Last week, I migrated the mail server of a friends's company to a more recent version (Debian Squeeze, upgraded postfix/cyrus/openldap and so on...). While I was keeping an eye on the configuration (there is always a missing comma in some obscure configuration file), I received a SSL certificate error on thunderbird.

Investigating, I realized that the DNS provider was messing with the records, and had just moved the unique MX entry to a different server ! Direct impact: major email providers such as Gmail were caching the new record as the authoritative mail server, therefore failing the delivery of email for the domain.

This was a major DNS provider failure, even for a small business like this. No more emails coming in means no more business going on. Worse, Gmail was notifying an immediate delivery failure (there was a mail server also on that other server, but it didn't know my domain so it was refusing emails with an LDAP lookup error).

I was lucky enough to notice the problem from the outside, log the guilty DNS record right away and warn the guys, but still I had to provide some logs to prove that my proud, band new, mail server wasn't the cause of the failure.

So I did some basic Perl coding to watch that kind of stuff, and here is the script. It's fairly basic: it watches MX entries on a loop (every n seconds) and notifies an email address if there is a change in one of the authoritative name server for the domain.

No magic here, just some handy tool.

html version: http://jve.linuxwall.info/ressources/code/dnswatch.pl.html