MX Records for external domains not resolving properly

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I have recently installed 2 new Windows 2003 DC's running as DNS servers.
These servers seem to function fine with the exception of how they handle MX
records of external domains. I can resolve A record lookups fine, but when
I try to locate the MX records in the same external domains I get DNS
request timed out messages.

For example if I do the following commands:

> Nslookup
> mx1.earthlink.net

I receive the following:

Server: dc03.ri.org
Address: 10.100.169.209

Name: mx1.earthlink.net
Address: 209.86.93.226

If I try to locate the MX records for the Earthlink domain by trying the
following:

>set q=mx
>earthlink.net

I receive DNS request timeout messages on my Windows 2003 servers.

My 2 other Windows 2000 DNS servers have no problems resolving the query
properly. Any suggestions would be appreciated.

Thanks.

Steve

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Steve Mart wrote:
> I have recently installed 2 new Windows 2003 DC's running as DNS
> servers. These servers seem to function fine with the exception of
> how they handle MX records of external domains. I can resolve A
> record lookups fine, but when I try to locate the MX records in the
> same external domains I get DNS request timed out messages.
>
> For example if I do the following commands:
>
>> Nslookup
>> mx1.earthlink.net
>
> I receive the following:
>
> Server: dc03.ri.org
> Address: 10.100.169.209
>
> Name: mx1.earthlink.net
> Address: 209.86.93.226
>
> If I try to locate the MX records for the Earthlink domain by trying
> the following:
>
>> set q=mx
>> earthlink.net
>
> I receive DNS request timeout messages on my Windows 2003 servers.
>
> My 2 other Windows 2000 DNS servers have no problems resolving the
> query properly. Any suggestions would be appreciated.
>
> Thanks.
>
> Steve

You'll either want to disable the new EDNS0 feature or update your firewall
to support the new industry feature.

832223 - Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS
Server to Windows Server 2003:
http://support.microsoft.com/?id=832223


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thank you. The problem was resolved by changing a command in our firewall
to allow for EDNS0 packets.

Steve

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:uPloM2SXFHA.3540@TK2MSFTNGP15.phx.gbl...
> Steve Mart wrote:
> > I have recently installed 2 new Windows 2003 DC's running as DNS
> > servers. These servers seem to function fine with the exception of
> > how they handle MX records of external domains. I can resolve A
> > record lookups fine, but when I try to locate the MX records in the
> > same external domains I get DNS request timed out messages.
> >
> > For example if I do the following commands:
> >
> >> Nslookup
> >> mx1.earthlink.net
> >
> > I receive the following:
> >
> > Server: dc03.ri.org
> > Address: 10.100.169.209
> >
> > Name: mx1.earthlink.net
> > Address: 209.86.93.226
> >
> > If I try to locate the MX records for the Earthlink domain by trying
> > the following:
> >
> >> set q=mx
> >> earthlink.net
> >
> > I receive DNS request timeout messages on my Windows 2003 servers.
> >
> > My 2 other Windows 2000 DNS servers have no problems resolving the
> > query properly. Any suggestions would be appreciated.
> >
> > Thanks.
> >
> > Steve
>
> You'll either want to disable the new EDNS0 feature or update your
firewall
> to support the new industry feature.
>
> 832223 - Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS
> Server to Windows Server 2003:
> http://support.microsoft.com/?id=832223
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Paramount: What's up with taking Enterprise off the air??
> Infinite Diversities in Infinite Combinations.
> =================================
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Steve Mart wrote:
> Thank you. The problem was resolved by changing a command in our
> firewall to allow for EDNS0 packets.
>
> Steve

Good to hear!

Ace

 

[obiwan]

Archived from groups: microsoft.public.win2000.dns (More info?)

>> Thank you. The problem was resolved by
>> changing a command in our firewall to allow
>> for EDNS0 packets.

>> > Good to hear!

Well, the above fixed the UDP "oversized" packets
(EDNS0) issue; but since you're at it I'd also check
if your firewall is allowing DNS traffic over TCP, to do
so, just try the following

nslookup
server 4.2.2.2
set vc
set type=mx
earthlink.net

the second line tells to nslookup to use an external
server, the third to use TCP queries in place of UDP
ones, if the firewall isn't blocking TCP DNS traffic then
the last line (the query) should get an answer otherwise
you'll need to setup your firewall to allow DNS query
traffic to flow toward external servers (to 53/TCP)

Regards

--

* ObiWan

Microsoft MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://mvp.support.microsoft.com

DNS "fail-safe" for Windows clients.
http://www.ntcanuck.com

Newsgroups and forums
news://news.ntcanuck.com
http://forums.ntcanuck.com

408+ XP/2000 tweaks and tips
http://www.ntcanuck.com/tq/Tip_Quarry.htm