Sign in to follow this  

MX DNS Queries

This topic is 3315 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm trying to make some DNS utility functions just for a learning experience. I've got class A requests working fine, but MX requests seem not to work as I expect. I issue a request for an MX record for www.hotmail.com, and the nameserver replies with "CNAME = mail.live.com". If I then issue a MX request for mail.live.com, I don't get any answers in the reply. Does anyone know what's going on here? RFC974 says that if there's no MX record in the reply, then I should connect to the domain name for which the MX request was issued (mail.live.com), but I can't actually connect to mail.live.com on port 25 (It just times out). Does anyone know if I'm doing something silly here? I've uploaded a dump from Wireshark Here if it helps at all. Cheers, Steve

Share this post


Link to post
Share on other sites
I think you can set nslookup to use MX requests. I know for sure that you can set "host" to use MX requests.

If you want to reverse-engineer how to automatically send e-mail, how about using Wireshark (or netmon) on something like Thunderbird when it's sending e-mail?

[Edited by - hplus0603 on November 18, 2008 3:43:35 PM]

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
I think you can set nslookup to use MX requests. I know for sure that you can set "host" to use MX requests.

You're right in windows it is -type=MX, looks like that receives the same response you are seeing. I then did an MX on mail.live.com and got a result.

Share this post


Link to post
Share on other sites
The MX record points to the host that handles mail. So you want to query for the MX record for "hotmail.com" (not "www.hotmail.com" - you send mail to someone@hotmail.com, not someone@www.hotmail.com, right?). I'm going to look at gmail.com, cause that's slightly more interesting (this is from nslookup):


> set type=mx
> gmail.com
Server: mygateway1.NB5Plus4W
Address: 192.168.1.1

Non-authoritative answer:
gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt2.gmail-smtp-in.l.google.com
gmail.com MX preference = 50, mail exchanger = gsmtp147.google.com
gmail.com MX preference = 50, mail exchanger = gsmtp183.google.com
gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com

... (you get more than this, but that'll do for starters)




This means there's fuve hosts that handle mail for gmail.com, alt1.gmail-smtp-in.l.google.com, gsmtp183.google.com, etc.

The should be sorted by the value of the "preference" parameter. You then try each server in order until you are able to connect. So you'd try gsmtp147.google.com first, then gsmtp183.google.com, then alt1.gmail-smtp-in.l.google.com and so on.

You query for the A record of the host returned in the MX, which gives you the IP address of the actual server. Here's a sample from above:


> set type=A
> gsmtp147.google.com
Server: mygateway1.NB5Plus4W
Address: 192.168.1.1

Non-authoritative answer:
Name: gsmtp147.google.com
Address: 209.85.147.27

> alt2.gmail-smtp-in.l.google.com
Server: mygateway1.NB5Plus4W
Address: 192.168.1.1

Non-authoritative answer:
Name: alt2.gmail-smtp-in.l.google.com
Addresses: 209.85.135.27, 209.85.135.114




So you'd connect to the SMTP server at 209.85.147.27 first, if you can't connect, you try the next one and so on...

Share this post


Link to post
Share on other sites
Argh, I'm an idiot. I was trying www.hotmail.com, not hotmail.com. I'd already tried using nslookup and didn't get any MX records from it either (obviously), so I figured I'd misunderstood the RFC.

Quote:
Original post by hplus0603
If you want to reverse-engineer how to automatically send e-mail, how about using Wireshark (or netmon) on something like Thunderbird when it's sending e-mail
Most mailers don't do the MX lookups themselves, they relay to your ISPs mail server. Although I haven't actually tested this with anything yet.

Thanks for the replies [smile]

Share this post


Link to post
Share on other sites
Quote:
Most mailers don't do the MX lookups themselves, they relay to your ISPs mail server.


Yes, brain-fart on my end. What you should do is install postfix or qmail on a linux box running inside VirtualPC or VMWare, and then net-sniff *that*. And, as you'll then be on Linux, you can use tcpdump to do the capture, and "host" or "dig" to do your own DNS queries.

Share this post


Link to post
Share on other sites
If that works. It's common these days for residential ISPs to block outgoing port 25 other than to the ISP's own mail server, since it's usually used by spamming zombies. (For maximum lulz, some of them combine this with disallowing FROM spoofing on their SMTP server. Hope you didn't like using your work email address!)

Share this post


Link to post
Share on other sites
Typically, if you've got a "business" plan the ISP won't block connections to port 25 (at least, that is true in Australia). Of course, business plans cost more...

Share this post


Link to post
Share on other sites
Quote:
Original post by Sneftel

Hope you didn't like using your work email address!)


Why wouldn't workplace allow ssh or VPN for this purpose? Most mailers allow you to specify the profile you're replying on as well.

Granted, there's the annoyance of opening the tunnel, but there's worse things.

Share this post


Link to post
Share on other sites

This topic is 3315 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this