0

This is the background: https://superuser.com/questions/400298/cause-of-intermittent-smtp-emailing-sending-problems

In short Outlook (2007 IIRC) was receiving the wrong IP address for the SMTP server domain - it turned out that the address was backwards. Any ideas why?

Using tcpview (from sysinternals) I saw that a SYN being sent by Outlook but no ACK. So then I ran a remote mtr to the SMTP server that showed no problems; then I ran a winmtr trace locally and found that there was a "blockage". That's when I noticed the addresses were different and that in fact instead of 80.x.y.10 the address being used was 10.y.x.80!! Weird. I've hacked a fix of specifying the server address in the hosts file.

I suspect a bug in Ad-aware Total (I'm not the sysadmin) that is taking the reverse-DNS address and truncating it; or at least something along those lines. The router is a Belkin N1. ISP is Claranet using PPPoE.

Community
  • 1
pbhj
  • 109
  • 3
  • Did you try disabling DNS resolution in mtr/winmtr? DNS resolution is rarely useful in my opinion. – Zoredache Mar 20 '12 at 21:44
  • @Zoredache I'm not sure if that will tell me anything new. If I ping the SMTP server from a different location then I get the correct IP address shown. If I ping from the affected location then the IP is backwards. So it's established that something related to the DNS is at fault. – pbhj Mar 20 '12 at 22:34
  • 1
    Sounds to me like an ALG in a firewall someone in the line is mucking things up. – SpacemanSpiff Mar 21 '12 at 00:44
  • Have you checked if resolution of the name is returning the wrong IP address in all cases (`nslookup`, `ping`)? – Shane Madden Mar 21 '12 at 02:02
  • @ShaneMadden well Outlook was getting the wrong IP, as were Thunderbird, ping, WinMTR. I don't think I did nslookup locally only on my remote machine where it was providing the correct address. Clearly resolution was working sometimes as mail was being sent correctly. The issue was arising only [pseudo-?] randomly. – pbhj Mar 21 '12 at 12:05
  • @SpacemanSpiff that's what I'm thinking too but it was a default install and the issue arises randomly which makes me think "bug". – pbhj Mar 21 '12 at 12:06

1 Answers1

0
  1. Bind (don't know about others) have concept of "Views" - i.e different client (IP) may get different answers for the same request
  2. Recursive DNS may return not actual answer, but previously cached (and ignore TTL-expiration of RR)

From "strange" location you have to identify who answer you

Lazy Badger
  • 3,067
  • 14
  • 13
  • Well one of the first things I did was switch the router to use Googles public DNS as primary as I was thinking it was DNS cache poisoning or something like that. The bizarre part really is that it was working and not working on an apparently random cycle. Power cycling the router, apparently, always allowed some mail - though possibly only one - to be sent. But I suspect that was somehow due to the new IP address being issued by the ISP. Really I was hoping someone had seen this sort of behaviour before. – pbhj Mar 21 '12 at 11:59