Exchange 2010 Mail delayed to specific domains

We have an on premises Exchange 2010 server running on Windows Server 2008 r2 that recently changed IP address (ISP change).  We updated the MX records, and mail flows properly to most domains.  However Some domains (most notably Gmail.com) return various delay errors.

Gmail.com returns the error: 451 4.4.0 DNS Query failed
Other servers return the error: 451 4.4.0 Primary Target IP responded with: "421 4.2.1 unable to connect." Attempted failover to alternate host, but did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

We can work around the issue by creating a custom send connector for the domain, and manually entering the domain's mail servers in the network tab.

As far as we can tell, we are not on any blacklists.
SMTPDiag comes back clean.
Microsoft's Remote Connectivity Analyzer comes back clean.
MXToolbox's SMTP test returns a warning about transaction time, and this error: SMTP Banner Check: Reverse DNS does not match SMTP Banner
The Send Connector and Hub Transport are configured to use external DNS servers (Cloudflare and Google).
popeyedctsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Message is clear.

At the point in time of delivery the target recipient's IPs (all MX records) are glitching out.

If you own the DNS for this system, likely best to move DNS records to stable DNS.

If you don't own DNS for this system, nothing you can do...

Where this system refers to the chain of MX IPs returned for host/domain in recipient's email address where problem is occurring.

DNS problems are super easy to fix, if you use a tool like dig + start test DNS end to end.
0
timgreen7077Exchange EngineerCommented:
I would suggest removing the DNS settings from the External DNS settings. I would leave it set to "all network adapters" which is the default.
1
popeyedctsAuthor Commented:
David,
Thank you we will look into dig +

Tim,
When the problem originally appeared the server was configured to use internal DNS for all lookups. However as part of our troubleshooting we configured the Send Connector and Hub Transport Server to use external DNS for external lookups.  The problem appears to exist regardless of what DNS servers we use.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

timgreen7077Exchange EngineerCommented:
you can try to use your ISP for DNS resolution instead of the ones you are currently using.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
So here's how to use dig in your situation.

First dig out the ns records + then hammer a DNS A record lookup to every NS record every 1 second.

All returned A records should be the same + there should never be any errors.

And likely Tim's suggestion of getting rid of internal DNS lookups may solve your problem.
0
popeyedctsAuthor Commented:
Switching to the ISP's DNS fixed the gmail issue.

The other error appears to be the result of a user mistyping an email address and sending to a parked domain.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.