Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 22, 2010 6:30 PM
Greetings,
I recently found an issue with DNS in my environment. Recently a company we have done previous business with changed their email address domain from one name to another. For example tribe.com to jag.com. When it came time to email them again for some reason I was getting this error message with my ironport device.
ironport.(nameserver).com #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) 'DNS Soft Error looking up tribe.com (MX) while asking recursive_nameserver0.parent. Error was: unable to reach nameserver on any valid IP' (delivery attempts: 0)>
I figured it was an issue with their MX records since we have been able to reach other companies just fine. I was told by the other companies IT person to flush DNS or contact the company who hosts our email DNS records. I went into each server and did ipconfig /flush dns and the error stayed. I did an nslookup> type set=mx > jag.com and the message I received was that it couldn't locate the address. Now the DNS in the ironport was set to look at one of the new servers I installed (Server 2008 R2 the old servers are server 2003). I installed DNS on the server and set up a replica of what we had. 10.1.1.x for the scope, it was a primary, using active directory. However when I changed the ironport to look at one of the old servers and did an nslookup with the old server, I then began to be able to email the company as well as see their MX records. Can anyone give me any insight as to what I have to do to make these servers be the same? I believe something is definitely off with my New DNS server.
All replies (9)
Monday, June 28, 2010 2:36 PM ✅Answered
Greetings,
Falcon, the NICs in my server 2008, server 2003, and exchange server are configured this way. 2008 points to itself as preferred and 2003 as the alternate. Server 2003 points to itself as preferred and the exchange server as alternate. The exchange server points to itself and then 2003 as the alternate. Currently I believe I have 3 DHCP servers and 3 DNS between 2008, 2003, and the exchange sever. For background I am on this job location for 8 months and have already cleaned up a very big mess from the last company that was doing IT. On all of the sonicwalls in the company they are using our public DNS from cablevision and then the 2003 server as the 3rd and last DNS option.
Ace, I've looked over the two link I did flush DNS on all servers before I added the 2003 server to the ironport and it didn't work. I am unsure if that will help the situation. I believe it has more to do with how the DNS is set up on my servers.
Thanks for the feed back!
Kiradore,
Try the tests Falcon sugggested. Also, it may be that a CNAME was created for the MX record to possibly thinking it would redirect it. MX and CNAME records do not play well together.
DNS MX Records and CNAMEsThough Domain Name System (DNS) entries for Mail Exchanger (MX) records can be pointed to canonicalized (CNAME) host records, doing so is not advised, ...
http://support.microsoft.com/kb/153001
Without knowing the actual names, this is the best I can come up with at this time based on your description. The results of Falcon's suggested tests will help, however the actual names will really help, if you can provide them.
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, June 22, 2010 8:54 PM
Hi Kiradore,
When I ran an nslookup to check MX records for jag.com, I didn't find any. This is of course assuming that these are the actual names. So maybe the admins at their location did not properly setup the MX record. Look below:
> set q=mx
> tribe.com
Server: london.nwtraders.msft.com
Address: 192.168.5.230
Non-authoritative answer:
tribe.com MX preference = 80, mail exchanger = topica.tribe.net
tribe.com MX preference = 10, mail exchanger = mx.tribe.net
tribe.com MX preference = 50, mail exchanger = ns1.tribe.net
> jag.com
Server: london.nwtraders.msft.com
Address: 192.168.5.230
jag.com
primary name server = extdns001.ford.com
responsible mail addr = dnsadmin.ford.com
serial = 200357499
refresh = 3600 (1 hour)
retry = 900 (15 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
>
They could have simply set the MX record for jag.com to be mx.tribe.net and the other two, to insure they still receive mail. Also bewildering is why wouldn't they have kept both domains pointed to the same MX anyway to insure they can receive mail on both until further down the line when everyone's Reply To address has been changed to the new domain? Even if situations like that, to insure anyone still receives mail on both domain names, many companies simply keep it for a couple years.
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, June 22, 2010 9:22 PM
Hello,
Do you have the forwarders configured on the new DNS server?
From the new server does NSLOOKUP fail or does it return an incorrect IP address?
From the new server does NSLOOKUP resolves other sites?
Miguel
Miguel Fra / Falcon ITS
Computer & Network Support, Miami, FL
Visit our Knowledgebase Sharepoint Site
Wednesday, June 23, 2010 12:56 PM
Thank you for the responses.
Ace the names were changed. The site in question was up and working but with one of my DNS servers (server 2008) in the ironport it would not find the site in question with NS look up. Once I added our old server 2003 server which also has DNS on it the ns look up started passing on both servers. The Aquisition of one company to the other may have had something to do with it but I do believe they kept the same record. It's making me think my 2008 server was just slower to lose the record it had. I'm not sure the way the aquisition went. I am pretty sure it was Tribe took over Jag (remember names are changed) so Tribe shouldn't have had anything change. Some reason though it caused an MX record issue with my 2008 Server.
Falcon, the new 2008 server has the same fowarders set up as the 2003 server. NSLOOKUP failed when 2008 server was the only DNS record in the ironport but it could resolve other sites. No other site was having an issue. The one in question had recently changed something in THEIR MX records because of the aquistion. Once I found it was 8 weeks ago I ruled them out as being the problem. I was told by their IT person to try flushing DNS. I flushed DNS on all servers + the ironport and I had no positive results until the 2003 server was added to the DNS record option of the ironport.
Appreciate the feedback!
Wednesday, June 23, 2010 4:14 PM
Please make sure the NIC's DNS on the 2008 box is pointing to itself as should also be the case with 2003 Server.
From the Server 2008 ping the domain in question. Does it return the correct address?
From the Server 2008 nslookup set type=mx does the site in question return the correct address?
Do the same with 2003 server and compare results and post.
Tks
Miguel Fra / Falcon ITS
Computer & Network Support, Miami, FL
Visit our Knowledgebase Sharepoint Site
Wednesday, June 23, 2010 6:04 PM
Thank you for the responses.
Ace the names were changed. The site in question was up and working but with one of my DNS servers (server 2008) in the ironport it would not find the site in question with NS look up. Once I added our old server 2003 server which also has DNS on it the ns look up started passing on both servers. The Aquisition of one company to the other may have had something to do with it but I do believe they kept the same record. It's making me think my 2008 server was just slower to lose the record it had. I'm not sure the way the aquisition went. I am pretty sure it was Tribe took over Jag (remember names are changed) so Tribe shouldn't have had anything change. Some reason though it caused an MX record issue with my 2008 Server.
Falcon, the new 2008 server has the same fowarders set up as the 2003 server. NSLOOKUP failed when 2008 server was the only DNS record in the ironport but it could resolve other sites. No other site was having an issue. The one in question had recently changed something in THEIR MX records because of the aquistion. Once I found it was 8 weeks ago I ruled them out as being the problem. I was told by their IT person to try flushing DNS. I flushed DNS on all servers + the ironport and I had no positive results until the 2003 server was added to the DNS record option of the ironport.
Appreciate the feedback!
Hi Kiradore,
Interesting, so it's just 2008 DNS? See if the following links help.
2008 DNS Cannot resolve names in certain top level domains like .co.uk.
http://blogs.technet.com/essentialbusinessserver/archive/2009/01/29/cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx
Windows Server 2008 DNS Servers may fail to resolve queries for ...Feb 25, 2009 ... When name resolution is provided by root hints, Windows Server 2008 DNS may ... domains like .co.uk, .cn, and .br, but is not limited to these domains. ...
http://support.microsoft.com/kb/968372
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Monday, June 28, 2010 5:08 AM
Hi Kiradore,
If there is any update on this issue, please feel free to let us know.
We are looking forward to your reply.
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Monday, June 28, 2010 1:28 PM
Greetings,
Falcon, the NICs in my server 2008, server 2003, and exchange server are configured this way. 2008 points to itself as preferred and 2003 as the alternate. Server 2003 points to itself as preferred and the exchange server as alternate. The exchange server points to itself and then 2003 as the alternate. Currently I believe I have 3 DHCP servers and 3 DNS between 2008, 2003, and the exchange sever. For background I am on this job location for 8 months and have already cleaned up a very big mess from the last company that was doing IT. On all of the sonicwalls in the company they are using our public DNS from cablevision and then the 2003 server as the 3rd and last DNS option.
Ace, I've looked over the two link I did flush DNS on all servers before I added the 2003 server to the ironport and it didn't work. I am unsure if that will help the situation. I believe it has more to do with how the DNS is set up on my servers.
Thanks for the feed back!
Monday, June 28, 2010 2:27 PM
Hello,
From the Server 2008 ping the domain in question. Does it return the correct address?
From the Server 2008 nslookup set type=mx does the domain in question return the correct address?
Do the same with 2003 server and compare results and post.
Miguel
Miguel Fra / Falcon ITS
Computer & Network Support, Miami, FL
Visit our Knowledgebase Sharepoint Site