Solved

DNS Frwarding stalls out and mail flow stops

Posted on 2006-11-01
4
202 Views
Last Modified: 2010-04-18
I guess I am asking for hints on how to set up DNS and forwarding.  I have two main servers running DNS.  Server 1 (Primary) uses Server 2 (Secondary) as its DNS and Secondary uses Primary for its DNS.  And the whole domain uses Primary as it DNS to include Exchange 2003.  I set up the following Forwarders on the Primary server..

146.145.64.2
4.2.2.2
65.106.1.196
146.145.64.3
65.106.7.196
4.2.2.1

Sometimes all mail flow will stop and we will get errors like " Relay access denied".  I run a nslookup for a domain like www.google.com and it fails.  I will go into the DNS Server properties and move a different server to the top of the list, restart the DNS services and mail starts to flow. Round Robin is enabled, forward time out is 5.  Shouldnt forwarding lookups go through all the servers I have listed before failing?
0
Comment
Question by:thelink12
4 Comments
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17851392
If you're using Exchange 2003 I'm guessing this is an AD domain environment right?  And that your DNS servers are also DCs?  All name resolution for all internal computers is handled by the DCs right?

If so I'd recommend the following for your network.

For your network clients:
1.  Use only your 2 DCs as DNS servers

For your DCs:
1.  Make each DC its own primary DNS server and the other DC as the secondary
2.  Remove all DNS forwarders and let the DC resolve name via root hints
OR
2.  Configure your ISPs DNS server as the only forwarder
0
 

Author Comment

by:thelink12
ID: 17889358
I ended up removing DNS from the problematic server, all traces of DNS from the file system, rebooted, reinstalled DNS and so far everything is working well.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17929835
PAQd, 500 points refunded.

DarthMod
CS Moderator
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question