• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1907
  • Last Modified:

DNS error

I have 2 w2k DC server, and 2 w2k server withour DC, one running ISA server 2004 and Mail server.
P DNS server not working, e-mail servre can't query DNS to send mails.
please tell me how to fis DNS to work? i have add forwared also.

  • 4
  • 3
  • 2
  • +2
1 Solution
Leandro IaconoSenior Premier Field EngineerCommented:
What error do you get exactly from your mail server?

Are you sure you configured the win2k server properly to point to the DNS Server?
Can you ping the DNS server from the win2k server runing the mail service?

Could you be a bit more specific twords your problem?

Good luck mate.
Ron MalmsteadInformation Services ManagerCommented:
Make sure you have external dns fowarding on your PDC and SDC dns settings.
Let us know more why you think it is your DNS server not working?
Is your dns server Active Directory integrate? what forward lookup zones it serves? Do you have Root Hint setup in your DNS server?
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tell us the names of the domain and the dns server and we'll query them to see why.

Usually, you need an MX record that is correct.  The MX record is usually smtp.domainname.tld. and is not a CNAME or alias.

If your mail server can't query the DNS, then you have it set to the wrong DNS, or, you are trying to DNS upstream where no MX record exists.

If your mail server requires authentication, and the smtp does not, it will also not work.

Give us some information to work with.

Domain?  DNS?
joyjmAuthor Commented:
My mail DC is name is wsrserver which is setup as primary DNS server and WSRmail is second DC which is secondary DNS.
My DNS suffix is maldiveswhitesands
Now I remove DNS from Main DC and made mail server to use 2 DNS server which wsrmail, it works! Mail server can Query DNS servers and send mails.
But when reinstall DNS in Main DC and while configuring it asked me is there any DNS  server then I gave second DNS server IP but it gave error message saying couldn’t contact the server or DNS server not running or it is not connected to network.
Is your ISA installed on your WSRServer? Check if you have any policy that cause all this happen? I believe that is the ISA caused all these..
Then you have a ping or configuration problem and should be testing for that.

It is what it says "it is not connected to network."

Why don't you check that first, see if they can all see each other.

Your suffix should be maldiveswhitesands.com  see, with an ending.

It's also asking you for the name of a secondary server; that means, a server on which DNS is also running, not just any old server!

You have to have DNS installed on both for one to be primary and the other to be secondary.  Any box can be a DNS server, if it's running DNS.  For example, I can make an XP Home box a DNS server by installing Bind on it.  It doesn't care if it's a Windows Server, it cares that it is a DNS server.

Any box, that runs any service on the network, is a server, not just a Windows PDC or BDC.  Your confused about what a server is by Microsoft terminology.  An XP box can be a DNS Server, a Web Server [Apache], an ftp server [any ftp server software, like ServU], and so on.  Having a Microsoft Server License is not what makes a server a server.  Serving services on the network makes a machine a server, period.

The PDC should also install and run DNS even without a secondary server.  Then you would use DNS Manager to set it all up correctly.  Your mail server should have an MX record, and no CNAME or alias.  Under your Master Zone you should name the NS records using the hostname.domain.tld. and the IP Addresses.

Try posting your zone records.  You should also have reverse mappins in place for all servers, at least, and they shouldn't be dynamic, they should be static.

One more thing, if you're using an upstream ISP for DNS, instead of your own Nic Registry registered DNS servers, you will have to allow for updates and notifies from upstream down to your DNS servers.

If you're trying to add in your own DNS Servers, say for local resolution, then at least your PDC and BDC have to be in your upstream DNS records, i.e., your ISP's DNS records.

You'll have to give the actual names to get them tested.
joyjmAuthor Commented:
Now both DNS server working, test is pass.
The problem is when i do nslookup for any internet address it give me timeout.  what you mean by 'Your mail server should have an MX record'?
Mail server check for mx records for all domain to send, but for yahoo.com my mail will get mx record for yahoo and it will send mails withour problem(only yahoo.com). For other domain see below...
For me i need to solve, my mail server has to send mails to respective domains
Below you can see when send different then yahoo it give error and it will send mail through my gateway that is my domain server.

Mon 2005-04-18 18:55:27: Session 419; child 2
Mon 2005-04-18 18:54:56: Parsing Message <c:\mdaemon\remoteq\pd50000074383.msg>
Mon 2005-04-18 18:54:56: From: murli@maldiveswhitesands.com
Mon 2005-04-18 18:54:56: To: support@comcare.com.mv
Mon 2005-04-18 18:54:56: Subject: RE: MDAEMON Key
Mon 2005-04-18 18:54:56: Message-ID:
Mon 2005-04-18 18:54:56: MX-record resolution of [comcare.com.mv] in progress (DNS Server:
Mon 2005-04-18 18:55:05: 10 second wait for DNS response exceeded (attempt 1 of 2).
Mon 2005-04-18 18:55:05: MX-record resolution of [comcare.com.mv] in progress (DNS Server:
Mon 2005-04-18 18:55:11: Packet from DNS server contained an outdated response
Mon 2005-04-18 18:55:15: 10 second wait for DNS response exceeded (attempt 2 of 2).
Mon 2005-04-18 18:55:15: Attempting to send message to gateway.
Mon 2005-04-18 18:55:15: Attempting SMTP connection to [www.maldiveswhitesands.com : 25]
Mon 2005-04-18 18:55:15: A-record resolution of [www.maldiveswhitesands.com] in progress (DNS Server:
Mon 2005-04-18 18:55:15: D=www.maldiveswhitesands.com TTL=(60) A=[]
Mon 2005-04-18 18:55:15: Attempting SMTP connection to [ : 25]
Mon 2005-04-18 18:55:15: Waiting for socket connection...
Mon 2005-04-18 18:55:15: Socket connection established ( : 4356 -> : 25)
Mon 2005-04-18 18:55:15: Waiting for protocol initiation...
Mon 2005-04-18 18:55:16: <-- 220 mail11a.verio-web.com SMTP RS ver 1.0.95vs
Mon 2005-04-18 18:55:16: --> EHLO maldiveswhitesands.com
Mon 2005-04-18 18:55:18: <-- 250 mail11a.verio-web.com Hello www.maldiveswhitesands.com [], I'm listening
Mon 2005-04-18 18:55:18: --> MAIL From:<murli@maldiveswhitesands.com>
Mon 2005-04-18 18:55:19: <-- 250 murli@maldiveswhitesands.com... Sender ok
Mon 2005-04-18 18:55:19: --> RCPT To:<support@comcare.com.mv>
Mon 2005-04-18 18:55:20: Packet from DNS server was not valid
Mon 2005-04-18 18:55:22: <-- 250 support@comcare.com.mv... Recipient ok
Mon 2005-04-18 18:55:22: --> DATA
Mon 2005-04-18 18:55:24: <-- 354 enter mail, end with '.' on a line by itself
Mon 2005-04-18 18:55:24: Sending <c:\mdaemon\remoteq\pd50000074383.msg> to []
Mon 2005-04-18 18:55:24: Transfer Complete.
Mon 2005-04-18 18:55:26: <-- 250 0-0737978850 Message accepted for delivery
Mon 2005-04-18 18:55:26: --> QUIT
Mon 2005-04-18 18:55:27: <-- 221 mail11a.verio-web.com closing connection
Mon 2005-04-18 18:55:27: SMTP session successful (Bytes in/out: 374/6284)
Mon 2005-04-18 18:55:27: ----------

for yahoo mail

Mon 2005-04-18 13:03:08: Session 1852; child 1
Mon 2005-04-18 13:02:41: Parsing Message <c:\mdaemon\remoteq\pd50000074244.msg>
Mon 2005-04-18 13:02:41: From: it@maldiveswhitesands.com
Mon 2005-04-18 13:02:41: To: muralijm@yahoo.com
Mon 2005-04-18 13:02:41: Subject: test
Mon 2005-04-18 13:02:41: Message-ID: <000801c543e4$9a8466e0$0401a8c0@maldiveswhitesands.com>
Mon 2005-04-18 13:02:41: MX-record resolution of [yahoo.com] in progress (DNS Server:
Mon 2005-04-18 13:02:41: Packet from DNS server was not valid
Mon 2005-04-18 13:02:51: 10 second wait for DNS response exceeded (attempt 1 of 4).
Mon 2005-04-18 13:02:51: MX-record resolution of [yahoo.com] in progress (DNS Server:
Mon 2005-04-18 13:02:58: P=005 D=yahoo.com TTL=(120) MX=[mx4.mail.yahoo.com] {}
Mon 2005-04-18 13:02:58: P=001 D=yahoo.com TTL=(120) MX=[mx3.mail.yahoo.com] {}
Mon 2005-04-18 13:02:58: P=001 D=yahoo.com TTL=(120) MX=[mx2.mail.yahoo.com] {}
Mon 2005-04-18 13:02:58: P=001 D=yahoo.com TTL=(120) MX=[mx1.mail.yahoo.com] {}
Mon 2005-04-18 13:02:58: Attempting MX: P=001 D=yahoo.com TTL=(120) MX=[mx1.mail.yahoo.com] {}
Mon 2005-04-18 13:02:58: Attempting SMTP connection to [ : 25]
Mon 2005-04-18 13:02:58: Waiting for socket connection...
Mon 2005-04-18 13:02:58: Socket connection established ( : 3890 -> : 25)
Mon 2005-04-18 13:02:58: Waiting for protocol initiation...
Mon 2005-04-18 13:03:00: <-- 220 YSmtp mta139.mail.re2.yahoo.com ESMTP service ready
Mon 2005-04-18 13:03:00: --> EHLO maldiveswhitesands.com
Mon 2005-04-18 13:03:02: <-- 250-mta139.mail.re2.yahoo.com
Mon 2005-04-18 13:03:02: <-- 250-8BITMIME
Mon 2005-04-18 13:03:02: <-- 250-SIZE 31981568
Mon 2005-04-18 13:03:02: <-- 250 PIPELINING
Mon 2005-04-18 13:03:02: --> MAIL From:<it@maldiveswhitesands.com> SIZE=1602
Mon 2005-04-18 13:03:03: <-- 250 sender <it@maldiveswhitesands.com> ok
Mon 2005-04-18 13:03:03: --> RCPT To:<muralijm@yahoo.com>
Mon 2005-04-18 13:03:03: <-- 250 recipient <muralijm@yahoo.com> ok
Mon 2005-04-18 13:03:03: --> DATA
Mon 2005-04-18 13:03:04: <-- 354 go ahead
Mon 2005-04-18 13:03:04: Sending <c:\mdaemon\remoteq\pd50000074244.msg> to []
Mon 2005-04-18 13:03:04: Transfer Complete.
Mon 2005-04-18 13:03:06: <-- 250 ok dirdel
Mon 2005-04-18 13:03:06: --> QUIT
Mon 2005-04-18 13:03:08: <-- 221 mta139.mail.re2.yahoo.com
Mon 2005-04-18 13:03:08: SMTP session successful (Bytes in/out: 279/1727)
Ok.  Apparently, some records have been updated:

Your MX record is what I'm talking about, here is what it is, delegated through Verio:

Querying a.root-servers.net ( delegated
   Querying A.GTLD-SERVERS.NET ( delegated
     Querying ns11a.verio-web.com (
 Received authoritative response
Answer Records (5)

maldiveswhitesands.com 86400 A
maldiveswhitesands.com 300 MX 50 mail-fwd.mx.verio-web.com.
maldiveswhitesands.com 86400 NS ns11a.verio-web.com.
maldiveswhitesands.com 86400 NS ns11b.verio-web.com.
maldiveswhitesands.com 86400 SOA feed11.verio-web.com.  hostmaster@verio-web.com.
Serial : 2003101129
Refresh: 2 hours
Retry  : 1 hours
Expire : 1 weeks
Minimum: 5 min

The second one is the MX record.  Because you are delegated through Verio, and the SOA is feed11.verio-web.com I suppose you're hosted somehow.

It may just take time to update, however, you have no records with the Root Servers:

How I am searching:
Searching for A record at j.root-servers.net []: Reports that no A records exist. [took 95 ms]

No A records exist for [Neg TTL=86400 seconds]

But you do have a Reverse Record:

Asking d.root-servers.net for PTR record:  
       d.root-servers.net says to go to henna.arin.net. (zone: 198.in-addr.arpa.)
Asking henna.arin.net. for PTR record:  
       henna.arin.net [] says to go to ns0.verio.net. (zone: 66.198.in-addr.arpa.)
Asking ns0.verio.net. for PTR record:  
       ns0.verio.net [] says to go to ns11a.verio-web.com. (zone: 197.66.198.in-addr.arpa.)
Asking ns11a.verio-web.com. for PTR record:  Reports www.maldiveswhitesands.com. [from]

Answer: PTR record: www.maldiveswhitesands.com. [TTL 86400s] [A=]

Which means the root servers had to rely on the Reverse Record to find your domain in one of Verio's zones and name servers.

It also may take two days for records to update at root servers.

root servers currently can't find maldiveswhitesands.com but they can find www.maldiveswhitesands.com at

Instead of maldiveswhitesands.com they get verio-web, which I suppose means what, you're hosted?

And you're also using their mailserver and forwarded MX recording, just meaning you're using their server for mail.

This is kind of a newbie setup for a real domain, however, until you get enough knowledge and expserience, it will do just fine and Verio is a good company.

You had one error from one of your internal servers:

Mon 2005-04-18 13:02:41: MX-record resolution of [yahoo.com] in progress (DNS Server:
Mon 2005-04-18 13:02:41: Packet from DNS server was not valid is local intranet and does not get out to the Internet.

Be back shortly to discuss more.
joyjmAuthor Commented:
thank you for your points, pls let short out this problem.
Comment:  This was apparently an internal error:

You had one error from one of your internal servers:

Mon 2005-04-18 13:02:41: MX-record resolution of [yahoo.com] in progress (DNS Server:
Mon 2005-04-18 13:02:41: Packet from DNS server was not valid

For whatever reason, it seemed to be resolved after this information was provided.

The internal mail servers were trying to connect to Internet mail servers directly and were failing [this seems obvious and implies the lack of relay between the internal mail servers and the External IP Address of the sending domain]. had no problems connecting to other mail servers on the Internet after trying the internal DNS and thereafter resorting to the external DNS. eventually did work:

Socket connection established ( : 4356 -> : 25)

on the smtp port 25.  Indicating either the other internal servers had to update, or they were misconfigured for relay.

I am only curious as to whether if fixed itself after DNS refresh, or was internal DNS reconfigured or forced refresh.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now