0

Outlook.com is allowing to connect your domain to their email servers. To validate the domain they give you the following instructions: enter image description here

In my domain registrar i've defined

mysite.org.il.     86400   IN      TXT     v=spf1 include:hotmail.com ~all
mysite.org.il.     86400   IN      MX      0       *******523fc85f4870.pamx1.hotmail.com

As they asked, and it doesn't work.

I have also tried to define *******523fc85f4870.pamx1.hotmail.com. with the trailing dot at the end and I saw that it automatically appends my fqdn to the end of the address. When I did that, the domain was verified correctly but occasionally it was de-verified (every time I refreshed it was either verified or not-verified)

What is the correct way to define it ?

Adding my complete record set:

mysite.org.il.  86400   IN  NS  ns1.sitesdepot.com.
mysite.org.il.  86400   IN  NS  ns2.sitesdepot.com.
mysite.org.il.  86400   IN  A   80.244.162.32
ftp.mysite.org.il.  86400   IN  CNAME   mysite.org.il.
www.mysite.org.il.  86400   IN  CNAME   myapp.herokuapp.com.
mysite.org.il.  86400   IN  TXT v=spf1 include:hotmail.com ~all
mysite.org.il.  86400   IN  MX  0   ******6aea9523fc85f4870.pamx1.hotmail.com
Michael
  • 263
  • 2
  • 4
  • 9

1 Answers1

1

The syntax of DNS names that appear in zone files is that that if a final dot is not given, the current $ORIGIN is appended to the name. So when you define:

***.org.il.    IN   MX   10 mx.example.com

the meaning of this is that the MX record contains the name "mx.example.com"+whatever the value of $ORIGIN is at the time. Since the default $ORIGIN is the name of the zone, that means you're probably actually defining:

***.org.il.    IN   MX   10 mx.example.com.***.org.il.

So you certainly want to use the final dot in this context.

If you have the problem that "occasionally it was de-verified", then you might have some problem with your DNS setup. Check if your secondary nameservers are up to date and serving the same, correct, information as the primary. Related to this, make sure you didn't forget to update the SOA serial number when you updated the primary.

Celada
  • 6,060
  • 1
  • 20
  • 17
  • Thank you. How do I check the primary and the secondary nameservers are synced ? What's the SOA serial number ? – Michael Jun 22 '13 at 20:09
  • Using an online tool, I did see that nameserver SOAs do not agree on the serial number. This can be because of all the experiments I did and that I changed it recently and the change hasn't yet arrived from the master nameserver... – Michael Jun 22 '13 at 20:14
  • To check the serial number, use `dig @ ***.org.il. soa`. It should match between the primary and all secondaries. If your secondaries are configured correctly, they should get notified automatically when you increment the serial number on the primary and reload the zone. – Celada Jun 22 '13 at 20:27