MX DNS Queries

This topic is 3679 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

Recommended Posts

I'm trying to make some DNS utility functions just for a learning experience. I've got class A requests working fine, but MX requests seem not to work as I expect. I issue a request for an MX record for www.hotmail.com, and the nameserver replies with "CNAME = mail.live.com". If I then issue a MX request for mail.live.com, I don't get any answers in the reply. Does anyone know what's going on here? RFC974 says that if there's no MX record in the reply, then I should connect to the domain name for which the MX request was issued (mail.live.com), but I can't actually connect to mail.live.com on port 25 (It just times out). Does anyone know if I'm doing something silly here? I've uploaded a dump from Wireshark Here if it helps at all. Cheers, Steve

Share on other sites
I would try capturing packets from running nslookup. I bet that will show you the problem.

Share on other sites
My mistake nslookup uses an A request obviously. I did not realize that you are trying to get the mail record.

Share on other sites
I think you can set nslookup to use MX requests. I know for sure that you can set "host" to use MX requests.

If you want to reverse-engineer how to automatically send e-mail, how about using Wireshark (or netmon) on something like Thunderbird when it's sending e-mail?

[Edited by - hplus0603 on November 18, 2008 3:43:35 PM]

Share on other sites
Quote:
 Original post by hplus0603I think you can set nslookup to use MX requests. I know for sure that you can set "host" to use MX requests.

You're right in windows it is -type=MX, looks like that receives the same response you are seeing. I then did an MX on mail.live.com and got a result.

Share on other sites
The MX record points to the host that handles mail. So you want to query for the MX record for "hotmail.com" (not "www.hotmail.com" - you send mail to someone@hotmail.com, not someone@www.hotmail.com, right?). I'm going to look at gmail.com, cause that's slightly more interesting (this is from nslookup):

> set type=mx> gmail.comServer:  mygateway1.NB5Plus4WAddress:  192.168.1.1Non-authoritative answer:gmail.com       MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.comgmail.com       MX preference = 10, mail exchanger = alt2.gmail-smtp-in.l.google.comgmail.com       MX preference = 50, mail exchanger = gsmtp147.google.comgmail.com       MX preference = 50, mail exchanger = gsmtp183.google.comgmail.com       MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com... (you get more than this, but that'll do for starters)

This means there's fuve hosts that handle mail for gmail.com, alt1.gmail-smtp-in.l.google.com, gsmtp183.google.com, etc.

The should be sorted by the value of the "preference" parameter. You then try each server in order until you are able to connect. So you'd try gsmtp147.google.com first, then gsmtp183.google.com, then alt1.gmail-smtp-in.l.google.com and so on.

You query for the A record of the host returned in the MX, which gives you the IP address of the actual server. Here's a sample from above:

> set type=A> gsmtp147.google.comServer:  mygateway1.NB5Plus4WAddress:  192.168.1.1Non-authoritative answer:Name:    gsmtp147.google.comAddress:  209.85.147.27> alt2.gmail-smtp-in.l.google.comServer:  mygateway1.NB5Plus4WAddress:  192.168.1.1Non-authoritative answer:Name:    alt2.gmail-smtp-in.l.google.comAddresses:  209.85.135.27, 209.85.135.114

So you'd connect to the SMTP server at 209.85.147.27 first, if you can't connect, you try the next one and so on...

Share on other sites
Argh, I'm an idiot. I was trying www.hotmail.com, not hotmail.com. I'd already tried using nslookup and didn't get any MX records from it either (obviously), so I figured I'd misunderstood the RFC.

Quote:
 Original post by hplus0603If you want to reverse-engineer how to automatically send e-mail, how about using Wireshark (or netmon) on something like Thunderbird when it's sending e-mail
Most mailers don't do the MX lookups themselves, they relay to your ISPs mail server. Although I haven't actually tested this with anything yet.

Thanks for the replies [smile]

Share on other sites
Quote:
 Most mailers don't do the MX lookups themselves, they relay to your ISPs mail server.

Yes, brain-fart on my end. What you should do is install postfix or qmail on a linux box running inside VirtualPC or VMWare, and then net-sniff *that*. And, as you'll then be on Linux, you can use tcpdump to do the capture, and "host" or "dig" to do your own DNS queries.

Share on other sites
If that works. It's common these days for residential ISPs to block outgoing port 25 other than to the ISP's own mail server, since it's usually used by spamming zombies. (For maximum lulz, some of them combine this with disallowing FROM spoofing on their SMTP server. Hope you didn't like using your work email address!)

Share on other sites
Or, why I didn't switch away from Speakeasy when I had a parallel trial of Comcast for 3 months...

1. 1
2. 2
Rutin
21
3. 3
4. 4
A4L
15
5. 5
khawk
14

• 13
• 26
• 10
• 11
• 9
• Forum Statistics

• Total Topics
633737
• Total Posts
3013608
×