Exchange Server 2003 Problem with DNS entries - errors in Event Viewer
My ISP provider (BellSouth) recently advised me that our DNS Server IP addresses were antiquated and they provided me with the IP addresses that should be on our server. I had a technician come in and he changed the DNS entries that BellSouth provided. Since that time I have been having several issues. The main issue now is that I continue to get tons of error messages in the Event Viewer on my Exchange Server (Windows 2000 SP4) , i.e., “Registration of the DNS record ……failed with the following error: DNS operation refused.” Then many more with this same message or “Deregistration of the DNS record….failed with the following error: DNS operation refused.” My users e-mail seems to be working OK; however, when they launch Outlook 2000 (or in my case Outlook 2003) it takes about 30-45 seconds to connect where prior to these changes the connection would be immediate. Our internet access seems to be working fine as well. Any input on resolving these DNS issues would be appreciated. Thank you!
Hi,
I agree with Chris-Dent. This is the best solution. If you don't want your internal DNS Server to query external DNS Servers you can configure your Exchange to use an external DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;326992
cu
Bjoern Wolfgardt
I agree with Chris-Dent. This is the best solution. If you don't want your internal DNS Server to query external DNS Servers you can configure your Exchange to use an external DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;326992
cu
Bjoern Wolfgardt
ASKER
Thanks for your quick response. Yes, you are correct. We are running Active Directory and you are also correct that our network is using an internal DNS entry (192.0.1.xx) not the ISPs server addresses. The tech only changed the IP addresses on my Exchange Server -- all of my pc's still point to the internal DNS entry. So from your comments it appears that my tech should focus on DNS forwarding to resovle this problem? Also, how do we correct the name resolution issue?
Since your Internal users all have Internet access you might be able to assume that DNS is set up just fine internally. By default DNS will use Root Hints (asks the Root (TLD - Top Level Domain) Servers) for external addresses so generally you don't need to change anything there.
To test this out go to any of the workstations on your domain then:
Start
Run
cmd
nslookup
www.google.com
And make sure it comes back with an address. If you have no problems there then I would just swap the DNS servers on the Exchange back to the Local DNS Servers.
Then running:
Start
Run
cmd
ipconfig /registerdns
Should stop all those error messages appearing in the logs. Of course sending mail should still be tested following this change.
This should remove the speed issue running Outlook as well.
Regards,
Chris
Oops.... forgot to clarify that "ipconfig /registerdns" should be run on the Exchange Server.
If your clients are still suffering from slow initial connections then try:
ipconfig /flushdns
Again from the Command Prompt on any client PC that is having trouble.
ASKER
I did go to a command prompt on my workstation and typed in "nslookup" -- this is the response I received:
**** Can't find server name for address 192.0.1.xx: non-existent domain
**** Default severs are not available
Default Server: Unknown
Address: 192.0.1.xx
I do get a reply if I type "ping www.google.com"
**** Can't find server name for address 192.0.1.xx: non-existent domain
**** Default severs are not available
Default Server: Unknown
Address: 192.0.1.xx
I do get a reply if I type "ping www.google.com"
Okay, that's not so promising ;)
Does your DNS Server run on your Exchange Server by any chance?
ASKER
Yes, I think my DNS Server does run on my Exchange Server......
Ahh, then it's unlikely to be able to resolve it's own name (Reverse Lookup - IP to Name).
If you do NSLookup does a query for www.google.com work?
ASKER
On my workstation I typed in "nslookup" at a command prompt and this is the response I received:
**** Can't find server name for address 192.0.1.xx: non-existent domain
**** Default severs are not available
Default Server: Unknown
Address: 192.0.1.xx
**** Can't find server name for address 192.0.1.xx: non-existent domain
**** Default severs are not available
Default Server: Unknown
Address: 192.0.1.xx
Okay... on the Exchange Server / DNS is the service running?
That you can still resolve external addresses at all (with ping) implies that it is, but it needs to reference itself really to fill in its missing information.
You don't use a secondary DNS on any of the workstations do you?
If not try:
ipconfig /flushdns
Then try ping www.google.com (or any other address really) again. If it responds I'd say you don't have a problem with DNS and should swap the DNS addresses on the Exchange Server back to the Local ones.
If it refuses to send after that you can still swap back (no mail will be lost - just queued).
ASKER
I did check the services on the Exchange Server and it is started. As far as I know, I do not use a secondary DNS on any of my workstations. I then did "ipconfig /flushdns" on my workstation and then I tried to ping www.google.com and it did give me a reply. So, if I understadn you correctly, you are saying I should swap the DNS addresses on the Exchange Server back to the Local ones. I'm not sure I understand what the "Local Ones" means. Would I be changing the DNS addresses back to the original IP addresses from Bellsouth (the ones they say are antiquated)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the explanation. I may have the tech come back out to make these changes as I am reluctant to make changes to my Exchange Server without him around. I will definitely show him your postings so that he can do exactly what you recommend. I have one other question for you (even though this may sound like a stupid question) but if the Bellsouth addresses are not on the Exchange Server which is my DNS server where are these addresses put it? If you don't mind, I will leave this question open until my tech can come to my office so that if he needs to ask any other questions we could enter in this same post.
No problem at all.
The Bell South Addresses are optional. You can use them as Forwarders inside the DNS Configuration if you wish.
Forwarders means that if your local DNS doesn't know the answer to a question (like What is the IP Address for www.google.com?) then it will forward the question onto those Bell South Servers and wait for a response from them.
The other option is to use Root Hints - this is a list of the TLD (Top Level Domain) Servers, like .com, .net, .org etc etc.
Instead of asking the Bell South servers it would head back to whoever is in charge of the TLD (like .com) and ask it about a domain underneath - like google.com.
Forwarders are generally faster than performing a Full Lookup (via the Root Servers) - but I still prefer only to use Forwarders in larger organisations where you might have multiple DNS Servers. The use Root Hits removes a reliance on an ISPs DNS.
The difference in query speed is generally negligible.
Hope that helps.
ASKER
Thanks for the explanation and all of your help. Hopefully we can resolve this problem when my tech comes to the office. I will let you know what happens and also I will award you the points once I confirm my tech doesn't need to ask anything else. Thanks again and have a nice day!
Pleasure, hope it all works out.
ASKER
I did finally get my tech in here and everything seems to be working fine. I still have several warning messages in my Event Viewer but I will probably log a new posting to ask about those messages. Your information was very valuable to me and my tech. I think he had to add some info to the forward dns entries and that seemed to fix my problem. Our Outlook now connects immediately as it did before and all seems well. Thanks again for all of your help!
Brilliant news, glad it's all working now.
I assume you are running Active Directory in there?
Your Exchange Server should be using your Networks Internal DNS Server, not the ISPs servers. It will need to register it's own entries on your Internal Server (hence the DNS registration errors).
You can then either use DNS Forwarding or Root Hints to resolve External Addresses, but that should be set-up on your Internal DNS Server - ideally no Internal Server or Client should be using External DNS Servers directly.
The delay in Outlook connecting is caused by this name resolution problem.
Hope that makes sense - please don't hesitate to ask again if it's not clear.