none
451 4.4.0 DNS query failed - Exchange 2010 (not 2013)

    Question

  • We have Exchange 2010 Version: 14.03.0294.000 running on Server 2008 R2.  Domain controllers are Server 2008 R2. 

    There are about 10 domain names that we get  451 4.4.0 DNS query failed.  We send thousands of emails daily to many domains that go through fine.  It started out with about four domain names, but now up to about 10.  DNS, forwarders, blacklists, etc., have all been verified and should not be a factor.  I even contacted IT at a couple of these domains and they said we are not blocked in any way.

    Using NSLOOKUP, when I set type=mx these domains will time out.  If I use change to Server 8.8.8.8 then try again, I see the MX info.  We recently upgraded our AV for F-Secure to Server Security 12.  I stopped all F-Secure services on the Exchange server but still cannot get beyond DNS query failed for these domains.  So I have ruled out the AV.

    Servers have been rebooted, cache cleared, etc.

    Any suggestions would be greatly appreciated.

    Thanks.


    DDaleS

    Wednesday, August 10, 2016 3:05 PM

Answers

  • Hi Edward,

    We have isolated the problem to a service running for our F-Secure Antivirus solution.  The ORSP Client service is responsible for verifying the integrity of domains through the F-Secure cloud.  The domains being blocked were rated as unsafe.  Therefore the DNS Query for these domains was being blocked by this F-Secure service.  By stopping the service the emails would begin to flow.  Not sure how they are rating the domains, as many of the blocked domains are companies we do business with on a regular basis.

    We have taken measures to resolve this.

    Thank you very much for your help!


    DDaleS

    • Marked as answer by DDaleS Monday, August 22, 2016 11:53 AM
    Monday, August 22, 2016 11:53 AM
  • Hi

    Sounds like you have a block from your ISP then if it works from your WIFI connection. You should be able to contact them and they can see on the firewall what is being blocked. DNS is port 53, however some work and some dont. Can you run a wireshark on your server and see where its blocking?


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 5:19 PM
    Moderator

All replies

  • Hi

    So your servers cannot reach those domains with your current DNS settings but can get to them with 8.8.8.8 (Google) if you telnet. Does the same apply if you do a testconnectivity test from outside in?

    Stopping the AV services does not mean it not still applying as you have the service attached to your NIC as well like ESET etc. can you uninstall the AV completely, reboot and test again?


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 3:14 PM
    Moderator
  • Hi Edward,

    I cannot telnet to one of the domains from inside (EarthLink ISP), but jumping on our outside Comcast guest  WiFi I can telnet to the same domain.

    From the Comcast guest WiFi using nslookup I get the domain mx info without using Google.

    Thanks.


    DDaleS

    Wednesday, August 10, 2016 5:11 PM
  • Hi

    Sounds like you have a block from your ISP then if it works from your WIFI connection. You should be able to contact them and they can see on the firewall what is being blocked. DNS is port 53, however some work and some dont. Can you run a wireshark on your server and see where its blocking?


    Edward van Biljon - Exchange MVP

    Wednesday, August 10, 2016 5:19 PM
    Moderator
  • Hi Edward,

    We have isolated the problem to a service running for our F-Secure Antivirus solution.  The ORSP Client service is responsible for verifying the integrity of domains through the F-Secure cloud.  The domains being blocked were rated as unsafe.  Therefore the DNS Query for these domains was being blocked by this F-Secure service.  By stopping the service the emails would begin to flow.  Not sure how they are rating the domains, as many of the blocked domains are companies we do business with on a regular basis.

    We have taken measures to resolve this.

    Thank you very much for your help!


    DDaleS

    • Marked as answer by DDaleS Monday, August 22, 2016 11:53 AM
    Monday, August 22, 2016 11:53 AM
  • Hi there

    thanks for the feedback.


    Edward van Biljon - Exchange MVP

    Monday, August 22, 2016 12:25 PM
    Moderator