OpenDNS not working with work web mail
My work recently changed their exchange server framework and they have a new access URL. The login URL is https://mail.dealertrack.com which works fine but when I log in I get the error message in the attached png. I've gone through my IT department but they are pretty much useless because they only handle systems in our local building and this is a new corporate server they have no control over. I'm hoping you can shed some light on this before I go up the food chain at work. The web email works fine without using OpenDNS.
Thanks
- Jay Franklin
OpenDNS_Error.png
-
Did you see that the OpenDNS message is about gro.mail.dealertrack.com, not about mail.dealertrack.com?
Well, for me this domain gro.mail.dealertrack.com resolves fine, and CacheCheck at http://www.opendns.com/support/cache/ returns the same valid IP address 65.75.51.12 for each location. But the domain mail.dealertrack.com indeed returns SERVFAIL redirection when using OpenDNS, also for CacheCheck. Not for some other DNS services I tried.
Would you know how you came up with gro.mail.dealertrack.com, not with mail.dealertrack.com as you said above?
As an immediate temporary workaround I can see the following options:
- Use https://gro.mail.dealertrack.com/ if this goes to the right mail server too.
- Or add an entry to your hosts file:
69.74.57.39 mail.dealertrack.com
to use https://mail.dealertrack.com/ again.
Either way, open a support ticket with OpenDNS, because this seems to be a problem with OpenDNS. I couldn't see any problems with dealertrack.com's authoritative DNS.
-
Nope, it works with 208.67.220.220 only, still not with 208.67.222.222, and also not always with others, just randomly.
I think I found the problem:dealertrack.com. 172800 IN NS dns1.carbook.com.
dealertrack.com. 172800 IN NS dns2.carbook.com.
;; Received 116 bytes from 192.5.6.30#53(a.gtld-servers.net) in 156 ms
mail.dealertrack.com. 30 IN A 69.74.57.39
mail.dealertrack.com. 900 IN NS dns1.carbook.com.mail.dealertrack.com.
;; Received 85 bytes from 74.200.96.15#53(dns1.carbook.com) in 125 msmail.dealertrack.com has an A record and an NS record. This is nonsense. They must remove the NS record from their DNS configuration. And they should increase the very short TTL of 1 minute for the A record unless the mail server is behind a dynamic IP address.
You don't need to open a ticket for OpenDNS. And you should apply the temporary fix with the hosts file.
-
So i should temporarily add ..
69.74.57.39 mail.dealertrack.com
to the hosts file on my local box
and in the mean time tell dealertrack to remove the NS records (whatever that means) for mail.dealertrack.com from their own domain name server.
Do I have that right?
And thanks very much for the quick help and reply.
- J
-
Thanks.
That worked last night, but not tonight. When I ping mail.dealertrack.com now I get a different ip address.
Anyway, supposedly the MS Exchange crew at HQ are going to make some fixes in their DNS tonight and hopefully include the one you suggested. I will let you know the outcome.
Thanks again
- J
-
Well, I haven't been able to get any information out those IT guys as to what, if anything, they did to their DNS. nslookup still has mail.dealertrack.com at 69.74.57.39 but if i leave that entry in my hosts file the web page times out. If I comment out that line in my hosts file I can then get the login page at https://mail.dealertrack.com, but then when I enter my username and password and try to log in, it goes to https://gro.mail.dealertrack.com and I get the same error web page from OpenDNS. I tried making an entry for gro.mail.dealertrack.com in the hosts file as well but that didn't work either.
I'm sorry to be a pain but can you tell if they made any changes to their DNS?
-
How can anybody else know if they made a change to their DNS? They still have an A and an NS record for both, mail.dealertrack.com and gro.mail.dealertrack.com.
You can enhance your hosts file as follows until they corrected their DNS:
69.74.57.39 mail.dealertrack.com
65.75.51.12 gro.mail.dealertrack.com -
http://www.intodns.com/mail.dealertrack.com http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=mail.dealertrack.com http://dnscheck.iis.se/?time=1380710005&id=3658039&view=advanced&test=standard You don't have to explain anything this way. All the red marks should get the point across. -
Unfortunately, none of these analytics shows clearly the root cause of the problem. I found out by the following commands:
dig +trace mail.dealertrack.com
dig +trace gro.mail.dealertrack.comDomain name mail.dealertrack.com has an A and an NS record, the latter with an invalid nameserver as target. A and NS record for the same domain name doesn't make sense and is normally not possible. The domain owner is to remove the NS record, and everything will work, else there is random selection of either the A or the NS record.
mail.dealertrack.com. 900 IN A 69.74.57.39
mail.dealertrack.com. 900 IN NS dns1.carbook.com.mail.dealertrack.com.gro.mail.dealertrack.com. 900 IN A 65.75.51.12
mail.dealertrack.com. 900 IN NS dns1.carbook.com.mail.dealertrack.com. -
Thanks both of you.
Well whatever you can tell it's much more than I can. I don't have that dig program on my windows 8 box, is that a unix command or some third party program?
Funny, when I put the entry for mail.dealertrack.com into my hosts file that site times out. The only way the whole thing works is if I only put in the entry for gro.mail.dealertrack.com and not mail.dealertrack.com.
I finally got an email address of the corporate MS Exchange group so I will send them this info and see what they say.
Thanks again
- J
-
"I don't have that dig program on my windows 8 box, is that a unix command or some third party program?"
This is originally a Linux/UNIX program, but there are Windows versions around.
https://startpage.com/do/search?q=dig+for+windows
Please sign in to leave a comment.
Comments
14 comments