.
yourdomain.us.		3600	IN	MX	10 mx8.webfaction.com.
yourdomain.us.		3600	IN	MX	10 mx9.webfaction.com.

;; Query time: 165 msec
;; SERVER: 23.19.53.53#53(23.19.53.53)
;; WHEN: Sun Nov 01 03:45:44 UTC 2020
;; MSG SIZE  rcvd: 115

Looks like your MX records still point to WebFaction. Depending on how long ago you made the change it's possible that the change hasn't propagated across the Internet yet. We don't do directed look ups (specifying that our SMTP servers check our DNS servers) because we publish these records for most domains added to our DNS platform.

hedronist

I think I was unclear. I have not yet made the DNS cutover for the domains. I like to get things setup and tested before I do the cutover, particularly when it involves quite a few domains. Everything went as expected except for the fact that the SMTP server apparently was not looking at local OS DNS. If it is looking at globally available DNS (i.e. the ones pointed to by WHOIS, or whatever) then it is predictable in sending things to WF.

I'm not saying this is a bug per se, it's just that it's different from other host-changing workflows I've used in the past. I'm probably an Old School outlier on this and it's not worth your time given the huge influx of WF refugees you are experiencing.

Can you do me 1 favor and verify that the SMTP servers are not using the normal OS DNS servers? That would make me at least feel like I'm not completely senile (although that is not beyond the realm of possibility).

TIA

klynton

SMTP servers do not use Opalstack DNS servers to resolve! Hope that helps. 🙂

sean

klynton to clarify, Opalstack NS are not resolving DNS servers. Nothing directly uses them for DNS resolution, but they do respond to requests from resolvers to return the info for the domains they manage.

hedronist

Thanks for confirming I'm not crazy! (Although my wife might argue that point.)

I'd like to say THANKS! to all of you hardworking people at OpalStack. WF coming to an end has been weird and stressful, but your company being there, and being so much like WF, makes my life better.

In a couple of weeks I'll post a few suggestions for tweaks to the UI, but nothing major. Still, lets get through the transition before bothering with the Small Stuff.

Thanks again!