Exchange2003/wins2003/https/ 2 confirmed eml addys are being rejected

Eml is functional and working with hundreds of emails per day.  I have 2 outside addresses that are both confirmed via hotmail that I rec. the following error on:
a non-delivery report with a status code of 5.4.0 was generated for recipient X
Causes: ....msg. indicates a dns problem or an ip address configuration problem.
solution: check the dns using nslookup or dnsq.....
---
if i nslookup the domain name my server is able to resolve it back to an ip address.  This is only happening to 2 recipient addresses and they are both confirmed.
Any ideas?
bingbooAsked:
Who is Participating?
 
Jamie McKillopIT ManagerCommented:
You definately have a DNS issue. Try an NSlookup against your ISP's DNS server and see if you are getting the same strange results. This will tell if if the problem is with their DNS or your DNS.

JJ
0
 
Jamie McKillopIT ManagerCommented:
From your Exchange server, did you use nslookup to query the MX records for that domain? You should then try to telenet to port 25 of the returned records.

JJ
0
 
bingbooAuthor Commented:
k -- the domain in question that can't send mail to is:
mail.servicebrands.com

if i nslookup i can resolve it to addy from my exchange server. I did zonedit to find their mx record which points to mail.servicebrands.com which resolves back to the same addy.  looks like they are block 25 from telnet access.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Jamie McKillopIT ManagerCommented:
If I do an nslookup, there are no MX records for mail.servicebrands.com. There is an MX for servicebrands.com so it looks like the e-mail address you have for these recipients is wrong. Try removing "mail" from their addresses.

JJ
0
 
bingbooAuthor Commented:
interesting --- if i go to dnsreport.com and use their mx test:
Host      Preference      IP(s) [Country]      
mail.servicebrands.com      0      152.160.68.126 [US]

if i ping mail.servicebrands.com i rec. addy of:  64.20.37.22 from within my lan.  If i drop out of LAN i rec. the same address that dnsreports has.



0
 
Jamie McKillopIT ManagerCommented:
mail.servicebrands.com is the DNS name of their mail server. When I try your test at dnsreport.com, I get this:

Getting MX record for mail.servicebrands.com (from local DNS server, may be cached)...   There is no MX record for mail.servicebrands.com!  That's bad.
Checking for an A record... Got it!

Notice it doesn't find an MX, just an A record... like it says, that's bad.

JJ
0
 
bingbooAuthor Commented:
but even with just an A record it should still resolve out...
and they receive email from outside of our domain.  Plus it looks like the problem appears to be 2 ip addresses associated with the same record.
when i ping:
lan: 64.20.37.22
charter backbone (and dnsreport):152.160.68.126
so the problem looks to be when someone sends mail through our exchange server it looks at 64.20.37.22 to send the mail which is incorrect, then get a failure error.

I am beginning to think that this might have something to do with my ISP having the wrong info in their DNS servers (which feeds ours).  Or is there something on my end that I need to check?

0
 
Jamie McKillopIT ManagerCommented:
If you are getting the 64 address when pinging mail.servicebrands.com then you definately have a DNS problem.

JJ
0
 
bingbooAuthor Commented:
Oh yeah this just became a lot more odd --- I am only having this problem with 2 email addresses my clients are trying to send mail to:
The crazy part is, I just ran all of the same tests against their mail server and received a diff ip addy then when WAN, BUT when I am LAN'd and I ping their mail servers, BOTH RESOLVE TO  64.20.37.22

WHICH IS OWNED BY:

OrgName:    Interserver, Inc
OrgID:      INTER-83
Address:    PO Box 244
City:       Fort Lee
StateProv:  NJ
PostalCode: 07024
Country:    US

ReferralServer: rwhois://rwhois.trouble-free.net:4321

NetRange:   64.20.32.0 - 64.20.63.255
CIDR:       64.20.32.0/19
NetName:    NJIIX
NetHandle:  NET-64-20-32-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS.TROULBE-FREE.NET
NameServer: DNS2.TROUBLE-FREE.NET
Comment:    Please use abuse@trouble-free.net for all abuse reports.
RegDate:    2005-04-07
Updated:    2006-02-24

OrgTechHandle: NOC1390-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-201-643-0134
OrgTechEmail:  network@njiix.net

# ARIN WHOIS database, last updated 2006-07-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
0
 
bingbooAuthor Commented:
sorry just read that again and it might be confusing.
That is to say, when I ping or nslookup LAN side, both mail.servicebrands.com AND mail.XXX.com resolve to  64.20.37.22
0
 
bingbooAuthor Commented:
Ok, it is most def. my Server and not providers DNS.
0
 
Jamie McKillopIT ManagerCommented:
I've seen this before. Are you using Windows DNS? If so, check your root hints to make sure there aren't any strange entries. There is some type of malware out there that I've seen add incorrect entries.

JJ
0
 
bingbooAuthor Commented:
I inherited this network and there a lot of root hints going all the way from

m.root-servers.net
....all the way down to.....
a.root-servers.net

and corresponding 13 different addresses associated with each server name.  We only have the one DNS server on our network and 2 that we use from our ISP.

0
 
bingbooAuthor Commented:
can i safely delete all of them? this is our domain controller, nothing gets installed on here. hack?
0
 
Jamie McKillopIT ManagerCommented:
Those are correct. Do any of the IPs start with something other than 192, 198, of 128? Some will be listed as "unknown", which is normal.

JJ
0
 
bingbooAuthor Commented:
full list:
m.root-servers.net = 202.12.27.33
l.root-servers.net   =198.32.64.12
k.root-servers.net   =193.0.14.129
j.root-servers.net    =198.41.0.10
i.root-servers.net    =192.36.148.17
h.root-servers.net   =128.63..2.53
g.root-servers.net   =192.112.36.4
f.root-servers.net    =192.5.5.241
e.root-servers.net   =192.203.230.10
d.root-servers.net   =128.8.10.90
c.root-servers.net   =192.33.4.12
b.root-servers.net   =128.9.0.107
a.root-servers.net   =198.41.0.4

none of these addys point to anything in my subnet.....so to answer your question looks like --- m and k are not one of the three options...
0
 
bingbooAuthor Commented:
by the way--- very very much appreciate your help.
0
 
bingbooAuthor Commented:
I did a net-ipinfo look up on all of those and they seem to be legit.
0
 
SembeeCommented:
If you suspect that your root hints are wrong, then simply configure forwarders in the DNS server and use your ISPs Servers. That will avoid the root hints totally.

Simon.
0
 
bingbooAuthor Commented:
I have no idea if they are wrong, I didn't even know i had an issue until i started dealing with these two email addresses... the only thing that has changed in our set up is that we have just recently brought our email in house and running exchange2003 with no problems except nobody can send email to these two people (outside email addresses) - worst part is both of their mail servers resolve to the same ip addy when LAN'd.
0
 
bingbooAuthor Commented:
are there any draw back to configuring forwarders to my isp dns?
0
 
SembeeCommented:
I make the change to use ISP DNS as a standard practise when setting up a new domain.

Simon.
0
 
bingbooAuthor Commented:
in my dns.log --- i have entries saying the dns server encountered an invlaid domain name in a packet from 64.20.37.22.....???
0
 
Jamie McKillopIT ManagerCommented:
Is there anything currently setup on your forwarders tab?

JJ
0
 
bingbooAuthor Commented:
nothing in forwarders.
0
 
bingbooAuthor Commented:
k - i just added both of isp dns as forwarders --- i have not removed root-hints.... updated server data files...still having issue.
0
 
bingbooAuthor Commented:
I opened a dns ticket in networking :
http://www.experts-exchange.com/Networking/Q_21925860.html

thx again for your help in narrowing this down.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.