DNS Query failed

I am having problems sending to a single domain from our mail server.  The domain is Durango.k12.co.us.  the user has sent to this domain in the past but recently cannot.  I have tried an nslookup on the domain but it cannot resolve it.  I have tried changing the server and still no luck.  The user tells me that she can send to this domain from a gmail account.  the message from the Exchange server is

451 4.4.0 Dns query failed with error timeout
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you have control over your DNS server, add these entries to solve it. If you can't solve it this way (you don't host your own DNS server), then change your current DNS server to

Durango.k12.co.us       MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
Durango.k12.co.us       MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
Durango.k12.co.us       MX preference = 1, mail exchanger = aspmx.l.google.com
Durango.k12.co.us       MX preference = 10, mail exchanger = aspmx2.googlemail.com
Durango.k12.co.us       MX preference = 10, mail exchanger = aspmx3.googlemail.com

After this is solved, track down who is responsible for your DNS (possibly your ISP), then ask them why this record isn't there.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
I disagree, Active Directory environments should be using Root hints for external DNS resolution or forwarders and root hints by recommendation from MS.

This is a smart host routing problem, where are you routing the mails through your isp or a external mail provider like mimecast, i recommend the latter inbound and outbound mail providers are bigger than your anti virus in todays IT for me. It is a key key component. we should be sending through mimecast for example and receiving through them or your isp at worst and that is really not recommended.

My opinion is do not use google dns on Microsoft AD domains.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NytroZAuthor Commented:
We had a typo when we did an nslookup so that is why we did not get a proper response.  The nslookup of the mx record actually came back exactly how Kimputer showed but it still returns the 451 4.4.0 DNS query failed wrror.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Try flushing the DNS cache on your domain controller (assuming you are running DNS internally on your Domain Controller).

Often you will find that some erroneous entries are cached, and if in the past you were able to send to this domain then it may simply be that the nameservers for that domain changed, and your cache is still point at the old nameservers. Hence the timeout on the query.
NytroZAuthor Commented:
If the nslookup on my mail server returns the correct information, shouldn't it be able to send mail to that domain?

> set q=mx
> durango.k12.co.us
Server:  dc1.context.local

Non-authoritative answer:
durango.k12.co.us       MX preference = 1, mail exchanger = aspmx.l.google.com
durango.k12.co.us       MX preference = 10, mail exchanger = aspmx2.googlemail.
durango.k12.co.us       MX preference = 10, mail exchanger = aspmx3.googlemail.
durango.k12.co.us       MX preference = 5, mail exchanger = alt1.aspmx.l.google
durango.k12.co.us       MX preference = 5, mail exchanger = alt2.aspmx.l.google

aspmx.l.google.com      internet address =
aspmx.l.google.com      AAAA IPv6 address = 2607:f8b0:4001:c05::1a
alt1.aspmx.l.google.com internet address =
alt1.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400d:c07::1a
alt2.aspmx.l.google.com internet address =
alt2.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400c:c06::1b
Check that Exchange is actually using your local DNS (it should be) and that it is not caching DNS -  however this is on the assumption that your Exchange server is sending directly and not through a smart host / relay - if you are using a smart host / relay then that is where the problem lies.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Honestly, i dropped out of this question because im being ignored.

Graham, your advising somebody send mail straight over the internet, and im not facilitating that and giving incorrect answers intentionally, maybe you dont know but that is a 100% non runner today its not 1975 you dont send through ISP smart hosts anymore. It is highly highly insecure. Your giving the wrong advice here to some guy just so you can get 2000 points. No your smart host should not be doing your DNS, and definetly no your AD should not be doing Exchange DNS either, absolutely ridiculous.

These guys need to be advised the correct solutions, they need to send and receive mail through third party companies these days.

When you do this you dont get cryptolocker landing on a desktop and a 5K itsupport bill.

Sorry but im just not sitting here giving incorrect answers to guys for points intentionally. rant over.

Further explanation of what im saying the main problem with this setup is sending and receiving mail directly over the internet is something a small business of 5 people or a company of 10000 people should not be doing, it is a 100% no no in todays game, you will get blacklisted and or spammed to death 2 of many many reasons. Highly highly insecure.
NytroZAuthor Commented:
I apologize for dropping out so suddenly.  I received a call that my brother in law was involved in a motorcycle accident.  The next 8 hours were a bit rough.  I am back in the chair today and would like to move on.  I am currently routing mail to Sonic Wall then they deliver it.  I haven't been happy with that service for quite some time now as we still get a lot of spam and was considering a change.  Is Mimecast a good solution?  Any other recommendations?
Firstly, let me address this to Mark Bill : we own and operate 5 data centres, housing close on 800 servers apart from  other related equipment, and one of our main activities is handling email, collectively receiving and sending upwards of 51 million email messages each and every day. Quite where you got the impression that a) I did not understand or have the competence to answer this OP's question I am unsure, and b) I have much better things to concern myself with than obtaining 2000 points having already accumulated well over 500,000 in the 10 years I have been a member of Experts Exchange. Perhaps, next time, you might take a look at the profiles of the experts contributing to questions.

Coming back now to the topic at hand, NytroZ has only now confirmed that he is using SMTP Relay (which is in itself a form of Smart Host), and that is thus where the problem in respect to DNS look-ups is occurring.  As Mark Bill pointed out earlier in the thread.

Finally, I hope that the injuries sustained by your brother were not too serious and he will make a quick recovery.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
graham, excuse me, im just a tad annoyed at people providing people bad solutions for points in general.

i made an assumption in this instance but you know that does go on here.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Mimecast is an unreal solution and ive used them all, its absolutely essential, alot of other mail providers let spam in which is beyond deadly, these guys stop you getting blacklisted, any spam, detect viruses on your network and ive used all mail service providers. Mimecast will actually call you up and tell you that you have a problem!

They are unbelievably good. Just call them and they will take care of all of it for you they are IT wizards.
NytroZAuthor Commented:
I appreciate the help from both of you.  I have decided to move to a new host and am leaning towards Mimecast.  Hopefully this will help my mail situation in more ways than one.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
routing through mimecast bypasses your smarthost, dont worry, i used to send mail through smart hosts too until someone slapped me upside the head :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.