gromack
asked on
DNS problems...
Running a 2008 SBS & a strange problem just started, so let me give you the history...
Was using 2 bonded T1s for phone & internet & upgraded to 10 MBs Fiber. All my IP addresses remained the same, after switchover, ran speed tests from a couple of computers & was getting 10-11 MBs up & down, all looed good. Next morning, I started getting calls that internet pages were very slow to load, timing out in some cases & emails were bouncing back. Called ISP, who reported no problems in the area, so I started digging. When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'.
Went to try nslookup & it's coming back with;
Default Server: UnKnown
Address: fe80::7325:4483:880b:dfd4
I am not using IPv6, but from what I've read, it's needed with SBS 2008 and/or Exchange 2007.
My SBS does have its own address as its only DNS server in the settings.
If I go to DNS in administrative tools, right click server & tell it launch nslookup, it lists correct name & address . I can enter set type=mx, then enter one of the problem domain names & get the correct information back.
Again, I want to add that this all started after an upgrade to a fiber line.
Where do I start?
Any advice appreciated!
Was using 2 bonded T1s for phone & internet & upgraded to 10 MBs Fiber. All my IP addresses remained the same, after switchover, ran speed tests from a couple of computers & was getting 10-11 MBs up & down, all looed good. Next morning, I started getting calls that internet pages were very slow to load, timing out in some cases & emails were bouncing back. Called ISP, who reported no problems in the area, so I started digging. When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.'.
Went to try nslookup & it's coming back with;
Default Server: UnKnown
Address: fe80::7325:4483:880b:dfd4
I am not using IPv6, but from what I've read, it's needed with SBS 2008 and/or Exchange 2007.
My SBS does have its own address as its only DNS server in the settings.
If I go to DNS in administrative tools, right click server & tell it launch nslookup, it lists correct name & address . I can enter set type=mx, then enter one of the problem domain names & get the correct information back.
Again, I want to add that this all started after an upgrade to a fiber line.
Where do I start?
Any advice appreciated!
run Dcdiag /test:dns
run http://intodns.com
what does http://mxtoolbox.com report (run the smtp test).
run http://intodns.com
what does http://mxtoolbox.com report (run the smtp test).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here's the result of running Dcdiag /test:dns
(I've replaced names of domain & mail server name)
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.MYD OMAIN>Dcdi ag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = EXCHANGE
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX CHANGE
Starting test: Connectivity
......................... EXCHANGE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX CHANGE
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... EXCHANGE passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : MyDomain
Running enterprise tests on : MyDomain.local
Starting test: DNS
Test results for domain controllers:
DC: EXCHANGE.MyDomain.local
Domain: MyDomain.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
TEST: Records registration (RReg)
Network Adapter
[00000006] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):
Warning:
Missing AAAA record at DNS server 192.168.20.200:
EXCHANGE.MyDomain.local
Warning:
Missing AAAA record at DNS server 192.168.20.200:
gc._msdcs.MyDomain.local
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: MyDomain.local
EXCHANGE PASS WARN FAIL PASS PASS WARN n/a
......................... MyDomain.local failed test DNS
C:\Users\Administrator.MYD OMAIN>
(I've replaced names of domain & mail server name)
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.MYD
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = EXCHANGE
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX
Starting test: Connectivity
......................... EXCHANGE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... EXCHANGE passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : MyDomain
Running enterprise tests on : MyDomain.local
Starting test: DNS
Test results for domain controllers:
DC: EXCHANGE.MyDomain.local
Domain: MyDomain.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
TEST: Records registration (RReg)
Network Adapter
[00000006] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):
Warning:
Missing AAAA record at DNS server 192.168.20.200:
EXCHANGE.MyDomain.local
Warning:
Missing AAAA record at DNS server 192.168.20.200:
gc._msdcs.MyDomain.local
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: MyDomain.local
EXCHANGE PASS WARN FAIL PASS PASS WARN n/a
......................... MyDomain.local failed test DNS
C:\Users\Administrator.MYD
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
If your root hints are failing I would verify with your ISP what DNS servers they are using, I expect they changed when you switched to fiber.
As well these involve root hints:
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Are you using a forwarder in your DNS config, you don't need it since you're using root hints however you might want to use 8.8.8.8 (Google DNS) for testing purposes and see how the internet performs.
what does http://intodns.com tell you?
ASKER
From http://intodns.com I'm getting all green check marks, other than a handful of blue exclamation points, which I'm assuming aren't anything bad?
ASKER
As far as forwarders vs root hints, I've always thought root hints was the preferred choice?
Root hints are however for troubleshooting purposes if Google's DNS works we know to troubleshoot root hints.
ASKER
Waiting to hear from ISP on getting a PTR record added that will hopefully fix the email issues, but as far as internet problems, the fact that if I run nslookup from command prompt I get
Default Server: UnKnown
Address: fe80::7325:4483:880b:dfd4
isn't part of things?
Default Server: UnKnown
Address: fe80::7325:4483:880b:dfd4
isn't part of things?
you're resolving iPV6 and not iPv4.
what NIC do you have bound to the DNS server? Do you have a manual IP and manual DNS entry configured int it?
what NIC do you have bound to the DNS server? Do you have a manual IP and manual DNS entry configured int it?
ASKER
And why is that? WHile I'm not using IPv6, it's always been a part of the picture. This just started becoming a problem after switching from T1 to fiber, although I guess it could be coincidence. If I right click the server from within DNS & tell it launch nslookup, it works fine, too.
I have two nics in that server, only using one & the other is disabled. It has static IP & is set to use itself as its DNS server.
I have two nics in that server, only using one & the other is disabled. It has static IP & is set to use itself as its DNS server.
Presuming that you have restarted the DNS Server Service since the new connection?
Switch to DNS Forwards with googles IPs if the above makes no difference.
Switch to DNS Forwards with googles IPs if the above makes no difference.
ASKER
One other odd thing, is if I ping the server by name, from the exchange server, it's replying with the IPv6 address - WTF?!?!
I would just disable IPv6, but I seem to have read that even if it's not being used, 2008 SBS needs it...
I would just disable IPv6, but I seem to have read that even if it's not being used, 2008 SBS needs it...
ASKER
Yes to both questions, David
ping your server and add -4 at the end of it. Does it reply?
i.e. ping servername -4
Also, try running the Fix My Network wizard in the SBS Console to see if it shows any DNS errors.
i.e. ping servername -4
Also, try running the Fix My Network wizard in the SBS Console to see if it shows any DNS errors.
ASKER
And checking binding order on NIC shows IPv4 listed first...
When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."
what does your email queue look like, when your ISP changes network there will be a different route which will take time to update with your server and servers downstream. This is likely to work itself out once the routing tables are updated.
Do you still have queue's waiting to deliver email or has this worked itself out?
@David
Please read previous posts prior to responding with the same information. Thank you.
Presuming that you have restarted the DNS Server Service since the new connection? Switch to DNS Forwards with googles IPs if the above makes no difference.
Please read previous posts prior to responding with the same information. Thank you.
ASKER
Pinging with the -4 replies with the IPv4 address.
DNS errors found was that it's not listening to the IP address of the Primary adapter & that it was using forwarders.
I let it 'fix' these, but nothing has changed...
DNS errors found was that it's not listening to the IP address of the Primary adapter & that it was using forwarders.
I let it 'fix' these, but nothing has changed...
ASKER
and yes, mail is starting to back up, again...
post ipconfig /all
ASKER
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.MYD OMAIN>ipco nfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : EXCHANGE
Primary Dns Suffix . . . . . . . : MyDomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MyDomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-26-B9-46-AD-80
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4c2:e926:303f:c98e%1 0(Preferre d)
Link-local IPv6 Address . . . . . : fe80::7325:4483:880b:dfd4% 10(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.20.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.254
DNS Servers . . . . . . . . . . . : fe80::7325:4483:880b:dfd4% 10
192.168.20.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0973F4DD-43D4-4C69 -8070-E814 3BD548B4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator.MYD OMAIN>
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.MYD
Windows IP Configuration
Host Name . . . . . . . . . . . . : EXCHANGE
Primary Dns Suffix . . . . . . . : MyDomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MyDomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-26-B9-46-AD-80
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4c2:e926:303f:c98e%1
Link-local IPv6 Address . . . . . : fe80::7325:4483:880b:dfd4%
IPv4 Address. . . . . . . . . . . : 192.168.20.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.254
DNS Servers . . . . . . . . . . . : fe80::7325:4483:880b:dfd4%
192.168.20.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0973F4DD-43D4-4C69
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator.MYD
ASKER
Ok, my ISP sent a tech out this afternoon to investigate & found biggest part of the problem.
As it turned out, when they assigned my static IPs to the fiber circuit, they didn't bother to un-assign them from the T1 line. Once this was fixed, everything is working as expected. I'm still curious about the DNS seeming to prefer IPv6 over IPv4, but I guess if it's working, don't try to fix it.
Is this fine to leave things s is?
Never heard back if everything looked fine in my ipconfig /all file.
Can I still award the point to you, 2011, for doing all you did & putting up with some (ok, all) of my stupid questions?
Thanks, again!
As it turned out, when they assigned my static IPs to the fiber circuit, they didn't bother to un-assign them from the T1 line. Once this was fixed, everything is working as expected. I'm still curious about the DNS seeming to prefer IPv6 over IPv4, but I guess if it's working, don't try to fix it.
Is this fine to leave things s is?
Never heard back if everything looked fine in my ipconfig /all file.
Can I still award the point to you, 2011, for doing all you did & putting up with some (ok, all) of my stupid questions?
Thanks, again!
Good find! Silly mistake on the behalf of the ISP which explains the problem.
The ipconfig looks fine.
Accept your answer as the solution but award assist points to WORKS2011 if you found his comments helpful.
The ipconfig looks fine.
Accept your answer as the solution but award assist points to WORKS2011 if you found his comments helpful.
I left you an email, ask the moderator to sign me the points and I did mention contacting your ISP because it appeared to be on their end.
Actually I'll click on "request attention" now and initiate the process.
Actually I'll click on "request attention" now and initiate the process.
@gromack always happy to help and always happy to work with you and not send links to ideas that may or may not work. Glad to hear the issue was resolved.
ASKER
Problem eventually was tracked back to an ISP fault of not removing IP addresses from T1 circuit.
DNS External Lookup
Will.