Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

DNS problems...

Running a 2008 SBS & a strange problem just started, so let me give you the history...
Was using 2 bonded T1s for phone & internet & upgraded to 10 MBs Fiber. All my IP addresses remained the same, after switchover, ran speed tests from a couple of computers & was getting 10-11 MBs up & down, all looed good. Next morning, I started getting calls that internet pages were very slow to load, timing out in some cases & emails were bouncing back. Called ISP, who reported no problems in the area, so I started digging. When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts, or delivery failed to all alternate hosts.'.
Went to try nslookup & it's coming back with;
Default Server:  UnKnown
Address:  fe80::7325:4483:880b:dfd4
I am not using IPv6, but from what I've read, it's needed with SBS 2008 and/or Exchange 2007.
My SBS does have its own address as its only DNS server in the settings.
If I go to DNS in administrative tools, right click server & tell it launch nslookup, it lists correct name & address . I can enter set type=mx, then enter one of the problem domain names & get the correct information back.
Again, I want to add that this all started after an upgrade to a fiber line.
Where do I start?
Any advice appreciated!
0
gromack
Asked:
gromack
  • 13
  • 12
  • 3
  • +1
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
Take a look at the link below which will help troubleshoot these types of DNS related issues for Exchange.

DNS External Lookup

Will.
0
 
WORKS2011Austin Tech CompanyCommented:
run Dcdiag /test:dns

run http://intodns.com 

what does http://mxtoolbox.com report (run the smtp test).
0
 
WORKS2011Austin Tech CompanyCommented:
Again, I want to add that this all started after an upgrade to a fiber line
I would confirm with your ISP that there isn't anything on their end, I'm curious if they have another route to their DNS servers.

It may just be the root hints in DNS need to update, you can manually check these.

Run ipconfig /flushdns on the server and workstations then test.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
gromackAuthor Commented:
Here's the result of running Dcdiag /test:dns

(I've replaced names of domain & mail server name)

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.MYDOMAIN>Dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = EXCHANGE
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EXCHANGE
      Starting test: Connectivity
         ......................... EXCHANGE passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EXCHANGE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EXCHANGE passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyDomain

   Running enterprise tests on : MyDomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: EXCHANGE.MyDomain.local
            Domain: MyDomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                     Warning:
                     Missing AAAA record at DNS server 192.168.20.200:
                     EXCHANGE.MyDomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.20.200:
                     gc._msdcs.MyDomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyDomain.local
               EXCHANGE                   PASS WARN FAIL PASS PASS WARN n/a

         ......................... MyDomain.local failed test DNS

C:\Users\Administrator.MYDOMAIN>
0
 
WORKS2011Austin Tech CompanyCommented:
TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

If your root hints are failing I would verify with your ISP what DNS servers they are using, I expect they changed when you switched to fiber.

As well these involve root hints:
DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
         Summary of DNS test results:
0
 
WORKS2011Austin Tech CompanyCommented:
Are you using a forwarder in your DNS config, you don't need it since you're using root hints however you might want to use 8.8.8.8 (Google DNS) for testing purposes and see how the internet performs.
0
 
WORKS2011Austin Tech CompanyCommented:
what does http://intodns.com tell you?
0
 
gromackAuthor Commented:
From  http://intodns.com I'm getting all green check marks, other than a handful of blue exclamation points, which I'm assuming aren't anything bad?
0
 
gromackAuthor Commented:
As far as forwarders vs root hints, I've always thought root hints was the preferred choice?
0
 
WORKS2011Austin Tech CompanyCommented:
Root hints are however for troubleshooting purposes if Google's DNS works we know to troubleshoot root hints.
0
 
gromackAuthor Commented:
Waiting to hear from ISP on getting a PTR record added that will hopefully fix the email issues, but as far as internet problems, the fact that if I run nslookup from command prompt I get
Default Server:  UnKnown
Address:  fe80::7325:4483:880b:dfd4

isn't part of things?
0
 
WORKS2011Austin Tech CompanyCommented:
you're resolving iPV6 and not iPv4.

what NIC do you have bound to the DNS server? Do you have a manual IP and manual DNS entry configured int it?
0
 
gromackAuthor Commented:
And why is that? WHile I'm not using IPv6, it's always been a part of the picture. This just started becoming a problem after switching from T1 to fiber, although I guess it could be coincidence. If I right click the server from within DNS & tell it launch nslookup, it works fine, too.
I have two nics in that server, only using one & the other is disabled. It has static IP & is set to use itself as its DNS server.
0
 
David AtkinIT ProfessionalCommented:
Presuming that you have restarted the DNS Server Service since the new connection?

Switch to DNS Forwards with googles IPs if the above makes no difference.
0
 
gromackAuthor Commented:
One other odd thing, is if I ping the server by name, from the exchange server, it's replying with the IPv6 address - WTF?!?!
I would just disable IPv6, but I seem to have read that even if it's not being used, 2008 SBS needs it...
0
 
gromackAuthor Commented:
Yes to both questions, David
0
 
David AtkinIT ProfessionalCommented:
ping your server and add -4 at the end of it.  Does it reply?

i.e. ping servername -4

Also, try running the Fix My Network wizard in the SBS Console to see if it shows any DNS errors.
0
 
gromackAuthor Commented:
And checking binding order on NIC shows IPv4 listed first...
0
 
WORKS2011Austin Tech CompanyCommented:
When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."

what does your email queue look like, when your ISP changes network there will be a different route which will take time to update with your server and servers downstream. This is likely to work itself out once the routing tables are updated.

Do you still have queue's waiting to deliver email or has this worked itself out?
0
 
WORKS2011Austin Tech CompanyCommented:
@David
Presuming that you have restarted the DNS Server Service since the new connection? Switch to DNS Forwards with googles IPs if the above makes no difference.

Please read previous posts prior to responding with the same information. Thank you.
0
 
gromackAuthor Commented:
Pinging with the -4 replies with the IPv4 address.
DNS errors found was that it's not listening to the IP address of the Primary adapter & that it was using forwarders.
I let it 'fix' these, but nothing has changed...
0
 
gromackAuthor Commented:
and yes, mail is starting to back up, again...
0
 
WORKS2011Austin Tech CompanyCommented:
post ipconfig /all
0
 
gromackAuthor Commented:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.MYDOMAIN>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EXCHANGE
   Primary Dns Suffix  . . . . . . . : MyDomain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MyDomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-26-B9-46-AD-80
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c2:e926:303f:c98e%10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::7325:4483:880b:dfd4%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.20.254
   DNS Servers . . . . . . . . . . . : fe80::7325:4483:880b:dfd4%10
                                       192.168.20.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0973F4DD-43D4-4C69-8070-E8143BD548B4}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator.MYDOMAIN>
0
 
gromackAuthor Commented:
Ok, my ISP sent a tech out this afternoon to investigate & found biggest part of the problem.
As it turned out, when they assigned my static IPs to the fiber circuit, they didn't bother to un-assign them from the T1 line. Once this was fixed, everything is working as expected. I'm still curious about the DNS seeming to prefer IPv6 over IPv4, but I guess if it's working, don't try to fix it.
Is this fine to leave things s is?
Never heard back if everything looked fine in my ipconfig /all file.
Can I still award the point to you, 2011, for doing all you did & putting up with some (ok, all) of my stupid questions?
Thanks, again!
0
 
David AtkinIT ProfessionalCommented:
Good find! Silly mistake on the behalf of the ISP which explains the problem.

The ipconfig looks fine.

Accept your answer as the solution but award assist points to WORKS2011 if you found his comments helpful.
0
 
WORKS2011Austin Tech CompanyCommented:
I left you an email, ask the moderator to sign me the points and I did mention contacting your ISP because it appeared to be on their end.

Actually I'll click on "request attention" now and initiate the process.
0
 
WORKS2011Austin Tech CompanyCommented:
@gromack always happy to help and always happy to work with you and not send links to ideas that may or may not work. Glad to hear the issue was resolved.
0
 
gromackAuthor Commented:
Problem eventually was tracked back to an ISP fault of not removing IP addresses from T1 circuit.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 13
  • 12
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now