mx records, the ongoing saga.

  • Thread starter Thread starter Chris Johnsen
  • Start date Start date
C

Chris Johnsen

if i configure my w2k server box to use the router as primary dns, i can
look up mx records just fine. of course in this configuration, all of the
auto-dns-registration services puke. this is the only configuration that i
can seem to make work properly and it took me a while to find it (doesn't
work if i use the isp's dns servers directly).

if i configure my w2k server box to use itself as primary dns, and set the
router as a dns forwarder, i can't look up mx records. i get 5504 errors.

is there some sort of problem with dns forwarders in w2k dns? i'm running
SP4, by the way.

thanks.

-Chris
 
In
Chris Johnsen said:
if i configure my w2k server box to use the router as primary dns, i
can look up mx records just fine. of course in this configuration,
all of the auto-dns-registration services puke. this is the only
configuration that i can seem to make work properly and it took me a
while to find it (doesn't work if i use the isp's dns servers
directly).

if i configure my w2k server box to use itself as primary dns, and
set the router as a dns forwarder, i can't look up mx records. i get
5504 errors.

is there some sort of problem with dns forwarders in w2k dns? i'm
running SP4, by the way.

thanks.

-Chris
Click to expand...

Don't forward to the router since the router is NOT a DNS server, and is
just proxying the query. Forward directly to the ISP's, as long as the ISP's
accepts forwarding (indicated by the RA bit being "on"). If not sure, try
this one: 4.2.2.2. Continue to point to yourself for DNS only. The errors
should then disappear.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Tried 4.2.2.2. No go. Timeout trying to resolve the query.

Thanks anyway,

-Chris

"Ace Fekay [MVP]"
 
In
Chris Johnsen said:
Tried 4.2.2.2. No go. Timeout trying to resolve the query.

Thanks anyway,

-Chris
Click to expand...

4.2.2.2 doesn't work????
That's a first after 2 years of using that server.

It won't resolve a query? How are you doing the query? What are the exact
steps? What are your exact errors? Can you post an example?

Also, keep in mind, a 5504 error is stating that an invalid character is in
a name. That will cause a lookup error on a machine with an invalid
character in the name. MS DNS only supports 0-9, a-z, A-Z, . (dot), and -
(hyphen) as part of a domain name. So if you have any names with spaces or
underscores, that will cause that error.

My concern is on your resolution issues, not the 5504 errors, because you
easily discover what machines they are and easily change those machine names
to remove that error.

Try these steps (using 4.2.2.2 as the forwarder):

nslookup
(your server IP and name pops up here)
(if you don't have a reverse zone, then you'll
(get a msg saying your server IP can't be
(found in the reverse zone. Just have to make
(one if that's the case- otherwise just ignore it
(because nslookup will continute to work)

set type=mx
(you're setting the lookup type to MX records)

microsoft.com
(you'll get an answer here)

yourdomain.com
(you'll get an answer here)

exit
--------------------------------------------


Let me see the answers please.


Then I would like you to try it with an extra added step to change focus on
what DNS server you're using for nslookup:

nslookup
server 4.2.2.2
(this will make nslookup use 4.2.2.2
(instead of your internal server)

set type=mx

microsoft.com
(you'll get an answer here)

yourdomain.com
(you'll get an answer here)

exit
---------------------------------------------
Let me see those answers too. This will help in understanding what errors
you're talking about and if 4.2.2.2 or any other DNS server is not working
for you.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Chris Johnsen said:
Tried 4.2.2.2. No go. Timeout trying to resolve the query.

Thanks anyway,

-Chris
Click to expand...
I also looked back to your original post. You were getting 5504 errors back
then? The reason I ask is because you got this error in the dns log:

The DNS server encountered an invalid domain name in a packet from
192.168.2.1. The packet is
rejected.

Did you ever resolve that?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
It won't resolve a query? How are you doing the query? What are the exact
steps? What are your exact errors? Can you post an example?
Click to expand...

Sure. This is using 4.2.2.2 as the forwarder.

: nslookup
: set type=mx
: gmic.com

*** spock.my-domain.com can't find gmic.com: Server failed.
Try these steps (using 4.2.2.2 as the forwarder):

nslookup
(your server IP and name pops up here)
(if you don't have a reverse zone, then you'll
(get a msg saying your server IP can't be
(found in the reverse zone. Just have to make
(one if that's the case- otherwise just ignore it
(because nslookup will continute to work)

set type=mx
(you're setting the lookup type to MX records)

microsoft.com
(you'll get an answer here)

yourdomain.com
(you'll get an answer here)

exit
--------------------------------------------
Click to expand...

microsoft.com gave me the same result as above. here are the results for my
domain:

primary name server = spock.my-domain.com
responsible mail addr = admin
serial = 24
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default ttl = 3600 (1 hour)

nslookup
server 4.2.2.2
(this will make nslookup use 4.2.2.2
(instead of your internal server)

set type=mx

microsoft.com
Click to expand...
dns request timed out.
timeout was 2 seconds.
yourdomain.com
Click to expand...
dns request timed out
timeout was 2 seconds.
exit
---------------------------------------------
Click to expand...

Thanks
 
No. I'm behind a router, forwarding the HTTP, HTTPS, SMTP, POP3 & FTP ports
to my server.

----- Original Message -----
From: "Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&[email protected]>
Newsgroups: microsoft.public.win2000.dns
Sent: Saturday, September 13, 2003 6:05 AM
Subject: Re: mx records, the ongoing saga.
 
Ace,

Nope. That's the error I get in the DNS log when I'm unable to resolve an
MX lookup (using my own DNS server).

I'm very hesitant to blame my router, because I seem to do OK if I do not
use my local DNS server.


"Ace Fekay [MVP]"
 
For what it's worth, I also forwarded 53 (both TCP & UDP) to my server, same
results.

"Ace Fekay [MVP]"
 
In
Chris Johnsen said:
Ace,

Nope. That's the error I get in the DNS log when I'm unable to
resolve an MX lookup (using my own DNS server).

I'm very hesitant to blame my router, because I seem to do OK if I do
not use my local DNS server.
Click to expand...



FYI a 5504 error just says there's an invalid character in the name. Hunt
down the IP and it's cooresponding name in your DNS and find out what
machine it is. Underscores and special characters are examples of invalid
names the DNS does not allow. Could be coming from a Mac machine, or an
underscore in a Win98 machine or a Win2k machine with a name or domain name
that has such a character.

Read this:
http://www.eventid.net/display.asp?eventid=5504&source=



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Chris Johnsen said:
For what it's worth, I also forwarded 53 (both TCP & UDP) to my
server, same results.
Click to expand...

For MS DNS to work properly for resolution, you need to also allow the range
of UDP ports 1023 - 65534. I had to do it for my own machines. Otherwise
you'll get issues that appears as DNS "doesn't work". BIND uses only TCP and
UDP 53. MS DNS doesn;t work this way.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Chris Johnsen said:
Sure. This is using 4.2.2.2 as the forwarder.


*** spock.my-domain.com can't find gmic.com: Server failed.
Click to expand...

Well, you didn't post the whole thing because I wanted to see what happens
when you type in nslookup, so I'm going to take a stab at it and say that
this message (not an error) happens when nslookup intializes. It's actually
doing you a favor to look for the name of y our DNS server out of your
reverse zone. If you have a reverse zone and there is a PTR entry in your
reverse zone for your DNS server's IP address that tells it what the name is
for the IP, then it returns the name. If not, it tells you with that message
(not an error). Usually this can be ignored because nslookup will function
with any subsequent command. Also, when using MS DNS, if ports UDP 1023 -
65534 are blocked to the DNS server, then it will give you errors with
subsequent commands.

If it;s working for your domain, then it's grabbing it internally. If it's
not working for external names, such as the microsoft.com example you gave
below, then it's *probably* due to the UDP ports being blocked.


Look at my example to your gmic.com query:
==========================
set type=mx
gmic.com
Click to expand...
Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

gmic.com MX preference = 10, mail exchanger = mail.gmic.com
gmic.com MX preference = 100, mail exchanger = mail.gmic.com
gmic.com nameserver = ns3.cheap-dns.com
gmic.com nameserver = ns1.cheap-dns.com
gmic.com nameserver = ns2.cheap-dns.com
mail.gmic.com internet address = 208.17.180.18
ns1.cheap-dns.com internet address = 140.99.102.139
ns2.cheap-dns.com internet address = 140.99.102.138
ns3.cheap-dns.com internet address = 209.63.134.133
==========================


microsoft.com gave me the same result as above. here are the results
for my domain:

primary name server = spock.my-domain.com
responsible mail addr = admin
serial = 24
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default ttl = 3600 (1 hour)


dns request timed out.
timeout was 2 seconds.
dns request timed out
timeout was 2 seconds.

Thanks
Click to expand...



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ace,

Thanks for your assistance.

After messing around with this for a couple of weeks, I've decided to just
go back to Linux. I'd much rather use Windows as it's easier to administer
(sendmail is a pain), but I don't have this issue with Linux.

Thanks anyway. Maybe sometime I'll give it a shot again when I have more
patience. :-)

-Chris

"Ace Fekay [MVP]"
 
In
Chris Johnsen said:
Ace,

Thanks for your assistance.

After messing around with this for a couple of weeks, I've decided to
just go back to Linux. I'd much rather use Windows as it's easier to
administer (sendmail is a pain), but I don't have this issue with
Linux.

Thanks anyway. Maybe sometime I'll give it a shot again when I have
more patience. :-)

-Chris
Click to expand...

Sad to hear that Chris. MS DNS pretty much just works and as you said, easy
to administer. Don't give up just yet.

I highly doubt that BIND on Linux allow those characters. 99% of the time,
the underscore is the culprit of 5504 errors under Windows. Not sure how
BIND will tell you that, but I'm sure it will somehow. You have to hunt down
that IP (Based on one of your previous post it was 192.168.1.2). Look at
it's name. I believe the error will continue under BIND.

The skinny on the dreaded underscore character in DNS (Based on RFC 952):
http://www.acmebw.com/askmrdns/archive.php?category=81&question=604

Under Windows DNS, don't forget to enable Secure Cache Against Pollution
(DNS properties, Adv tab).

Hope you stay with MS DNS.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top