31 Jul What is DNS? How does it work? How to use the ‘NSlookup’ tool
A long time ago in a galaxy far away….well….ok, just a long time ago, I learnt that in order to diagnose the email delivery problems of our customers, understanding the role of DNS would be absolutely fundamental.
Not only that, but I quickly realised the value of the ‘NSlookup’ DNS tool which is included within Windows.
How does your sent email arrive in the recipient’s mailbox?
Step 1: The email client (often Outlook) sends to the email server it is configured with.
Email clients are configured to send all emails to a specified email server, This may be a local on premise server like MDaemon or Exchange, or it may be an off site server in the cloud like Office 365 or GMail. It doesn’t matter, the process is the same and at this stage we are not involving DNS in any way.
Step 2: Sending email server finds recipient email server
So this is your DNS bit. The sending server essentially works out which mail server out there on the Internet is looking after the recipient’s email domain.
This happens by performing a DNS lookup against a specified DNS server. In the example of email, the DNS record that is looked up is an ‘MX’ (Mail Exchange) record. It’s this DNS record that records the name of the server that email should be sent to for that domain. Note this is not an IP address but a name.
So now the sending server knows the name of the server to send the email to, but not its IP address. At this point a second DNS lookup is required to resolve the name to an IP, which it does does by asking the specified DNS server to lookup the name or ‘A’ record and return the IP address.
With this information, the server now knows the IP address to connect to and sends the email using SMTP (Simple Mail Transfer Protocol).
Step 3: Message received!
The receiving server then receives the email and after numerous security checks (hopefully!), stores that message in the recipient’s mailbox ready for collection.
Step 4: Message viewed by the recipient’s client
The recipient’s mail client would either be set up to check a mailbox at regular intervals, or in some cases it may be notified of a new message which then triggers a collection of the new message.
Using the NSlookup tool
Now let’s look in more detail at step 2 and simulate the DNS lookups the sending server performs by using NSlookup.
As I mentioned earlier, NSlookup is simply part of Windows, so you can get access to it from the the command line.
– Click on Start -> Run
– Type ‘cmd’ to open a command window
There are a couple of ways you can use NSlookup. You can either enter a command one after another in an interactive mode, or you can input the entire command all in one line (which is what I tend to do).
So lets take the example above and imagine the the sending server is trying to send a message to support@zensoftware.co.uk.
Checking DNS for a domain
The server needs to lookup which mail server looks after this email domain, and therefore needs to check what the ‘MX’ record is for ‘zensoftware.co.uk’
To do this we can type:
nslookup -type=mx zensoftware.co.uk
Here you can see that we are asking for the ‘mx’ type of record for the domain ‘zensoftware.co.uk’, and the results show….
C:\>nslookup -type=mx zensoftware.co.uk
Server: dns.lb.mbr-roch.zen.net.uk
Address: 212.23.3.100
Non-authoritative answer:
zensoftware.co.uk MX preference = 40, mail exchanger = mail.zensoftware.co.uk
zensoftware.co.uk MX preference = 10, mail exchanger = mail.zensoftware.co.uk
zensoftware.co.uk MX preference = 20, mail exchanger = mail2.zensoftware.co.uk
zensoftware.co.uk MX preference = 30, mail exchanger = mail3.zensoftware.co.uk
What does this tell us?
This information is telling me a few things. First off, the top section:
Server: dns.lb.mbr-roch.zen.net.uk
Address: 212.23.3.100
This is the primary server that my PC is using to perform the DNS lookup. In my example this is a DNS server at my ISP (Zen Internet) and the IP address of that server is 212.2.3.3.100.
You can actually specify which DNS server to use when performing a DNS lookup with NSlookup by adding the IP address of the DNS server onto the end of the command.
e.g. nslookup -type=mx zensoftware.co.uk 8.8.8.8
This will repeat the lookup command but this time checking against the Google public DNS server (8.8.8.8.8).
This is useful because it tells us what other networks see when they resolve your Domain MX records. This may be different to what you might see using your own DNS servers or your ISP’s DNS servers, particularly if you’ve recently changed your DNS records and those changes have not yet propagated publicly.
So if we repeat the command using the Google DNS server in our example we get the same result:
C:\>nslookup -type=mx zensoftware.co.uk 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
zensoftware.co.uk MX preference = 40, mail exchanger = mail.zensoftware.co.uk
zensoftware.co.uk MX preference = 10, mail exchanger = mail.zensoftware.co.uk
zensoftware.co.uk MX preference = 20, mail exchanger = mail2.zensoftware.co.uk
zensoftware.co.uk MX preference = 30, mail exchanger = mail3.zensoftware.co.uk
MX records and priority order
The second section ‘Non-authoritative answer:’ shows our actual MX records we are interested in and you can see here that four MX records have been returned.
The record with the lowest preference number will be used first. If this server does not respond, the next highest record is tried, and so on.
So in our example, email should connect to the MX record with preference ’10’ first and this points to a server called ‘mail.zensoftware.co.uk’
Finding the IP address of a recipient server
The above shows us the name of a server and we actually need to know the IP address to connect to. This is where the second DNS lookup is performed to resolve the name or ‘A’ record for mail.zensoftware.co.uk to a routable IP address
With NSlookup we can simulate this second lookup with the following command
C:\> nslookup -type=a mail.zensoftware.co.uk
Server: dns.lb.mbr-roch.zen.net.uk
Address: 212.23.3.100
Non-authoritative answer:
Name: mail.zensoftware.co.uk
Address: 82.69.248.134
Again you can see that we are asking the Zen DNS servers and the result or ‘non-authoritative answer’ is an address of 82.69.248.143.
So now the sending mail server knows to open an SMTP connection to the IP address of our MDaemon server on 82.69.248.143.
This is how public mail servers know where to send email to for a specific domain.
Pre-filtering services and other ‘gotchas’ to look out for
Pre-filtering services
Sometimes when you perform an NSlookup to check the MX records on a domain, you’ll discover that the records don’t point directly to the mail server you expected. Instead they may have been configured to send all email to an external mail server or third party pre-filtering service.
Sending mail to a third party is fine but just bear in mind that if mail’s gone missing, that should be your first port of call. If the pre-filter has logging then check those.
We recommend the on premise spam and virus filter SecurityGateway and with this there would be no reliance on third party filtering of any kind.
Incorrect ‘A’ records
Another issue I’ve seen is where the MX record looks right but the ‘A’ record the MX record points too resolves to the wrong IP address.This can be because the customer has changed ISP or the IP address of their network connection and has been assigned a new fixed IP. The need to change the A record has been overlooked and it is only when they realise they are missing email that alarm bells start to ring.
If you want to check the IP address that is returned is the server you expect you can use the Microsoft Telnet command to simulate an SMTP session by typing the following command.
C:\> telnet 82.69.248.134 25
This will open up a telnet session to the IP address or host name you have entered on port 25 ( via SMTP).
220 mail.zensoftware.co.uk ESMTP SecurityGateway 3.0.2a; Tue, 29 Jul 2014 10:23:41 +0100
The responding SMTP session information will tell you not only the domain of the server you are connecting to but also usually the product that is answering the SMTP session. You can see in our example mail.zensoftware.co.uk is the server we’ve got our spam and virus filtering software, SecurityGateway, installed on.
Backup MX Records
A common one this!
A backup MX is nothing more than an additional MX record with a lower priority (higher number) than the main MX record for a specific domain.
In normal operation, the sending server would use the primary MX record. But if this server is busy, or even sometimes just because the sending server has decided to pick a random MX record, messages can be delivered to the wrong server where they may be delayed rather than get delivered to the correct recipient on the correct server.
If you’ve got more than one MX record set up. make sure you understand why and where the servers listed actually exist. You wouldn’t redirect your post to a third party organisation without knowing why, so treat your email in the same way.
Find this useful? Comments welcome!
I hope you found this post a useful high level overview of how DNS is used for email delivery – if you get a moment, please feel free to drop me a line or two to let me know if it’s helped. I’d also definitely recommend taking a look at your own records to see how they’re configured.