cookie
06-30-2007, 09:12 AM
I have a dedicated server, and suddenly yesterday morning I noticed that I couldn't send any mail.
I was using thunderbird pop3 mail client on my local machine. When I sent a message with thunderbird, I assume that Exim was checking the dns of the domains that I was sending mail to, and I was receiving a message stating that the SMTP server reported that there was a local problem.
I started looking at the mail queue and noticed that messages were not being delivered to my email account at gmail.com for administrative stuff. Such as results of upcp, etc.
I was a bit frustrated and restarted exim and pop3 on the server. This did nothing.
I started to look at top and network statistics through iptraf, and noticed several ucp requests on port 53.
I looked this up and realized that it was DNS. I realized my server was not able to do DNS lookups.
I started to think that my server had been hacked and was being used to send out spam or something.
I looked in /etc/resolv.conf and noticed that the only nameservers listed were
nameserver 216.120.225.19
nameserver 216.120.254.253
a quick reverse lookup produced dns1.hrnoc.net and dns2.hrnoc.net
I tried to ping both server, but nothing was pingable.
I looked in WHM and know that I have dns1.rocketcontrol.com and dns2.rocketcontrol.com set, but those servers were not listed in /etc/resolv.conf
I put the IP addresses of dns1.rocketcontrol.com and dns2.rocketcontrol.com in there and suddenly life was back to normal again.
So what happened? Were the IP addresses of dns1.hrnoc.net changed, or did they go offline, or is the network route from my dedicated server to those dns servers no longer valid?
Either way, something changed and it produced some downtime for me....and of course it was at a critical time that I was trying to send some important emails out.
I was using thunderbird pop3 mail client on my local machine. When I sent a message with thunderbird, I assume that Exim was checking the dns of the domains that I was sending mail to, and I was receiving a message stating that the SMTP server reported that there was a local problem.
I started looking at the mail queue and noticed that messages were not being delivered to my email account at gmail.com for administrative stuff. Such as results of upcp, etc.
I was a bit frustrated and restarted exim and pop3 on the server. This did nothing.
I started to look at top and network statistics through iptraf, and noticed several ucp requests on port 53.
I looked this up and realized that it was DNS. I realized my server was not able to do DNS lookups.
I started to think that my server had been hacked and was being used to send out spam or something.
I looked in /etc/resolv.conf and noticed that the only nameservers listed were
nameserver 216.120.225.19
nameserver 216.120.254.253
a quick reverse lookup produced dns1.hrnoc.net and dns2.hrnoc.net
I tried to ping both server, but nothing was pingable.
I looked in WHM and know that I have dns1.rocketcontrol.com and dns2.rocketcontrol.com set, but those servers were not listed in /etc/resolv.conf
I put the IP addresses of dns1.rocketcontrol.com and dns2.rocketcontrol.com in there and suddenly life was back to normal again.
So what happened? Were the IP addresses of dns1.hrnoc.net changed, or did they go offline, or is the network route from my dedicated server to those dns servers no longer valid?
Either way, something changed and it produced some downtime for me....and of course it was at a critical time that I was trying to send some important emails out.