none
451 4.4.0 DNS query failed to some domains from Hub transport

    Question

  • Exchange 2007 hub running on Windows Server 2008.  IPv6 has been disabled per http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx.  Looking at a packet capture, I see the following:

    DNS      Standard query AAAA webmail.xxxxxxxxx.com
    DNS      Standard query response, Server failure

    Both servers are in the same AD domain/site and running Windows Server standard 2008 SP1.

    Email will sit in the queue until it expires.  

    Nslookup (from Windows XP or hub server) against the same DNS server will resolve the
    xxxxxxxxx.com to webmail.xxxxxxxxx.com with a valid IP address. I can telnet using port 25 to that IP address from the Hub server without any problems.

    Once the hub server receives the DNS error, it will retry again at the set time interval using IPv6 DNS query.  Of course it fails again and the pattern continues until the email expires.

    If I put the mx record in the hosts file, email is delivered immediately.

    I have seen http://technet.microsoft.com/en-us/library/bb878121.aspx where it mentions having the DNS server respond to a second query, but the trace doesn't even show a second attempt.

    No smarthost involved in outgoing email.

    The destinations worked in Exchange 2003 on Windows Server 2003.  If we redirect the email from Exchange 2007 to Exchange 2003, it will be delivered.  Not a good solution since we are removing 2003.

    I would expect when the IPv6 query fails it would try IPv4.  This does not seem to be the case with Server 2008.


    Tuesday, March 24, 2009 7:50 PM

Answers

  • Hi,

    Please run nslookup -q=mx domain.com (the problematic domain) command in CMD, then post the information on the forum.

    Thanks

    Allen
    • Marked as answer by Allen Song Monday, April 13, 2009 2:54 AM
    Thursday, March 26, 2009 8:21 AM
  • Hi,

    Until now, that is the product issue in Exchange 2007 which running on Windows Server 2008. If any update, I will inform you.

    Thanks

    Allen
    • Marked as answer by Allen Song Monday, April 13, 2009 2:54 AM
    Wednesday, April 08, 2009 6:59 AM

All replies

  • Thanks for the suggestion.  I have already set all this (I was thinking the link I listed had that information as well).  I have also tried both FFFFFFFF and 000000FF. 
    Wednesday, March 25, 2009 8:01 PM
  • Hi,

    Please run nslookup -q=mx domain.com (the problematic domain) command in CMD, then post the information on the forum.

    Thanks

    Allen
    • Marked as answer by Allen Song Monday, April 13, 2009 2:54 AM
    Thursday, March 26, 2009 8:21 AM
  • Hi,

    Until now, that is the product issue in Exchange 2007 which running on Windows Server 2008. If any update, I will inform you.

    Thanks

    Allen
    • Marked as answer by Allen Song Monday, April 13, 2009 2:54 AM
    Wednesday, April 08, 2009 6:59 AM
  • Hi,

    Have microsoft released any update on this?
    I have a similar promblem with some domains.


    Complements,

    Marco

    Friday, September 11, 2009 5:30 PM
  • Still no patch or update from microsoft? I've inserted the 2 domains in the hosts file now and it's working but it's not the must beautiful solution i've seen... :(
    a search on google will bring several users with the exact same problems but nobody seems to have has a real solution for this problem.
    If somebody has a solution please share it with us..

    Thanks..
    Wednesday, November 04, 2009 9:34 AM
  • Hi Edwin,
    Could you tell me how you added the domain in the hosts file?
    Ive added the domains dns and mailservers ip in the hosts file without any luck.
    Thanks
    Erik
    Thursday, November 05, 2009 2:49 PM
  • Hi Guys,

    For this issue, please try to refer to the the below thread to workaround this issue:
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/a9b1a718-7b22-4678-aa91-c8ecebb4c6fa

    Thanks

    Allen
    Friday, November 06, 2009 2:14 AM
  • Follow the advice from Allen Song

    Do an NSLOOKUP -q=mx problematic.domain.com

    If you get a IPV6 style DNS lookup, disable IPV6 on the nic itself via adapter settings. You need to do this on all machines related to exchange, not just the hub transport machine, I have found that exchange doesn't always perform this query via hub transport. Check all your machines that are exchange related using the nslookup for the one that is still using an ipv6 style nslookup, if you find one, remove ipv6 from the adapter settings by unchecking the box, then retrying the nslookup, you should then get a standard ipv4 style lookup that doesn't fail.

    This helped me resolve an issue where it was only doing an ipv6 style lookup for a specific domain but not all. Hope it helps.

    Tuesday, July 17, 2012 3:05 PM
  • Hi, Michael

    I followed your advice,

    then my server stop working with smtp, the owa stop working.

    Friday, April 05, 2013 8:00 PM
  • Has anyone made any progress on this?  I'm having the same exact issue.

    I'm able to run a successful MXLookup command NSLOOKUP -q=mx problematic.domain.com I can see the MX records perfectly fine.  I can telnet to them on port 25 perfectly fine.  However, in Exchange 2010 it shows "451 4.4.0 DNS query failed". 

    Can anyone advise on the status of this?  Is there a fix?


    Jeremy Whittaker MCSE MCSA CCNA CCA Senior Consultant N2 Network Solutions http://www.N2NetworkSolutions.com

    Friday, June 07, 2013 4:34 PM
  • On Fri, 7 Jun 2013 16:34:25 +0000, Jeremy Whittaker wrote:
     
    >
    >
    >Has anyone made any progress on this? I'm having the same exact issue.
    >
    >I'm able to run a successful MXLookup command NSLOOKUP -q=mx problematic.domain.com I can see the MX records perfectly fine. I can telnet to them on port 25 perfectly fine. However, in Exchange 2010 it shows "451 4.4.0 DNS query failed".
    >
    >Can anyone advise on the status of this? Is there a fix?
     
    Is there a problem with the DNS zone? Lame delegation, perhaps?
    Missing NS records, maybe?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, June 08, 2013 1:02 AM
  • I am also having the same issue and looking for a fix.  NSLOOKUP works fine and telnet but exchange 2010 will not.
    Friday, November 22, 2013 8:23 PM
  • Sad to say that I have the same behavior on Exchange 2013 :(

    Marcin Dobija | MCSE:Security | MCITP:DBA,EA,EMA,SA | MCDBA | MCTS:W2k8,E2k7,SQL2005,OCS,ISA,Vista | MCITP Dynamics:CRM4 | MS ITAC Member | VCP4

    Friday, December 06, 2013 3:26 PM
  • If you know the domain you should be able to get the IP addresses of their name servers. Start a network monitor (e.g. Wireshark) and capture only the traffic to those IP addresses. Clear the resolver cache on your server and the DNS cache on your DNS server. Then send an e-mail to that domain. If there's a problem you should see it in the capture.

    It's not easy to troubleshoot this without clearing DNS caches.

    Do you use your own internal DNS servers? Are they using forwarders or name hints? If it's using forwarders then the problem may be there and if they aren't your servers you're probably not going to get their admin to clear his DNS caches.


    --- Rich Matheisen MCSE&I, Exchange MVP

    Saturday, December 07, 2013 3:00 AM
  • Looks like you need to change the external DNS servers listed in the Server Configuration Hub Transport "External DNS Lookups" tab.  The exchange server does not use the default DNS settings so your DNS lookup works at the command prompt but fails to resolve the mx record in Exchange.  Can easily happen if you change ISP.

    Tuesday, April 01, 2014 9:31 AM
  • that will do. it worked for me.
    Thursday, August 21, 2014 3:41 PM