SOLVED Possibly forged hostname error

[hassansalmane]

Hello,

I explain my concern,

I have a dedicated server installed with CentOS 6.10/CloudLinux, with WHM/cPanel as control panel,

Hostname: srv.example.com, its IP address is = 5.135.xxx.xx

Dns: the server also manages the DNS, dns1.example.com = 5.135.xxx.xx, and dns2.example.com = 5.135.xx.xx.

The domain name example.com is registered with the registrar eNom, I pointed the domain name to the eNom DNS servers, (You can find attached the screenshots of example.com DNS and hosts)

For the moment all seems correct,

My problem is in the mail server part, exim log shows us an error message "SMTP error from remote mail server after RCPT TO: <[email protected]>": 4.1.8 Possibly forged hostname for 188.165. xx.xx "

We configured the server with the option mailhelo and mailips, the IP address sending emails is 188.165.xx.xx with its hostname mxsrv.example.com

After a thorough check, I found that the nslookup tool (running in two servers) displays the following error message:

- In a Debian server :
[email protected]:~# nslookup
> set query=a
> example.com
Server: 213.186.xx.xx
Address: 213.186.xx.xx#53

** server can't find example.com: SERVFAIL

- In our server srv.example.com :
[[email protected] ~]# nslookup
> set query=a
> example.com
;; Got SERVFAIL reply from 8.8.8.8, trying next server
;; Got SERVFAIL reply from 8.8.8.8, trying next server
Server: 8.8.4.4
Address: 8.8.4.4#53

** server can't find example.com.example.com: SERVFAIL

 

[cPanelLauren]

Hello @hassansalmane

Looking at this issue the first thing that needs to be pointed out is this domain, the one listed in your screenshots doesn't resolve at all.

I am curious, why not host DNS locally on your server rather than have the registrar host it? Furthermore based on the first screenshot you've selected to use custom nameservers but you're not using your own servers. The documentation on setting up nameservers in a cPanel environment might be helpful: How to Set Up Nameservers in a cPanel Environment - cPanel Knowledge Base - cPanel Documentation


Thanks!

 

[hassansalmane]

Hello @cPanelLauren, and thank you for your answer,

I appreciate your analysis and the time I spent answering my request.

I totally agree with you about hosting my DNS locally, which is done last night.

But I still have problems with resolutions especially with Google DNS servers!

Let me explain :

I run a simple dig, here are the results obtained, I do not understand why Google DNS does not return any data for srv.example.com and mxsrv.example.com, however OpenDNS answers me correctly!

[[email protected] ~]# dig @8.8.8.8 A srv.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @8.8.8.8 a srv.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38852
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;srv.example.com. IN A

;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu May 23 09:52:17 2019
;; MSG SIZE rcvd: 35

[[email protected] ~]# dig @208.67.222.222 A srv.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @208.67.222.222 a srv.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51270
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;srv.example.com. IN A

;; ANSWER SECTION:
srv.example.com. 1800 IN A 5.135.142.86

;; Query time: 178 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu May 23 09:52:39 2019
;; MSG SIZE rcvd: 51

[[email protected] ~]# dig @8.8.8.8 A mxsrv.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @8.8.8.8 a mxsrv.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46726
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mxsrv.example.com. IN A

;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu May 23 09:52:58 2019
;; MSG SIZE rcvd: 37

[[email protected] ~]# dig @208.67.222.222 A mxsrv.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @208.67.222.222 a mxsrv.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6858
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mxsrv.example.com. IN A

;; AUTHORITY SECTION:
mxsrv.example.com. 3600 IN SOA dns1.example.com. hassan.example.ma. 2018071710 3600 3600 1209600 3600

;; Query time: 12 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu May 23 09:53:11 2019
;; MSG SIZE rcvd: 95

 

[cPanelLauren]

HI @hassansalmane

When I query without specifying I get no results, further to that I get mixed results when checking propagation with a web-based check at Global DNS Propagation Checker - What's My DNS?

This could be propagation related but if the domain does not start to resolve properly in 24 hours I would suggest first contacting your provider to determine if there is a misconfiguration with the DNS, if they're unable to assist you please feel free to open a ticket with us using the link in my signature.


Thanks!

 

[hassansalmane]

Hello,

As promised last week, to give you a positive or negative answer, I inform you that the problem is solved.

To share with you the resolution of my problem, it was a problem at the level of DNSSEC, in 2017 I have signed the domain name exemple.com, to test with the registrar his platform, and I forgot the DS Record,

I removed the DS Record from cPanel and forgot to ask the registrar to remove it too,

Thank you once again for your support, and the time you spend with me analyzing the problem.

I really appreciate your answers.

I wish you a very nice day.

 

[cPanelLauren]

Hi @hassansalmane


Thanks for letting us know, I'm glad you were able to get the issue sorted.