Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problems with outgoing mail in exchange 2010 (DNS Issues)

Posted on 2010-09-02
15
Medium Priority
?
1,139 Views
Last Modified: 2012-05-10
We seem to be having big issues with e-mail going out from our exchange 2010 server...

Quite alot in the outgoing queue we're getting 451 4.4.0 DNS query failed
for example i just e-mailed someone at virtualvoiceservices.co.uk and it gave the above.

did nslookup
set type=mx

and it came back immediatly resolving the MX record....

I have set exchange to use external DNS for the external lookups....and ive put the google DNS server to do the lookups 8.8.8.8

Any idea's?



0
Comment
Question by:deepslalli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 33585308
Have you got DNS forwarding set up in your AD DNS server?
0
 

Author Comment

by:deepslalli
ID: 33585365
Indeed we have Sir !

Forwarding is set to ....8.8.8.8

Cheers,
S
0
 
LVL 4

Expert Comment

by:mcsallad
ID: 33585394
We had the same on our end. I disabled forwarders and used the builtin root hints in our windows dns servers instead. Now all is well.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:deepslalli
ID: 33585405
Will give this a try then ! will report back !
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33586878
I'd say - dont go for root-hints, rather go for ISP's DNS servers.
you will find the details in network connectivity section of  your firewall / router with public IP.

reason:
8.8.8.8 / Root-hints, they are couple of hops away and DNS resolution takes time.
ISP's DNS - 1 hop away = faster Name resolution.

--
run this from AD also

dcdiag /v /e /TEST:DNS > c:\dcdiag.txt

--
Also please increase the points :) - this is showing up as 50 points :(
0
 

Author Comment

by:deepslalli
ID: 33587219
Here you go !,

Havent changed the DNS yet thought id show you what was happening on the dcdiag first :-)

250 points changed dude

dcdiag.txt
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33588727
You will have to give me sometime to respond to this. I am stuck with a client issue :(

will reply.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 1000 total points
ID: 33590242
Your DNS is clean as a whistle.

a) you use Google DNS as forwarders.
Can you try using your ISPs DNS instead of Google DNS
that will perform name resolutions faster.

TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     8.8.8.8 (<name unavailable>) [Valid]
----
Go to your Firewall / Router
Fetch ISP's DNS servers from there

From your DC

start > run > dnsmgmt.msc
Right click on server name > properties > forwarders
Enter your ISP's DNS there.
----
I also noticed something interesting
It appears that your external and internal domain name's are same.
sscs.co.uk

Did you configure a split-brain DNS for name resolution ?

Please post back
0
 

Author Comment

by:deepslalli
ID: 33594887
Done that, changed the DNS to 89.105.96.51 in the forwarders thats my ISP's DNS server

Should I run that command again to test the DNS?..

As for the sscs.co.uk unsure as I didnt configure it.....:/

Many thanks,
Shaun
0
 

Author Comment

by:deepslalli
ID: 33594933
One thing i did notice in that log file was ..

 TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.1.1 (<name unavailable>) [Valid]
                     192.168.1.2 (<name unavailable>) [Invalid (unreachable)]


Where would it be picking these 2 IP's up from ? as they do not exist on our network....
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33595532
these are your local LAN IP

can you run the DNS test again
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
0
 

Author Comment

by:deepslalli
ID: 33595557
Hiya,

We don't have any IP's of 192.168.1.1 / 192.168.1.2 though....we USED to have an ADSL router on .1 but not any longer...just worried something is trying to use them ....when they dont exist any more..

Here's the updated file

Many thanks,
Shaun
dcdiag3.txt
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33595572
open IE
http://192.168.1.1

It might be the IP of your firewall / router
--
 Forwarders Information:
                     192.168.1.1 (<name unavailable>) [Valid]
                     192.168.1.2 (<name unavailable>) [Invalid (unreachable)]

---
These are IP's for local subnet. Preferably put the DNS for your public IP
Can you call up your ISP and verify the public DNS servers and put that there.

thanks


0
 

Author Comment

by:deepslalli
ID: 33595592
Aha indeed it is the IP address of our ADSL router, but all traffic is sent straight to our CISCO asa on 192.168.1.254 , 192.168.1.1 is only just acting as an ADSL router...the DNS servers are .5 and .7

I can't find anywhere on the server where its showing 192.168.1.1 and 1.2 though...not in the network adaptor settings and not in the DNS settings....?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33595602
Go here
www.canyouseeme.org

Thats your Public IP.

Can you call up your ISP and tell them your IP and phone# and ask them what is the DNS server you are using.

--
You can also check in Cisco what is the DNS server being used there.

it has to be in the same subnet as your public IP (same / similar...)
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question