DNS woes and MX Records.

  • Thread starter Thread starter David Andrew
  • Start date Start date
D

David Andrew

Can anybody help with the following strange DNS behaviour.

Running AD 2003 and Exchange 2003. with AD integrated zone called
company.com

We recently had a server failure of our SMTP gateway (not running exchange)
and have had to change SMTP routing group so that Outbound is delivered
direct via our Front End Exchange Server. most mail is delivered correctly,
but a few domains are not being resolved via our internal DNS which the
Exchange Server uses. Our internal DNS points to our public facing DNS
server to resolve queries external to our domain i.e anothercompany.com

By using NSLOOKUP and only quering MX records I noticed that our Internal
DNS servers timed out on these specific domains... when I change using the
server command to our public facing DNS server it works fine....and resolves
the appropriate record. Our Internal DNS uses External DNS servers as
forwarders.

Anybody have a clue to what is going on here.

Many thanks in advance.

Regards.

David
 
hmm. I would:
1) Get on a console of the dns server not returning the domain names.
2) Use dig or netdig (www.mvptools.com) to make mx and ns and ANY queryies
to the same forwarder "this" dns server is configured to use. Note any
errors or weird replies.

I am guessing here, but it may have something to do with large udp replies
and not having tcp port working somewhere in your dns chain.

opcode: Query, status: NoError, id: 42
flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 20

QUESTION SECTION:
libero.it. IN MX

ANSWER SECTION:
libero.it. 86400 IN MX 10 mx1.libero.it.
libero.it. 86400 IN MX 10 mx2.libero.it.
libero.it. 86400 IN MX 10 mx3.libero.it.
libero.it. 86400 IN MX 10 mx4.libero.it.
libero.it. 86400 IN MX 10 mx5.libero.it.

AUTHORITY SECTION:
libero.it. 86400 IN NS ns2.libero.it.
libero.it. 86400 IN NS ns1.libero.it.

ADDITIONAL SECTION:
mx1.libero.it. 86400 IN A 193.70.192.90
mx1.libero.it. 86400 IN A 193.70.192.92
mx1.libero.it. 86400 IN A 193.70.192.54
mx1.libero.it. 86400 IN A 193.70.192.55
mx1.libero.it. 86400 IN A 193.70.192.59
mx2.libero.it. 86400 IN A 193.70.192.59
mx2.libero.it. 86400 IN A 193.70.192.90
mx2.libero.it. 86400 IN A 193.70.192.92
mx2.libero.it. 86400 IN A 193.70.192.54
mx2.libero.it. 86400 IN A 193.70.192.55
mx3.libero.it. 86400 IN A 193.70.192.55
mx3.libero.it. 86400 IN A 193.70.192.59
mx3.libero.it. 86400 IN A 193.70.192.90
mx3.libero.it. 86400 IN A 193.70.192.92
mx3.libero.it. 86400 IN A 193.70.192.54
mx4.libero.it. 86400 IN A 193.70.192.92
mx4.libero.it. 86400 IN A 193.70.192.54
mx4.libero.it. 86400 IN A 193.70.192.55
mx4.libero.it. 86400 IN A 193.70.192.59
mx4.libero.it. 86400 IN A 193.70.192.90

Query time: 453 ms
Server : 193.70.192.100:53 udp (193.70.192.100)
When : 10/26/2004 11:06:13 AM
Size rcvd : 483
 
Thanks William, when I use netdig from the internal server I get the
following error message

Command used NETDIG @servername libero.it mx

error I get:

Connection error:
A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond

When I do NETDIG @external_servername libero.it mx

I get confirmation back similar to your example.

Any help would be apreciated.

Regards.
 
Addtionally using Debug and NSlookup..


It seems to try and resolve to libero.it.companyname.com

i.e appending the company name to the original request.

Regards

D
 
So "servername" is not returning a reply. Now jump to that server and do
the same thing. If you can't access that server, then you may need to use
another forwarder. As a test, use the forwarder 4.2.2.2 to see if from the
*same dns server, you at least can get a valid reply for that name. Use
netdig from same box as below, but use 4.2.2.2 as the server.
 
Many thanks.


The firewall has been amended ... all resolving fine now,

Many thanks again

D
 
Back
Top