Solved

DNS problems...

Posted on 2015-01-10
29
185 Views
Last Modified: 2015-01-14
Running a 2008 SBS & a strange problem just started, so let me give you the history...
Was using 2 bonded T1s for phone & internet & upgraded to 10 MBs Fiber. All my IP addresses remained the same, after switchover, ran speed tests from a couple of computers & was getting 10-11 MBs up & down, all looed good. Next morning, I started getting calls that internet pages were very slow to load, timing out in some cases & emails were bouncing back. Called ISP, who reported no problems in the area, so I started digging. When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts, or delivery failed to all alternate hosts.'.
Went to try nslookup & it's coming back with;
Default Server:  UnKnown
Address:  fe80::7325:4483:880b:dfd4
I am not using IPv6, but from what I've read, it's needed with SBS 2008 and/or Exchange 2007.
My SBS does have its own address as its only DNS server in the settings.
If I go to DNS in administrative tools, right click server & tell it launch nslookup, it lists correct name & address . I can enter set type=mx, then enter one of the problem domain names & get the correct information back.
Again, I want to add that this all started after an upgrade to a fiber line.
Where do I start?
Any advice appreciated!
0
Comment
Question by:gromack
  • 13
  • 12
  • 3
  • +1
29 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40542194
Take a look at the link below which will help troubleshoot these types of DNS related issues for Exchange.

DNS External Lookup

Will.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40542236
run Dcdiag /test:dns

run http://intodns.com

what does http://mxtoolbox.com report (run the smtp test).
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 40542240
Again, I want to add that this all started after an upgrade to a fiber line
I would confirm with your ISP that there isn't anything on their end, I'm curious if they have another route to their DNS servers.

It may just be the root hints in DNS need to update, you can manually check these.

Run ipconfig /flushdns on the server and workstations then test.
0
 

Author Comment

by:gromack
ID: 40543252
Here's the result of running Dcdiag /test:dns

(I've replaced names of domain & mail server name)

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.MYDOMAIN>Dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = EXCHANGE
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EXCHANGE
      Starting test: Connectivity
         ......................... EXCHANGE passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EXCHANGE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EXCHANGE passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyDomain

   Running enterprise tests on : MyDomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: EXCHANGE.MyDomain.local
            Domain: MyDomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                     Warning:
                     Missing AAAA record at DNS server 192.168.20.200:
                     EXCHANGE.MyDomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.20.200:
                     gc._msdcs.MyDomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyDomain.local
               EXCHANGE                   PASS WARN FAIL PASS PASS WARN n/a

         ......................... MyDomain.local failed test DNS

C:\Users\Administrator.MYDOMAIN>
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40543274
TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

If your root hints are failing I would verify with your ISP what DNS servers they are using, I expect they changed when you switched to fiber.

As well these involve root hints:
DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
         Summary of DNS test results:
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40543277
Are you using a forwarder in your DNS config, you don't need it since you're using root hints however you might want to use 8.8.8.8 (Google DNS) for testing purposes and see how the internet performs.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40543278
what does http://intodns.com tell you?
0
 

Author Comment

by:gromack
ID: 40543427
From  http://intodns.com I'm getting all green check marks, other than a handful of blue exclamation points, which I'm assuming aren't anything bad?
0
 

Author Comment

by:gromack
ID: 40543430
As far as forwarders vs root hints, I've always thought root hints was the preferred choice?
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40543543
Root hints are however for troubleshooting purposes if Google's DNS works we know to troubleshoot root hints.
0
 

Author Comment

by:gromack
ID: 40543557
Waiting to hear from ISP on getting a PTR record added that will hopefully fix the email issues, but as far as internet problems, the fact that if I run nslookup from command prompt I get
Default Server:  UnKnown
Address:  fe80::7325:4483:880b:dfd4

isn't part of things?
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40543571
you're resolving iPV6 and not iPv4.

what NIC do you have bound to the DNS server? Do you have a manual IP and manual DNS entry configured int it?
0
 

Author Comment

by:gromack
ID: 40543886
And why is that? WHile I'm not using IPv6, it's always been a part of the picture. This just started becoming a problem after switching from T1 to fiber, although I guess it could be coincidence. If I right click the server from within DNS & tell it launch nslookup, it works fine, too.
I have two nics in that server, only using one & the other is disabled. It has static IP & is set to use itself as its DNS server.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40543888
Presuming that you have restarted the DNS Server Service since the new connection?

Switch to DNS Forwards with googles IPs if the above makes no difference.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:gromack
ID: 40543894
One other odd thing, is if I ping the server by name, from the exchange server, it's replying with the IPv6 address - WTF?!?!
I would just disable IPv6, but I seem to have read that even if it's not being used, 2008 SBS needs it...
0
 

Author Comment

by:gromack
ID: 40543903
Yes to both questions, David
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40543949
ping your server and add -4 at the end of it.  Does it reply?

i.e. ping servername -4

Also, try running the Fix My Network wizard in the SBS Console to see if it shows any DNS errors.
0
 

Author Comment

by:gromack
ID: 40543959
And checking binding order on NIC shows IPv4 listed first...
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40544297
When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."

what does your email queue look like, when your ISP changes network there will be a different route which will take time to update with your server and servers downstream. This is likely to work itself out once the routing tables are updated.

Do you still have queue's waiting to deliver email or has this worked itself out?
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40544302
@David
Presuming that you have restarted the DNS Server Service since the new connection? Switch to DNS Forwards with googles IPs if the above makes no difference.

Please read previous posts prior to responding with the same information. Thank you.
0
 

Author Comment

by:gromack
ID: 40544457
Pinging with the -4 replies with the IPv4 address.
DNS errors found was that it's not listening to the IP address of the Primary adapter & that it was using forwarders.
I let it 'fix' these, but nothing has changed...
0
 

Author Comment

by:gromack
ID: 40544478
and yes, mail is starting to back up, again...
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40544699
post ipconfig /all
0
 

Author Comment

by:gromack
ID: 40544736
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.MYDOMAIN>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EXCHANGE
   Primary Dns Suffix  . . . . . . . : MyDomain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MyDomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-26-B9-46-AD-80
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c2:e926:303f:c98e%10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::7325:4483:880b:dfd4%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.20.254
   DNS Servers . . . . . . . . . . . : fe80::7325:4483:880b:dfd4%10
                                       192.168.20.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0973F4DD-43D4-4C69-8070-E8143BD548B4}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator.MYDOMAIN>
0
 

Author Comment

by:gromack
ID: 40545829
Ok, my ISP sent a tech out this afternoon to investigate & found biggest part of the problem.
As it turned out, when they assigned my static IPs to the fiber circuit, they didn't bother to un-assign them from the T1 line. Once this was fixed, everything is working as expected. I'm still curious about the DNS seeming to prefer IPv6 over IPv4, but I guess if it's working, don't try to fix it.
Is this fine to leave things s is?
Never heard back if everything looked fine in my ipconfig /all file.
Can I still award the point to you, 2011, for doing all you did & putting up with some (ok, all) of my stupid questions?
Thanks, again!
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40546115
Good find! Silly mistake on the behalf of the ISP which explains the problem.

The ipconfig looks fine.

Accept your answer as the solution but award assist points to WORKS2011 if you found his comments helpful.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40549351
I left you an email, ask the moderator to sign me the points and I did mention contacting your ISP because it appeared to be on their end.

Actually I'll click on "request attention" now and initiate the process.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40549362
@gromack always happy to help and always happy to work with you and not send links to ideas that may or may not work. Glad to hear the issue was resolved.
0
 

Author Closing Comment

by:gromack
ID: 40549396
Problem eventually was tracked back to an ISP fault of not removing IP addresses from T1 circuit.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now