none
DNS query not working fine RRS feed

  • Question

  • Hi,

    Recently we have upgraded to Windows 2008 R2 and DNS. Also, from Exchange 2003 to Exchange 2010.

     

    Now in Exchange email Queue we find mails to yahoo and AOL will always get queued for a long time and they get delivered automatically. After troubleshooting we found that exchange is not able to find mx records of AOL and Yahoo and for other few domains.

    we get 451 4.4.0 DNS query failed error. I had read the posts previously posted and found no answer.

    How does this happen and how internal DNS should be configured to fetch DNS records of internet domains.

    Do we need to configure Forwarded to our ISP DNS server or DNS will use root hints to find the same? Please give me some idea on how to configure Internal DNS to resolve MX and SPF records of other domains with out any issues.

     

    Regards,

    Kishore.Ch

    Tuesday, May 18, 2010 10:01 PM

Answers

All replies

  • Take a look at this summary that I wrote as it sounds like you are having the issue described.

    Windows 2008 DNS Server May Fail to Resolve Top-Level Domain Queries
    http://www.anitkb.com/2010/05/windows-2008-dns-server-may-fail-to.html

    If you set up your DNS servers to forward to your ISP's DNS, the issue will be resolved (if in fact your issue is related to the problem described in my article).

     


    Visit my blog: anITKB.com, an IT Knowledge Base.
    Wednesday, May 19, 2010 12:13 AM
  • On Wed, 19 May 2010 00:13:01 +0000, Jorge Mederos wrote:
     
    >
    >
    >Take a look at this summary that I wrote as it sounds like you are having the issue described.
    >
    >Windows 2008 DNS Server May Fail to Resolve Top-Level Domain Queries http://www.anitkb.com/2010/05/windows-2008-dns-server-may-fail-to.html
    >
    >If you set up your DNS servers to forward to your ISP's DNS, the issue will be resolved (if in fact your issue is related to the problem described in my article).
    >
    >
    >Visit my blog: anITKB.com, an IT Knowledge Base.
     
     
    Good article, Jorge. :-)
     
    I've read the MSKB on it, too. I would like to add, this could also be
    based on an EDNS0 issue with the edge firewall not supporting EDNS0.
    Either way, I agree a Forwarder will overcome both issues.
     
     

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Wednesday, May 19, 2010 2:49 PM
  • Good point Ace.  EDNS also summarized in a seperate posting.

    Windows Server 2008 R2 DNS Issues (EDNS0)
    http://www.anitkb.com/2010/03/windows-server-2008-r2-dns-issues-edns0.html

     


    Visit my blog: anITKB.com, an IT Knowledge Base.
    Wednesday, May 19, 2010 3:37 PM
  • pOn Wed, 19 May 2010 15:37:10 +0000, Jorge Mederos wrote:
     
    >
    >
    >Good point Ace. EDNS also summarized in a seperate posting.
    >
    >Windows Server 2008 R2 DNS Issues (EDNS0) http://www.anitkb.com/2010/03/windows-server-2008-r2-dns-issues-edns0.html
    >
    >
    >Visit my blog: anITKB.com, an IT Knowledge Base.
     
    Thanks for posting it. Good summary. I like the fact you've provided
    an explanation of the additional data in an EDNS datagram.
     
    To add, for some perimeter firewall vendor models, configuring EDNS0
    are different. For example, CIsco allows you to stipulate the UDP
    upper packet size limit. For example, I confifure my ASA's and PIX to
    1280 bytes:
     
    fixup protocol dns 1280
    That will allow DNS UPD packets to 1280 bytes. Now with the growing
    popularity, or at least more people talking about it, if not
    implemented, is using DNSSEC. Some of my colleagues have set the
    figure in an ASA to 4000 to allow a large packet in case they decide
    to go ahead with DNSSEC, since the packet grows with the encryption
    info embedded.
     
     
     
    Ace
     

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Thursday, May 20, 2010 6:44 AM

  • Hi kc0018907,

    I agree with Jorge.By default an windows-based DNS server uses root hints to resolve Internet host name.But if the DNS server failed connect to Root Hints server , a more likely cause is a full loss of network connectivity or in some cases, poor network performance on the intermediate network links between the DNS server and its configured root servers.You can use specific name servers as being responsible for WAN-base DNS traffic which is called DNS forwarders.

    In your case, it seems that the Exchange server failed query the MX record from Root Hints ,so set internal DNS server forward the DNS query to  ISP or public DNS server can resolve this issue.

    How DNS query works

    http://technet.microsoft.com/en-us/library/cc775637(WS.10).aspx

    Troubleshooting DNS servers

    http://technet.microsoft.com/en-us/library/cc787724(WS.10).aspx

    Configure a DNS server to use forwarders

    http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx

    Thanks

    Tiger Li

    Monday, May 24, 2010 5:17 AM