Solved

Exchange Edge 2007 Server

Posted on 2014-10-22
6
77 Views
Last Modified: 2014-12-02
Recently we have inbound mail stuck at Edge server with error 451 4.4.0 DNS Query Failed..due to primary DNS was shutdown. After we switch on primary DNS , the mail flow to internal became normal.

As Microsoft mentioned it was due to this problem commonly occurs as a result of a mistake in the configuration of the DNS settings of the Edge Transport server. Therefore, you can resolve this problem by correcting the DNS configuation.

This is only one times happened in 2 years. So i not sure if this really a DNS configration issue.

The edge server has 2 network cards.

Network1 was label as External Lan has Public IP address (IPv4) and 2 internal DNS assigned.
Network2 was label as Internal Lan has Public IP adddress (IPv4),subnet mask but NO DNS assigned.

The adapter and bindings at "Advanced Settings" was set Network2 at top follow by Network1

The DNS configuration on the Edge Transport server:

Internal DNS Lookups - set to All availablle
External DNS lookups - set to All available.

http://technet.microsoft.com/en-us/library/bb851512(v=exchg.80).aspx

When we reboot Primary DNS, and do nslookup for internal servers on Edge server, nslookup failed to resolve the internal server. It seems that it doesn't query Secondary DNS server when primary DNS not available.

Does the DNS configuration settings is correct on Edge server?
Why nslookup failed when primary DNS reboot?
It is possibility that the "internal DNS lookups" on Edge look for Network 2 (NO DNS assigned) which cause the issue?
0
Comment
Question by:suriyaehnop
  • 3
  • 3
6 Comments
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 40400707
i wonder why your external lan has internal DNS.


the best practice is if it is external facing, use external dns
and setup the internal facing to use internal dns.
http://technet.microsoft.com/en-us/library/bb124896(v=exchg.80).aspx
0
 
LVL 18

Author Comment

by:suriyaehnop
ID: 40406037
I not sure why...this is one of our client.
0
 
LVL 36

Expert Comment

by:Jian An Lim
ID: 40407328
can we change it accordingly to the recommendation?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 18

Author Comment

by:suriyaehnop
ID: 40407858
afraid not
0
 
LVL 36

Expert Comment

by:Jian An Lim
ID: 40408091
as what technet suggest, the proper way is to setup external lan to external dns,  and internal lan to internal dns

so what do you expect from us?
0
 
LVL 18

Author Closing Comment

by:suriyaehnop
ID: 40477942
thank you
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
how to add IIS SMTP to handle application/Scanner relays into office 365.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now