DNS lookup stops at 2 mx records

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

We recently upgraded our W2K/Exchange2000 box to SP4 (OS)
and Exchange SP3. After doing so, several domains that we
send messages to generate NDRs (ie. capgroup.com,
pcb.ub.es,ucla.edu). We could email these domains prior
to the SP upgrades. The common thread with the domains
that we cannot connect to is that they have multiple mx
records with mail relays. Apparently DNS will now only
attempt to connect to the 2 lowest mx records and then
fail. I have verifed this by examining the
c:\winnt\system32\logfiles\smtpsvc1\*.log. Within these
files you will see entries like:

149.142.194.218 OutboundConnectionResponse - 25
149.142.194.218 OutboundConnectionCommand - 25
149.142.194.14 OutboundConnectionResponse - 25
149.142.194.14 OutboundConnectionCommand - 25

In this case it only tried the first two email servers at
ucla.edu, which then results in the message being stuck in
the outbound queue. We have a reverse pointer record with
our ISO and I have run a successful scan on
www.dnsreports.com for our domain.

Any suggestions?

Peter Hope
IT Manager
Locus Pharmaceuticals, Inc.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1ffa701c4589c$162d0c50$a101280a@phx.gbl,
Peter Hope <phope@locuspharma.com> posted their thoughts, then I offered
mine
> We recently upgraded our W2K/Exchange2000 box to SP4 (OS)
> and Exchange SP3. After doing so, several domains that we
> send messages to generate NDRs (ie. capgroup.com,
> pcb.ub.es,ucla.edu). We could email these domains prior
> to the SP upgrades. The common thread with the domains
> that we cannot connect to is that they have multiple mx
> records with mail relays. Apparently DNS will now only
> attempt to connect to the 2 lowest mx records and then
> fail. I have verifed this by examining the
> c:\winnt\system32\logfiles\smtpsvc1\*.log. Within these
> files you will see entries like:
>
> 149.142.194.218 OutboundConnectionResponse - 25
> 149.142.194.218 OutboundConnectionCommand - 25
> 149.142.194.14 OutboundConnectionResponse - 25
> 149.142.194.14 OutboundConnectionCommand - 25
>
> In this case it only tried the first two email servers at
> ucla.edu, which then results in the message being stuck in
> the outbound queue. We have a reverse pointer record with
> our ISO and I have run a successful scan on
> www.dnsreports.com for our domain.
>
> Any suggestions?
>
> Peter Hope
> IT Manager
> Locus Pharmaceuticals, Inc.

The only thing I can see different is with those domains you mentioned they
seem to have a large return result, and when the result is larger than 512
bytes, the transport is changed from UDP to TCP to accomodate, unless EDNS0
is used (but that's only with W2k3 DNS). Any query attempt uses UDP first
unless the result is greater then 512 bytes, which then TCP is attempted.
Using nslookup I couldn't see the full results until I did a "set vc" which
forces it to use TCP instead of UDP.

My only thought is a firewall?
Are you using a forwarder? If not, try using 4.2.2.2.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:ejU137LWEHA.644@tk2msftngp13.phx.gbl,
Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com>
posted their thoughts, then I offered mine
>
> The only thing I can see different is with those domains you
> mentioned they seem to have a large return result, and when the
> result is larger than 512 bytes, the transport is changed from UDP to
> TCP to accomodate, unless EDNS0 is used (but that's only with W2k3
> DNS). Any query attempt uses UDP first unless the result is greater
> then 512 bytes, which then TCP is attempted. Using nslookup I
> couldn't see the full results until I did a "set vc" which forces it
> to use TCP instead of UDP.
>
> My only thought is a firewall?
> Are you using a forwarder? If not, try using 4.2.2.2.

I wanted to add, here's more information on the TCP vs UDP use, which this
one states that it uses TCP by default.
263237 - XCON Windows 2000 and Exchange 2000 SMTP Use TCP DNS Queries:
http://support.microsoft.com/default.aspx?scid=kb;en-us;263237

But do try that forwarder. If you feel the forwarder is not working, you can
force the SMTP service to use a DNS server other than your internal servers.
:

Scroll down to the "Query an Exchange SMTP Service External DNS Server"
section:
http://www.tacteam.net/isaserverorg/exchangekit/dnssupport/dnssupport.htm

Hope all of these options steer you in the right direction. I would try the
forwarder first.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace,

Maybe so... however when you try to telnet to these
domains two lowest mx-valued email servers on port 25 you
cannot connect. The higher valued mail servers allow
connections. I don't understand why someone would deny
mail connections on the highest priority mail server
unless they are being used in some sort of anti-spam
configurations. Any thoughts?...

Peter.
>-----Original Message-----
>In news:ejU137LWEHA.644@tk2msftngp13.phx.gbl,
>Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com
>
>posted their thoughts, then I offered mine
>>
>> The only thing I can see different is with those
domains you
>> mentioned they seem to have a large return result, and
when the
>> result is larger than 512 bytes, the transport is
changed from UDP to
>> TCP to accomodate, unless EDNS0 is used (but that's
only with W2k3
>> DNS). Any query attempt uses UDP first unless the
result is greater
>> then 512 bytes, which then TCP is attempted. Using
nslookup I
>> couldn't see the full results until I did a "set vc"
which forces it
>> to use TCP instead of UDP.
>>
>> My only thought is a firewall?
>> Are you using a forwarder? If not, try using 4.2.2.2.
>
>I wanted to add, here's more information on the TCP vs
UDP use, which this
>one states that it uses TCP by default.
>263237 - XCON Windows 2000 and Exchange 2000 SMTP Use TCP
DNS Queries:
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;263237
>
>But do try that forwarder. If you feel the forwarder is
not working, you can
>force the SMTP service to use a DNS server other than
your internal servers.
>:
>
>Scroll down to the "Query an Exchange SMTP Service
External DNS Server"
>section:
>http://www.tacteam.net/isaserverorg/exchangekit/dnssupport
/dnssupport.htm
>
>Hope all of these options steer you in the right
direction. I would try the
>forwarder first.
>
>
>
>
>--
>Regards,
>Ace
>
>Please direct all replies to the newsgroup so all can
benefit.
>This posting is provided "AS-IS" with no warranties and
confers no
>rights.
>
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>Microsoft Windows MVP - Active Directory
>
>HAM AND EGGS: A day's work for a chicken; A lifetime
commitment for a
>pig. --
>=================================
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:2d4301c45adb$a0002c00$3a01280a@phx.gbl,
anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com>
posted their thoughts, then I offered mine
> Ace,
>
> Maybe so... however when you try to telnet to these
> domains two lowest mx-valued email servers on port 25 you
> cannot connect. The higher valued mail servers allow
> connections. I don't understand why someone would deny
> mail connections on the highest priority mail server
> unless they are being used in some sort of anti-spam
> configurations. Any thoughts?...
>
> Peter.

I tried to connect to snog2.capgroup.com and it didn't connect. Maybe
they're down or their records are out of date. Not much you can do about
that. Did you call their NOC and ask them?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace,

I didn't call their NOC. The fact that this is happening
with other domain (of which you can't connect to their
lowest numbered MX records) leads me to believe that the
problem is not only with their confiuration. This looks
to me as some sort of anti-spam strategy. Do you think
that the problem manifested itself as a result of Exchange
SP3 or W2K SP4 application? Can Exchange SP3 be rolled
back?

Peter.

>-----Original Message-----
>In news:2d4301c45adb$a0002c00$3a01280a@phx.gbl,
>anonymous@discussions.microsoft.com
<anonymous@discussions.microsoft.com>
>posted their thoughts, then I offered mine
>> Ace,
>>
>> Maybe so... however when you try to telnet to these
>> domains two lowest mx-valued email servers on port 25
you
>> cannot connect. The higher valued mail servers allow
>> connections. I don't understand why someone would deny
>> mail connections on the highest priority mail server
>> unless they are being used in some sort of anti-spam
>> configurations. Any thoughts?...
>>
>> Peter.
>
>I tried to connect to snog2.capgroup.com and it didn't
connect. Maybe
>they're down or their records are out of date. Not much
you can do about
>that. Did you call their NOC and ask them?
>
>
>--
>Regards,
>Ace
>
>Please direct all replies to the newsgroup so all can
benefit.
>This posting is provided "AS-IS" with no warranties and
confers no
>rights.
>
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>Microsoft Windows MVP - Active Directory
>
>HAM AND EGGS: A day's work for a chicken; A lifetime
commitment for a
>pig. --
>=================================
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:2ef501c45e05$0bff88c0$3a01280a@phx.gbl,
anonymous@discussions.microsoft.com in <anonymous@discussions.microsoft.com>
posted their thoughts, then I offered mine
> Ace,
>
> I didn't call their NOC. The fact that this is happening
> with other domain (of which you can't connect to their
> lowest numbered MX records) leads me to believe that the
> problem is not only with their confiuration. This looks
> to me as some sort of anti-spam strategy. Do you think
> that the problem manifested itself as a result of Exchange
> SP3 or W2K SP4 application? Can Exchange SP3 be rolled
> back?
>
> Peter.
>

Hmm, honestly I can't see Ex SP3 doing this at all. This is a lookup issue.
If you or I can't connect using telnet, then I can't see a server being able
to do so. Make sense? If its an antispam strategy, its a lame one.

The only thing that broke with Windows SP4 is only if you have a single
label AD DNS domain name. I'm assuming that's not the case here. Otherwise,
nothing else.

I would suggest to give them a call and see what they have to say, just to
rule that out. If I hear of anything else, I'll post back.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================