Rogue MX record causing 'lowest numbered MX record points to local host' error

[kidrobot]

We switched one of our cPanel domains (let's call it example.com) to a dedicated IP because we needed to serve the site as https.

Since the change, emails sent from the server to @example.com addresses are no longer delivered.

Mail is handled by netregistry.net.au so WHM/cPanel is configured to use Remote Mail Exchange with MX records like so:

example.com. 3600 IN MX 10 mx.netregistry.net.
example.com. 3600 IN MX 20 mx4.netregistry.net.

The error in the EXIM logs for the failed messages is 'lowest numbered MX record points to local host'.

If we do a 'dig example.com mx' on the server, the reason for this becomes clear as the following MX records are returned.

;; ANSWER SECTION:
example.com. 3600 IN MX 0 example.com.
example.com. 3600 IN MX 10 mx.netregistry.net.
example.com. 3600 IN MX 20 mx4.netregistry.net.

We are using WHM to manage the DNS for the domain and there is no MX 0 record.

If we run 'dig example.com mx' on any other machine, it returns the correct MX records.

How can we find out where the rogue MX is coming from?

Happy to PM someone the actual domain if that helps.

 

[simonas]

Hey,

You could try requesting nameserver directly:

dig @{ns1.example.com} {example.com} {TYPE}

First try your server IP. If your server returns lowest MX, check /var/named/ .db files directly, maybe record is in the other zone file.

Also, old results may still be cached, i use Global DNS Propagation Checker - What's My DNS? to see global DNS record propagation.

 

[kidrobot]

Thanks for those suggestions.

I tried each one but none of them return the MX 0 record.

All of them return the correct mx and mx4 netregistry records.

 

[simonas]

If you don't specify nameserver, it will use your ISP provided nameserver (If you have not overridden them).
Usually ISP's nameservers are latest to receive updates, try using google's public DNS (8.8.8.8 , 8.8.4.4).

Also when sending test emails, they get returned? What error message is displayed?

 

[quietFinn]

We switched one of our cPanel domains (let's call it example.com) to a dedicated IP because we needed to serve the site as https.

Since the change, emails sent from the server to @example.com addresses are no longer delivered.

Mail is handled by netregistry.net.au so WHM/cPanel is configured to use Remote Mail Exchange with MX records like so:

example.com. 3600 IN MX 10 mx.netregistry.net.
example.com. 3600 IN MX 20 mx4.netregistry.net.

The error in the EXIM logs for the failed messages is 'lowest numbered MX record points to local host'.

If we do a 'dig example.com mx' on the server, the reason for this becomes clear as the following MX records are returned.

;; ANSWER SECTION:
example.com. 3600 IN MX 0 example.com.
example.com. 3600 IN MX 10 mx.netregistry.net.
example.com. 3600 IN MX 20 mx4.netregistry.net.

We are using WHM to manage the DNS for the domain and there is no MX 0 record.

If we run 'dig example.com mx' on any other machine, it returns the correct MX records.

How can we find out where the rogue MX is coming from?

Happy to PM someone the actual domain if that helps.

Go to WHM-> DNS Functions -> Edit DNS Zone, selct example.com to edit.
See that the MX records are correct.
Under "Email Routing for ..."
select "Automatically Detect Configuration" and click "Save".

On the next page it should say:
"REMOTE MAIL EXCHANGER: This server will NOT serve as a mail exchanger for example.com's mail.: This configuration has been automatically detected based on your mx entries."

Does it?


Also you can check file:
/etc/localdomains
example.com should NOT be in that file, instead it should be in:
/etc/remotedomains

 

[cPanelMichael]

Hello

Yes, check to ensure the domain name exists in the following file:

/etc/remotedomains

It should be populated in this file automatically when using "Edit DNS Zone", but it's worth double checking that it exists in the correct file.

Thank you.

 

[kidrobot]

Thanks for all your tips.

I have doublechecked all of these things many times.

Can confirm that DNS is configured for Remote Mail Exchanger, 'cat /etc/remotedomains' displays the domain name and 'cat /etc/localdomains' does not.

Also a 'dig 8.8.8.8 example.com mx' on the server still shows the errant MX 0 record causing the localhost issue.

For completeness, the error is like so:

2013-09-11 06:51:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1VJUuR-0007DI-Fz
2013-09-11 06:51:39 1VJUuR-0007DI-Fz lowest numbered MX record points to local host: example.com
2013-09-11 06:51:39 1VJUuR-0007DI-Fz == [email protected] R=lookuphost defer (-1): lowest numbered MX record points to local host
2013-09-11 06:51:39 1VJUuR-0007DI-Fz Frozen

The nameservers are also on this server with the ns1.example.com being the same IP as the main example.com.

Could this be the issue?

Is there any way to escalate this to a formal help ticket?

 

[kidrobot]

We finally figured out the problem.

The first item in our /etc/resolv.conf was the IP of the server.

Once we removed that and updated the file as follows, the 'dig example.com mx' returned the correct MX records and mail began being delivered again.

8.8.8.8
4.4.4.4

It's not clear how the IP got there to begin with.

Perhaps it was automagically inserted when nameservers were assigned from the WHM console?

 

[cPanelMichael]

Perhaps it was automagically inserted when nameservers were assigned from the WHM console?

The /etc/resolv.conf file is only altered by WHM during the initial setup wizard or via:

"WHM Home » Networking Setup » Resolver Configuration"

Thank you.