Is it possible to trace where an e-mail travels?

We switched ISP's. The new one is in a different country although the
domain name has remained the same. Normally, they say it can take up to
3 days for the new DNS Primary domain to update throughout the Internt.
It's been about a week now and for the most part, this update has taken
place.

Here is the order of events that took place (the real domain names have
been replaced):

1. We used 1 ISP for 2 domains: domain1.com and domain2.com. Both are
located in Israel. Both domains used the same mail server.

2. We move domain1.com to the USA and have it hosted by an ISP there.

3. The DNS update on the Internet happens quite fast but we wait about
a week for the new DNS Primary address to propagate throughout the
Internet.

4. People can send and receive e-mail on both domains to and from
anyone with one exception: if an e-mail is sent from the mail server on
domain2.com to domain1.com, it never arrives and no message is sent
from any mail server indicating any problem. Some people in Israel can
send an e-mail to domain1.com or domain2.com and it arrives. If someone
in Israel is using a different ISP, then their DNS is probably correct.
If they are using the same ISP, it is possible that there are multiple
DNS servers and the one they are using happens to be updated.

It would then logically appear that the mail server on domain2.com is
forwarding the e-mail not to the new ISP but has an old cached DNS on
its system somewhere.

Does this make sense? Is it possible from my computer to run a program
of some sort to determine where the e-mail is ending up at when sent
through the mail server on domain2.com? In other words, is it possible
to find out somehow (from my own computer) if the old DNS Primary name
is still being used by the domain2.com mail server?

Thanks for your insight

On Wed, 01 Nov 2006 06:14:19 -0800, Polaris431 wrote:

> We switched ISP's. The new one is in a different country although the
> domain name has remained the same. Normally, they say it can take up to
> 3 days for the new DNS Primary domain to update throughout the Internt.
> It's been about a week now and for the most part, this update has taken
> place.
>
> Here is the order of events that took place (the real domain names have
> been replaced):
>
> 1. We used 1 ISP for 2 domains: domain1.com and domain2.com. Both are
> located in Israel. Both domains used the same mail server.
>
> 2. We move domain1.com to the USA and have it hosted by an ISP there.
>
> 3. The DNS update on the Internet happens quite fast but we wait about
> a week for the new DNS Primary address to propagate throughout the
> Internet.
>
> 4. People can send and receive e-mail on both domains to and from
> anyone with one exception: if an e-mail is sent from the mail server on
> domain2.com to domain1.com, it never arrives and no message is sent
> from any mail server indicating any problem. Some people in Israel can
> send an e-mail to domain1.com or domain2.com and it arrives. If someone
> in Israel is using a different ISP, then their DNS is probably correct.
> If they are using the same ISP, it is possible that there are multiple
> DNS servers and the one they are using happens to be updated.
>
> It would then logically appear that the mail server on domain2.com is
> forwarding the e-mail not to the new ISP but has an old cached DNS on
> its system somewhere.
>
> Does this make sense? Is it possible from my computer to run a program
> of some sort to determine where the e-mail is ending up at when sent
> through the mail server on domain2.com? In other words, is it possible
> to find out somehow (from my own computer) if the old DNS Primary name
> is still being used by the domain2.com mail server?
>
> Thanks for your insight

some times it takes longer than 3 days... changing ip's is a PAIN.

if you can find what DNS servers domain2.com is using... maybe
whois domain2.com and get the list of DNS servers that serve
that domain... if they are open, you can do
nslookup site server ( or mayb host site server ) and send the
dns query to the specific server. I've used that method before
to see what ip address a site was using to get to my servers.

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson

I actually thought of that too and tried to find out the DNS server but
I can't seem to locate it with WHOIS. The mail server is
mail.barak.net.il.

In comp.os.linux.networking Polaris431 <(E-Mail Removed)>:
> I actually thought of that too and tried to find out the DNS server but
> I can't seem to locate it with WHOIS. The mail server is
> mail.barak.net.il.

What ever you are replying to?

barak.net.il nameserver = ns.barak.net.il.
barak.net.il nameserver = ns1.barak.net.il.
ns.barak.net.il internet address = 212.150.48.169

At least the first one seems open, didn't tried the other one,
while there is no guarantee that "mail.barak.net.il" really uses
it, you could try.

$ nslookup www.google.com 212.150.48.169
Server: 212.150.48.169
Address: 212.150.48.169#53

Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 66.102.9.147
Name: www.l.google.com
Address: 66.102.9.99
Name: www.l.google.com
Address: 66.102.9.104

Good luck

BTW
Please quote context on reply, thx:
http://groups.google.com/support/bin...y?answer=14213

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 165: Backbone Scoliosis

Hello,

Polaris431 a écrit :
> We switched ISP's. The new one is in a different country although the
> domain name has remained the same. Normally, they say it can take up to
> 3 days for the new DNS Primary domain to update throughout the Internt.

Normally, it is good practice to reduce the DNS record TTL (time to
live) value soon enough before doing the change so that the old data in
DNS caches expire within a few minutes or hours.

> 1. We used 1 ISP for 2 domains: domain1.com and domain2.com. Both are
> located in Israel. Both domains used the same mail server.
>
> 2. We move domain1.com to the USA and have it hosted by an ISP there.

You don't move a domain to a country because a domain is just a name, it
is not physically located in any country. You just move hosts. What
host(s) did you move ? Authoritative DNS servers, mail servers ?

> 4. People can send and receive e-mail on both domains to and from
> anyone with one exception: if an e-mail is sent from the mail server on
> domain2.com to domain1.com, it never arrives and no message is sent
> from any mail server indicating any problem. Some people in Israel can
> send an e-mail to domain1.com or domain2.com and it arrives. If someone
> in Israel is using a different ISP, then their DNS is probably correct.
> If they are using the same ISP, it is possible that there are multiple
> DNS servers and the one they are using happens to be updated.
>
> It would then logically appear that the mail server on domain2.com is
> forwarding the e-mail not to the new ISP but has an old cached DNS on
> its system somewhere.

Cached data should have expired, unless you had set a very long TTL. If
you moved the DNS server for domain1.com, maybe the old data are still
present as authoritative data in the old DNS server. Or maybe the mail
server which previously handled mail for domain1.com is still configured
with domain1.com as local, so it delivers the mail to domain1.com
locally regardless of DNS instead of forwarding it properly.

> Is it possible from my computer to run a program
> of some sort to determine where the e-mail is ending up at when sent
> through the mail server on domain2.com? In other words, is it possible
> to find out somehow (from my own computer) if the old DNS Primary name
> is still being used by the domain2.com mail server?

AFAIK, there is no "traceroute" for SMTP routing, if this is what you
have in mind. You must watch into the mail server logs to see what host
a mail was received from and what host it was forwarded to. But you can
use simple tools to query the DNS servers and mail servers used by
people who fail to send mail to the domain.

By the way, what is the Linux-related part in this topic ?

You're a genuis! Thanks for the advice. I did a whois on
mail.barak.net.il but that didn't return anything. It didn't dawn on me
to just do a whois on barak.net.il. When you discovered it was open, I
used nslookup and queried what mail server it was using and yes it was
in fact using mail.barak.net.il. I then queried what name server was
being used for our domain and sure enough the old DNS entry was still
there. Now that I think about it, it partly makes sense why it is
there. We haven't canceled our hosting service with them. We only moved
our domain to point to our new ISP in the USA. As far as Barak is
concerned, we are still a customer using the old mail server. I kind of
expected that their DNS would figure out that the domain has moved and
update its cache with the new DNS Primary domain. Perhaps it's suppose
to or perhaps it takes longer than I wish. One solution is to cancel
our hosting all together (including e-mail) and see if that causes the
entry to get deleted on their DNS. Or at the very least, they should at
least manually remove the entry right now.

Thanks again!

"Polaris431" <(E-Mail Removed)> writes:

>We switched ISP's. The new one is in a different country although the
>domain name has remained the same. Normally, they say it can take up to
>3 days for the new DNS Primary domain to update throughout the Internt.
>It's been about a week now and for the most part, this update has taken
>place.

It can take weeks.

>Here is the order of events that took place (the real domain names have
>been replaced):

>1. We used 1 ISP for 2 domains: domain1.com and domain2.com. Both are
>located in Israel. Both domains used the same mail server.

>2. We move domain1.com to the USA and have it hosted by an ISP there.

>3. The DNS update on the Internet happens quite fast but we wait about
>a week for the new DNS Primary address to propagate throughout the
>Internet.

>4. People can send and receive e-mail on both domains to and from
>anyone with one exception: if an e-mail is sent from the mail server on
>domain2.com to domain1.com, it never arrives and no message is sent
>from any mail server indicating any problem. Some people in Israel can
>send an e-mail to domain1.com or domain2.com and it arrives. If someone
>in Israel is using a different ISP, then their DNS is probably correct.
>If they are using the same ISP, it is possible that there are multiple
>DNS servers and the one they are using happens to be updated.

>It would then logically appear that the mail server on domain2.com is
>forwarding the e-mail not to the new ISP but has an old cached DNS on
>its system somewhere.

Sounds like it. Maybe that isp is annoyed with you for switching hosts and
has made updating their own internal tables a low low low priority.
Since both were on the same ISP there is probably some internal routing of
the mail, that never uses the dns tables which they "forgot" to alter.



>Does this make sense? Is it possible from my computer to run a program
>of some sort to determine where the e-mail is ending up at when sent
>through the mail server on domain2.com? In other words, is it possible
>to find out somehow (from my own computer) if the old DNS Primary name
>is still being used by the domain2.com mail server?

NO.

>Thanks for your insight

Pascal Hambourg <boite-a-(E-Mail Removed)> writes:

>Hello,

>Polaris431 a écrit :
>> We switched ISP's. The new one is in a different country although the
>> domain name has remained the same. Normally, they say it can take up to
>> 3 days for the new DNS Primary domain to update throughout the Internt.

>Normally, it is good practice to reduce the DNS record TTL (time to
>live) value soon enough before doing the change so that the old data in
>DNS caches expire within a few minutes or hours.

It does not matter. Those "time to live" are advisory and many places
ignore them.


>> 1. We used 1 ISP for 2 domains: domain1.com and domain2.com. Both are
>> located in Israel. Both domains used the same mail server.
>>
>> 2. We move domain1.com to the USA and have it hosted by an ISP there.

>You don't move a domain to a country because a domain is just a name, it
>is not physically located in any country. You just move hosts. What
>host(s) did you move ? Authoritative DNS servers, mail servers ?

"move the domain" means "move the host and the DNS record associated with
that domain".


>> 4. People can send and receive e-mail on both domains to and from
>> anyone with one exception: if an e-mail is sent from the mail server on
>> domain2.com to domain1.com, it never arrives and no message is sent
>> from any mail server indicating any problem. Some people in Israel can
>> send an e-mail to domain1.com or domain2.com and it arrives. If someone
>> in Israel is using a different ISP, then their DNS is probably correct.
>> If they are using the same ISP, it is possible that there are multiple
>> DNS servers and the one they are using happens to be updated.
>>
>> It would then logically appear that the mail server on domain2.com is
>> forwarding the e-mail not to the new ISP but has an old cached DNS on
>> its system somewhere.

>Cached data should have expired, unless you had set a very long TTL. If

TTLs are advisory, not compulsory. Some people do not take advice.

>you moved the DNS server for domain1.com, maybe the old data are still
>present as authoritative data in the old DNS server. Or maybe the mail
>server which previously handled mail for domain1.com is still configured
>with domain1.com as local, so it delivers the mail to domain1.com
>locally regardless of DNS instead of forwarding it properly.

>> Is it possible from my computer to run a program
>> of some sort to determine where the e-mail is ending up at when sent
>> through the mail server on domain2.com? In other words, is it possible
>> to find out somehow (from my own computer) if the old DNS Primary name
>> is still being used by the domain2.com mail server?

>AFAIK, there is no "traceroute" for SMTP routing, if this is what you
>have in mind. You must watch into the mail server logs to see what host
>a mail was received from and what host it was forwarded to. But you can
>use simple tools to query the DNS servers and mail servers used by
>people who fail to send mail to the domain.

That of course implies that the mail actually gets through. In his case he
is wondering about mail that does not get through.


>By the way, what is the Linux-related part in this topic ?

Linux is by far the best way of trying to track down problems like this.

Polaris431 wrote:

> Does this make sense? Is it possible from my computer to run a program
> of some sort to determine where the e-mail is ending up at when sent
> through the mail server on domain2.com? In other words, is it possible
> to find out somehow (from my own computer) if the old DNS Primary name
> is still being used by the domain2.com mail server?

Try sending an email to <(E-Mail Removed)> and see who or what
sends you an error message. That may give you some clue where your
email is going.

DS

"David Schwartz" <(E-Mail Removed)> writes:


>Polaris431 wrote:

>> Does this make sense? Is it possible from my computer to run a program
>> of some sort to determine where the e-mail is ending up at when sent
>> through the mail server on domain2.com? In other words, is it possible
>> to find out somehow (from my own computer) if the old DNS Primary name
>> is still being used by the domain2.com mail server?

>Try sending an email to <(E-Mail Removed)> and see who or what
>sends you an error message. That may give you some clue where your
>email is going.

If the dns on the domain1 host is shipping the message off to what it
thinks is domain2, another computer on the same network, and that computer
does not exist, nothing may ever come back.

I thnk you have to talk this over with the ISP that hosts domain1 and used
to host domain 2. They can look in their logs and figure out what is
happening. You cannot.


>DS