Topic: DNS queries still going to old DNS server after changing to new DNS
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: CentOS Linux 7.2.1511
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I recently changed my DNS servers. I've updated /etc/resolv.conf and /etc/sysconfig/network-scripts/ifcfg-eno16780032 and rebooted twice.
Every now and then the system still does DNS queries against one of the old DNS servers (and only one of them, never the other one). I've verified with "tcpdump -i eno16780032 dst old.dns.server.ip", I see the DNS queries for A, PTR, and MX records, including ones to the RBLs.
I've searched everywhere for the old server's IP address and hostname and can't find them, but these are obviously lookups being done for incoming emails. This server is dedicated to email.
Is the old IP address stored somewhere I haven't looked? I obviously don't want to take down the old DNS server until I find why it's getting queried. I'm logging all queries on the old DNS server and my iRedMail server is the only one still using it. I can also do queries from the CLI and those never hit the old server.
Here's a sample of the logs:
15:21:30.390207 IP mailserver.my.domain.com.59930 > olddns1.my.domain.com.domain: 13884+ PTR? 232.123.75.208.in-addr.arpa. (45)
15:21:30.395647 IP mailserver.my.domain.com.40823 > olddns1.my.domain.com.domain: 42068+ A? ccm232.constantcontact.com. (44)
15:21:30.855009 IP mailserver.my.domain.com.57492 > olddns1.my.domain.com.domain: 35169+ MX? in.constantcontact.com. (40)
15:21:30.860042 IP mailserver.my.domain.com.42626 > olddns1.my.domain.com.domain: 13804+ A? 232.123.75.208.zen.spamhaus.org. (49)
15:21:31.101248 IP mailserver.my.domain.com.42187 > olddns1.my.domain.com.domain: 3564+ A? 232.123.75.208.b.barracudacentral.org. (55)
15:21:48.388199 IP mailserver.my.domain.com.50102 > olddns1.my.domain.com.domain: 51670+ PTR? 233.171.111.13.in-addr.arpa. (45)
15:21:48.389146 IP mailserver.my.domain.com.47773 > olddns1.my.domain.com.domain: 39952+ A? mta.email.gregabbott.com. (42)
15:21:48.910610 IP mailserver.my.domain.com.56235 > olddns1.my.domain.com.domain: 21712+ MX? bounce.email.gregabbott.com. (45)
15:21:48.954824 IP mailserver.my.domain.com.59966 > olddns1.my.domain.com.domain: 24372+ A? 233.171.111.13.zen.spamhaus.org. (49)
15:21:48.998537 IP mailserver.my.domain.com.56948 > olddns1.my.domain.com.domain: 45333+ A? 233.171.111.13.b.barracudacentral.org. (55)
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.