Link to home
Start Free TrialLog in
Avatar of gromack
gromackFlag for United States of America

asked on

DNS problems...

Running a 2008 SBS & a strange problem just started, so let me give you the history...
Was using 2 bonded T1s for phone & internet & upgraded to 10 MBs Fiber. All my IP addresses remained the same, after switchover, ran speed tests from a couple of computers & was getting 10-11 MBs up & down, all looed good. Next morning, I started getting calls that internet pages were very slow to load, timing out in some cases & emails were bouncing back. Called ISP, who reported no problems in the area, so I started digging. When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed.  Either there are no alternate hosts, or delivery failed to all alternate hosts.'.
Went to try nslookup & it's coming back with;
Default Server:  UnKnown
Address:  fe80::7325:4483:880b:dfd4
I am not using IPv6, but from what I've read, it's needed with SBS 2008 and/or Exchange 2007.
My SBS does have its own address as its only DNS server in the settings.
If I go to DNS in administrative tools, right click server & tell it launch nslookup, it lists correct name & address . I can enter set type=mx, then enter one of the problem domain names & get the correct information back.
Again, I want to add that this all started after an upgrade to a fiber line.
Where do I start?
Any advice appreciated!
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Take a look at the link below which will help troubleshoot these types of DNS related issues for Exchange.

DNS External Lookup

Will.
run Dcdiag /test:dns

run http://intodns.com 

what does http://mxtoolbox.com report (run the smtp test).
ASKER CERTIFIED SOLUTION
Avatar of WORKS2011
WORKS2011
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gromack

ASKER

Here's the result of running Dcdiag /test:dns

(I've replaced names of domain & mail server name)

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.MYDOMAIN>Dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = EXCHANGE
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EXCHANGE
      Starting test: Connectivity
         ......................... EXCHANGE passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EXCHANGE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EXCHANGE passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyDomain

   Running enterprise tests on : MyDomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: EXCHANGE.MyDomain.local
            Domain: MyDomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                     Warning:
                     Missing AAAA record at DNS server 192.168.20.200:
                     EXCHANGE.MyDomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.20.200:
                     gc._msdcs.MyDomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyDomain.local
               EXCHANGE                   PASS WARN FAIL PASS PASS WARN n/a

         ......................... MyDomain.local failed test DNS

C:\Users\Administrator.MYDOMAIN>
TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

If your root hints are failing I would verify with your ISP what DNS servers they are using, I expect they changed when you switched to fiber.

As well these involve root hints:
DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
         Summary of DNS test results:
Are you using a forwarder in your DNS config, you don't need it since you're using root hints however you might want to use 8.8.8.8 (Google DNS) for testing purposes and see how the internet performs.
what does http://intodns.com tell you?
Avatar of gromack

ASKER

From  http://intodns.com I'm getting all green check marks, other than a handful of blue exclamation points, which I'm assuming aren't anything bad?
Avatar of gromack

ASKER

As far as forwarders vs root hints, I've always thought root hints was the preferred choice?
Root hints are however for troubleshooting purposes if Google's DNS works we know to troubleshoot root hints.
Avatar of gromack

ASKER

Waiting to hear from ISP on getting a PTR record added that will hopefully fix the email issues, but as far as internet problems, the fact that if I run nslookup from command prompt I get
Default Server:  UnKnown
Address:  fe80::7325:4483:880b:dfd4

isn't part of things?
you're resolving iPV6 and not iPv4.

what NIC do you have bound to the DNS server? Do you have a manual IP and manual DNS entry configured int it?
Avatar of gromack

ASKER

And why is that? WHile I'm not using IPv6, it's always been a part of the picture. This just started becoming a problem after switching from T1 to fiber, although I guess it could be coincidence. If I right click the server from within DNS & tell it launch nslookup, it works fine, too.
I have two nics in that server, only using one & the other is disabled. It has static IP & is set to use itself as its DNS server.
Presuming that you have restarted the DNS Server Service since the new connection?

Switch to DNS Forwards with googles IPs if the above makes no difference.
Avatar of gromack

ASKER

One other odd thing, is if I ping the server by name, from the exchange server, it's replying with the IPv6 address - WTF?!?!
I would just disable IPv6, but I seem to have read that even if it's not being used, 2008 SBS needs it...
Avatar of gromack

ASKER

Yes to both questions, David
ping your server and add -4 at the end of it.  Does it reply?

i.e. ping servername -4

Also, try running the Fix My Network wizard in the SBS Console to see if it shows any DNS errors.
Avatar of gromack

ASKER

And checking binding order on NIC shows IPv4 listed first...
When looking in my Que Manager, I found 3 domains not accepting mail, one with the message '451 4.4.0 DNS Query Failed' & the other two with '451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."

what does your email queue look like, when your ISP changes network there will be a different route which will take time to update with your server and servers downstream. This is likely to work itself out once the routing tables are updated.

Do you still have queue's waiting to deliver email or has this worked itself out?
@David
Presuming that you have restarted the DNS Server Service since the new connection? Switch to DNS Forwards with googles IPs if the above makes no difference.

Please read previous posts prior to responding with the same information. Thank you.
Avatar of gromack

ASKER

Pinging with the -4 replies with the IPv4 address.
DNS errors found was that it's not listening to the IP address of the Primary adapter & that it was using forwarders.
I let it 'fix' these, but nothing has changed...
Avatar of gromack

ASKER

and yes, mail is starting to back up, again...
post ipconfig /all
Avatar of gromack

ASKER

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.MYDOMAIN>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EXCHANGE
   Primary Dns Suffix  . . . . . . . : MyDomain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MyDomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-26-B9-46-AD-80
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c2:e926:303f:c98e%10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::7325:4483:880b:dfd4%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.20.254
   DNS Servers . . . . . . . . . . . : fe80::7325:4483:880b:dfd4%10
                                       192.168.20.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0973F4DD-43D4-4C69-8070-E8143BD548B4}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator.MYDOMAIN>
Avatar of gromack

ASKER

Ok, my ISP sent a tech out this afternoon to investigate & found biggest part of the problem.
As it turned out, when they assigned my static IPs to the fiber circuit, they didn't bother to un-assign them from the T1 line. Once this was fixed, everything is working as expected. I'm still curious about the DNS seeming to prefer IPv6 over IPv4, but I guess if it's working, don't try to fix it.
Is this fine to leave things s is?
Never heard back if everything looked fine in my ipconfig /all file.
Can I still award the point to you, 2011, for doing all you did & putting up with some (ok, all) of my stupid questions?
Thanks, again!
Good find! Silly mistake on the behalf of the ISP which explains the problem.

The ipconfig looks fine.

Accept your answer as the solution but award assist points to WORKS2011 if you found his comments helpful.
I left you an email, ask the moderator to sign me the points and I did mention contacting your ISP because it appeared to be on their end.

Actually I'll click on "request attention" now and initiate the process.
@gromack always happy to help and always happy to work with you and not send links to ideas that may or may not work. Glad to hear the issue was resolved.
Avatar of gromack

ASKER

Problem eventually was tracked back to an ISP fault of not removing IP addresses from T1 circuit.