Rudy Steyaert
Guest
|
 Posted:
Fri Jan 07, 2005 10:09 pm Post subject:
MW Resolve-problem - the saga continues (spec. att. to Kevin |
|
|
Hello all
Again I am (our exchange 2003 server is) facing DNS MX-resolve problems.
For a long while already I'm suspecting my forwarders, but now it looks that
they have nothing to do with this issue.
Scenario
I see our exchange server struggling with the resolve of a whole bunch of
domains (a global mail to a few hundred of our recipients leave immediately,
but about 30 to 40 messages keep hanging around).
So, I check with nslookup (or netdig - same results) and I try to resolve
the MX-record for a couple of the domains I found in the queue.
Doing the following ...
set type=mx
No MX records are returned.
set type=all
All records are returned (MX resolves fine)
set type=mx
MX resolves perfectly
I must add ...
Upon clearing the cache *ALL* messages in the exchange queue leave
immediately (DNS resolve problems are immediately gone) !
Patience also helps, i.e. after a couple of hours, all messages got
eventually sent.
Can anyone help with this. I have the impression that I am not the only one
with this problem (or related ones). In the exchange newsgroups I often see
messages like 'Can't resolve one certain domain', 'Cannot send to
hotmail.com only', etc... I think these problems are related to the one I
describe here ?
Thanks for any help or insights.
Kind regards
Rudy Steyaert
PS. Debug dump of the scenario below
----------------------
First attempt
----------------------
| Quote: | set type=mx
set d2
TheWantedDomain.com.
Server: MyDNSServer.MyDomain.local |
Address: 10.10.1.1
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
TheWantedDomain.com, type = MX, class = IN
------------
------------
Got answer (74 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
TheWantedDomain.com, type = MX, class = IN
AUTHORITY RECORDS:
-> TheWantedDomain.com
type = SOA, class = IN, dlen = 34
ttl = 86036 (23 hours 53 mins 56 secs)
primary name server = ns.online.be
responsible mail addr = ns.online.be
serial = 2003111804
refresh = 14400 (4 hours)
retry = 3600 (1 hour)
expire = 1814400 (21 days)
default TTL = 86400 (1 day)
------------
TheWantedDomain.com
type = SOA, class = IN, dlen = 34
ttl = 86036 (23 hours 53 mins 56 secs)
primary name server = ns.online.be
responsible mail addr = ns.online.be
serial = 2003111804
refresh = 14400 (4 hours)
retry = 3600 (1 hour)
expire = 1814400 (21 days)
default TTL = 86400 (1 day)
----------------------
Second attempt
----------------------
| Quote: | set type=all
TheWantedDomain.com.
Server: MyDNSServer.MyDomain.local |
Address: 10.10.1.1
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
TheWantedDomain.com, type = ANY, class = IN
------------
------------
Got answer (176 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 4, authority records = 0, additional = 2
QUESTIONS:
TheWantedDomain.com, type = ANY, class = IN
ANSWERS:
-> TheWantedDomain.com
type = NS, class = IN, dlen = 12
nameserver = ns.online.be
ttl = 86400 (1 day)
-> TheWantedDomain.com
type = SOA, class = IN, dlen = 24
ttl = 86400 (1 day)
primary name server = ns.online.be
responsible mail addr = ns.online.be
serial = 2003111804
refresh = 14400 (4 hours)
retry = 3600 (1 hour)
expire = 1814400 (21 days)
default TTL = 86400 (1 day)
-> TheWantedDomain.com
type = MX, class = IN, dlen = 11
MX preference = 200, mail exchanger = in-mx2.online.be
ttl = 3600 (1 hour)
-> TheWantedDomain.com
type = RP, class = IN, dlen = 21
RP mailbox = ns-rp.online.be
text location = dns-593.db.online.be
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
-> ns.online.be
type = A, class = IN, dlen = 4
internet address = 62.112.0.1
ttl = 85954 (23 hours 52 mins 34 secs)
-> in-mx2.online.be
type = A, class = IN, dlen = 4
internet address = 194.88.100.81
ttl = 3139 (52 mins 19 secs)
------------
Non-authoritative answer:
TheWantedDomain.com
type = NS, class = IN, dlen = 12
nameserver = ns.online.be
ttl = 86400 (1 day)
TheWantedDomain.com
type = SOA, class = IN, dlen = 24
ttl = 86400 (1 day)
primary name server = ns.online.be
responsible mail addr = ns.online.be
serial = 2003111804
refresh = 14400 (4 hours)
retry = 3600 (1 hour)
expire = 1814400 (21 days)
default TTL = 86400 (1 day)
TheWantedDomain.com
type = MX, class = IN, dlen = 11
MX preference = 200, mail exchanger = in-mx2.online.be
ttl = 3600 (1 hour)
TheWantedDomain.com
type = RP, class = IN, dlen = 21
RP mailbox = ns-rp.online.be
text location = dns-593.db.online.be
ttl = 86400 (1 day)
ns.online.be
type = A, class = IN, dlen = 4
internet address = 62.112.0.1
ttl = 85954 (23 hours 52 mins 34 secs)
in-mx2.online.be
type = A, class = IN, dlen = 4
internet address = 194.88.100.81
ttl = 3139 (52 mins 19 secs)
----------------------
Third attempt - after the type=all it works !
----------------------
| Quote: | set type=mx
TheWantedDomain.com.
Server: MyDNSServer.MyDomain.local |
Address: 10.10.1.1
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
TheWantedDomain.com, type = MX, class = IN
------------
------------
Got answer (74 bytes):
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 1
QUESTIONS:
TheWantedDomain.com, type = MX, class = IN
ANSWERS:
-> TheWantedDomain.com
type = MX, class = IN, dlen = 18
MX preference = 200, mail exchanger = in-mx2.online.be
ttl = 3553 (59 mins 13 secs)
ADDITIONAL RECORDS:
-> in-mx2.online.be
type = A, class = IN, dlen = 4
internet address = 194.88.100.81
ttl = 3092 (51 mins 32 secs)
------------
Non-authoritative answer:
TheWantedDomain.com
type = MX, class = IN, dlen = 18
MX preference = 200, mail exchanger = in-mx2.online.be
ttl = 3553 (59 mins 13 secs)
in-mx2.online.be
type = A, class = IN, dlen = 4
internet address = 194.88.100.81
ttl = 3092 (51 mins 32 secs)
> |
|
Rudy Steyaert
Guest
|
| Posted:
Tue Jan 11, 2005 12:19 am Post subject:
Re: MW Resolve-problem - the saga continues (spec. att. to K |
|
|
Hello Kevin
For one of the examples I had today (online.be) , I took a closer look at
the cache in my DNS server, and for that specific zone, I found *only* a
couple of NS records and one A record. No MX-records, and I can't resolve
MX either.
BUT... after manually deleting this specicic zone from the *cache*,
everything resolves IMMEDIATELY, including MX records that are now included
in the cache.
However the mx records have a TTL of only 60 minutes, while the others (NS
and the A record) both have a TTL of 24 hours.
After resolving for type=MX, the cache contains ...
01) (same as parent folder) Name Server (NS) ns.online.be. 24h
02) (same as parent folder) Name Server (NS) ns.csdg.org. 24h
03) (same as parent folder) Mail Exchanger (MX) [300] relay.online.be. 1h
04) (same as parent folder) Mail Exchanger (MX) [100] in-mx1.online.be. 1h
05) (same as parent folder) Mail Exchanger (MX) [10] in-mx.online.be. 1h
06) (same as parent folder) Mail Exchanger (MX) [200] in-mx2.online.be. 1h
07) (same as parent folder) Mail Exchanger (MX) [500] in-mx3.online.be. 1h
08) in-mx Host (A) 194.88.100.82 20 minutes
09) in-mx1 Host (A) 194.88.100.80 1h
10) in-mx2 Host (A) 194.88.100.81 1h
11) in-mx3 Host (A) 194.88.100.81 1h
12) ns Host (A) 62.112.0.1 24h
13) relay Host (A) 62.112.0.29 20 minutes
In the management console, I select this very domain in the cache and ...
After 20 minutes I hit F5 to refresh the contents and the DNS server has
selectively deleted the records 08 and 13 - these with a TTL of 20 minutes
(scavenging is not enabled).
After 30 minutes I hit F5 again and records 08 and 13 reappear, again with a
TTL of 20 minutes (20 minutes later they disappear again).
After 1 hour of patiently waiting, I hit F5 again and now all records with a
TTL of 1 hour are gone (which leaves me without MX-records).
Records 01 02 and 12 are the only ones that remain.
I have the impression it has something todo with the cache and TTL's, but
can't lay the finger on it.
Rudy
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ezXRY7c9EHA.824@TK2MSFTNGP11.phx.gbl...
| Quote: | In news:O9lkqLN9EHA.1300@TK2MSFTNGP14.phx.gbl,
Rudy Steyaert <Rudy_Steyaert@hotmail.com> commented
Then Kevin replied below:
Hello all
Again I am (our exchange 2003 server is) facing DNS
MX-resolve problems. For a long while already I'm
suspecting my forwarders, but now it looks that they have
nothing to do with this issue.
What kind of firewall do you have? Pix or similar maybe?
Some firewalls, most notably Pix firewalls block EDNS extensions that
allow
UDP packets over 512 bytes. Fix the firewall to allow UDP packets up to
the
MTU size. You can also disable EDNS on the Win2k3 DNS but I'd recommend
fixing the firewall because UDP is more efficient and requires less
overhead
than a TCP mapping to set up. DNS will eventually fail over to TCP, which
is
why the query eventually resolves.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in