DNS Query failed
I am having problems sending to a single domain from our mail server. The domain is Durango.k12.co.us. the user has sent to this domain in the past but recently cannot. I have tried an nslookup on the domain but it cannot resolve it. I have tried changing the server and still no luck. The user tells me that she can send to this domain from a gmail account. the message from the Exchange server is
451 4.4.0 Dns query failed with error timeout
451 4.4.0 Dns query failed with error timeout
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We had a typo when we did an nslookup so that is why we did not get a proper response. The nslookup of the mx record actually came back exactly how Kimputer showed but it still returns the 451 4.4.0 DNS query failed wrror.
Try flushing the DNS cache on your domain controller (assuming you are running DNS internally on your Domain Controller).
Often you will find that some erroneous entries are cached, and if in the past you were able to send to this domain then it may simply be that the nameservers for that domain changed, and your cache is still point at the old nameservers. Hence the timeout on the query.
Often you will find that some erroneous entries are cached, and if in the past you were able to send to this domain then it may simply be that the nameservers for that domain changed, and your cache is still point at the old nameservers. Hence the timeout on the query.
ASKER
If the nslookup on my mail server returns the correct information, shouldn't it be able to send mail to that domain?
> set q=mx
> durango.k12.co.us
Server: dc1.context.local
Address: 192.168.50.10
Non-authoritative answer:
durango.k12.co.us MX preference = 1, mail exchanger = aspmx.l.google.com
durango.k12.co.us MX preference = 10, mail exchanger = aspmx2.googlemail.
om
durango.k12.co.us MX preference = 10, mail exchanger = aspmx3.googlemail.
o
durango.k12.co.us MX preference = 5, mail exchanger = alt1.aspmx.l.google
com
durango.k12.co.us MX preference = 5, mail exchanger = alt2.aspmx.l.google
com
aspmx.l.google.com internet address = 74.125.202.26
aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:4001:c05::1a
alt1.aspmx.l.google.com internet address = 173.194.204.26
alt1.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400d:c07::1a
alt2.aspmx.l.google.com internet address = 74.125.141.27
alt2.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400c:c06::1b
>
> set q=mx
> durango.k12.co.us
Server: dc1.context.local
Address: 192.168.50.10
Non-authoritative answer:
durango.k12.co.us MX preference = 1, mail exchanger = aspmx.l.google.com
durango.k12.co.us MX preference = 10, mail exchanger = aspmx2.googlemail.
om
durango.k12.co.us MX preference = 10, mail exchanger = aspmx3.googlemail.
o
durango.k12.co.us MX preference = 5, mail exchanger = alt1.aspmx.l.google
com
durango.k12.co.us MX preference = 5, mail exchanger = alt2.aspmx.l.google
com
aspmx.l.google.com internet address = 74.125.202.26
aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:4001:c05::1a
alt1.aspmx.l.google.com internet address = 173.194.204.26
alt1.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400d:c07::1a
alt2.aspmx.l.google.com internet address = 74.125.141.27
alt2.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400c:c06::1b
>
Check that Exchange is actually using your local DNS (it should be) and that it is not caching DNS - however this is on the assumption that your Exchange server is sending directly and not through a smart host / relay - if you are using a smart host / relay then that is where the problem lies.
Honestly, i dropped out of this question because im being ignored.
Graham, your advising somebody send mail straight over the internet, and im not facilitating that and giving incorrect answers intentionally, maybe you dont know but that is a 100% non runner today its not 1975 you dont send through ISP smart hosts anymore. It is highly highly insecure. Your giving the wrong advice here to some guy just so you can get 2000 points. No your smart host should not be doing your DNS, and definetly no your AD should not be doing Exchange DNS either, absolutely ridiculous.
These guys need to be advised the correct solutions, they need to send and receive mail through third party companies these days.
When you do this you dont get cryptolocker landing on a desktop and a 5K itsupport bill.
Sorry but im just not sitting here giving incorrect answers to guys for points intentionally. rant over.
Further explanation of what im saying the main problem with this setup is sending and receiving mail directly over the internet is something a small business of 5 people or a company of 10000 people should not be doing, it is a 100% no no in todays game, you will get blacklisted and or spammed to death 2 of many many reasons. Highly highly insecure.
Graham, your advising somebody send mail straight over the internet, and im not facilitating that and giving incorrect answers intentionally, maybe you dont know but that is a 100% non runner today its not 1975 you dont send through ISP smart hosts anymore. It is highly highly insecure. Your giving the wrong advice here to some guy just so you can get 2000 points. No your smart host should not be doing your DNS, and definetly no your AD should not be doing Exchange DNS either, absolutely ridiculous.
These guys need to be advised the correct solutions, they need to send and receive mail through third party companies these days.
When you do this you dont get cryptolocker landing on a desktop and a 5K itsupport bill.
Sorry but im just not sitting here giving incorrect answers to guys for points intentionally. rant over.
Further explanation of what im saying the main problem with this setup is sending and receiving mail directly over the internet is something a small business of 5 people or a company of 10000 people should not be doing, it is a 100% no no in todays game, you will get blacklisted and or spammed to death 2 of many many reasons. Highly highly insecure.
ASKER
I apologize for dropping out so suddenly. I received a call that my brother in law was involved in a motorcycle accident. The next 8 hours were a bit rough. I am back in the chair today and would like to move on. I am currently routing mail to Sonic Wall then they deliver it. I haven't been happy with that service for quite some time now as we still get a lot of spam and was considering a change. Is Mimecast a good solution? Any other recommendations?
Firstly, let me address this to Mark Bill : we own and operate 5 data centres, housing close on 800 servers apart from other related equipment, and one of our main activities is handling email, collectively receiving and sending upwards of 51 million email messages each and every day. Quite where you got the impression that a) I did not understand or have the competence to answer this OP's question I am unsure, and b) I have much better things to concern myself with than obtaining 2000 points having already accumulated well over 500,000 in the 10 years I have been a member of Experts Exchange. Perhaps, next time, you might take a look at the profiles of the experts contributing to questions.
Coming back now to the topic at hand, NytroZ has only now confirmed that he is using SMTP Relay (which is in itself a form of Smart Host), and that is thus where the problem in respect to DNS look-ups is occurring. As Mark Bill pointed out earlier in the thread.
Finally, I hope that the injuries sustained by your brother were not too serious and he will make a quick recovery.
Coming back now to the topic at hand, NytroZ has only now confirmed that he is using SMTP Relay (which is in itself a form of Smart Host), and that is thus where the problem in respect to DNS look-ups is occurring. As Mark Bill pointed out earlier in the thread.
Finally, I hope that the injuries sustained by your brother were not too serious and he will make a quick recovery.
graham, excuse me, im just a tad annoyed at people providing people bad solutions for points in general.
i made an assumption in this instance but you know that does go on here.
i made an assumption in this instance but you know that does go on here.
Mimecast is an unreal solution and ive used them all, its absolutely essential, alot of other mail providers let spam in which is beyond deadly, these guys stop you getting blacklisted, any spam, detect viruses on your network and ive used all mail service providers. Mimecast will actually call you up and tell you that you have a problem!
They are unbelievably good. Just call them and they will take care of all of it for you they are IT wizards.
They are unbelievably good. Just call them and they will take care of all of it for you they are IT wizards.
ASKER
I appreciate the help from both of you. I have decided to move to a new host and am leaning towards Mimecast. Hopefully this will help my mail situation in more ways than one.
routing through mimecast bypasses your smarthost, dont worry, i used to send mail through smart hosts too until someone slapped me upside the head :)
Durango.k12.co.us MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
Durango.k12.co.us MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
Durango.k12.co.us MX preference = 1, mail exchanger = aspmx.l.google.com
Durango.k12.co.us MX preference = 10, mail exchanger = aspmx2.googlemail.com
Durango.k12.co.us MX preference = 10, mail exchanger = aspmx3.googlemail.com
After this is solved, track down who is responsible for your DNS (possibly your ISP), then ask them why this record isn't there.