cannot find mx record associated with yahoo.com & tampabay.rr.com

strange all of a sudden email send to yahoo is stuck in the exchange queue.  i did the following

cmd
nslookup
set type=mx
yahoo.com

and it returns:

Server:  dnsserver.acme.com
Address:  10.0.0.1

DNS request timed out.
    timeout was 2 seconds.
*** Request to dnsserver.acme.com timed-out

i flushed my cache, cleared my cache but nothing helps.  any ideas why this may be?

my dns is forwarding entries to my ISP's DNS servers.  i've tried rebooting the computer still no luck.  i can find the mx record to all other sites that i've tried except for these two.

thanks

myfootsmells
LVL 5
myfootsmellsAsked:
Who is Participating?
 
northcideCommented:
make sure there is nothing in your HOSTS file.  also what happens when you do an nslookup directly from your ISP's dns servers? :

cmd
nslookup
server ns1.myisp.com
set type=mx
yahoo.com
0
 
NJComputerNetworksCommented:
Server:  dnsserver.acme.com
Address:  10.0.0.1                         <<--- this is the server you are querying.. this is your internal DNS server

DNS request timed out.                  << --- this is the response......
    timeout was 2 seconds.
*** Request to dnsserver.acme.com timed-out


Can you perform an NSLOOKUP query on any internal host and get a response...?

It seems as if your local DNS server is not responding or it is not forwarding to the ISP...

I would guess that either you ISP changed its DNS server IP addresses (and this would mean that you should update your Forwarders tab) or your internal DNS server is not forwarding or functioning for some reason.

If you can, set your forwarders tab on your loacl DNS server to the IP of your ROUTER..  If you are using a sonicwall or lynksys or watchguard router for example, you can point your Windows DNs server to this router... the router will then forward the requests to the ISP DNS servers.  Many times the router will be setup with a DHCP address from the ISP and will get updated with new ISP DNS server address as they change...
0
 
feptiasCommented:
You can also increase the timeout in nslookup - the default of 2 secs is quite short:
set timeout=10

(NJComputerNetworks, I'm not sure that pointing the forwarder at the router is as good as pointing it directly at the IP address of the ISP's DNS servers. Not all routers will proxy for DNS and I would expect the majority of users who've got Win Server 2003 to be on static IP addresses not DHCP from their ISP).
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
myfootsmellsAuthor Commented:
setting the timeout to 10 still causes a problem; however, when I set the dns server to my ISPs, it wasn't an issue.  odd?
0
 
northcideCommented:
turn off your forwarders and just make sure recursion works, see if that works.
0
 
myfootsmellsAuthor Commented:
i think i figured out the problem but i dont know why it's behaving like this.  i have a cisco pix firewall and it automatically drops DNS packets that are larger than 512k.  when i do an nslookup of yahoo.com, the packets my ISP is setting back to me are larger than 512k; however, when i set the nslookup server to my ISP's DNS server, the packets aren't greater.

anyone know why?
0
 
northcideCommented:
ah, thats right! had that problem 20 times over the years. 512 bytes is typically not enough for many major dns servers.

need to raise the allowed DNS packet size to be bigger.  1024 should be big enough, but some people recommend 4096.  I'm not a firewall guy but this might be the fix...

Chicago(config)# policy-map global_policy

Chicago(config-pmap)# class inspection_default

Chicago(config-pmap-c)# inspect dns maximum-length 1024




0
 
myfootsmellsAuthor Commented:
altered my Cisco PIX to allow DNS packets to be 582 kb and that fixed it.

thanks!
0
 
myfootsmellsAuthor Commented:
fixup protocol dns maximum-length 582

was the cisco pix command
0
 
northcideCommented:
you should change it to 1024 or else there is a very good chance the problem will reappear
0
 
northcideCommented:
and thats why i dont do firewalls :)
0
 
myfootsmellsAuthor Commented:
i just did because it caused a problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.