Unable to resolve MX-records

Discussion in 'DNS Server' started by Rudy Steyaert, Dec 16, 2004.

  1. I have trouble resolving MX-records since a couple of weeks now.
    I finally got some clue. As soon as I *remove* all forwarders (the ones
    from our ISP, which definitely work), MX-records are resolved immediately.
    What is wrong with forwarders ? What can I have configured wrongly ?
    TIA
    Rudy Steyaert
     
    Rudy Steyaert, Dec 16, 2004
    #1
    1. Advertisements

  2. Rudy Steyaert

    Sharad Naik Guest

    Hello Rudy,
    First of all till the problem is solved work without the forwarders since
    your DNS server appears to be
    resolving correct through Root Hints.

    Please inform us following:
    1. Is your DNS server a win 2003 server ?
    2. Is it behind a firewall / router?

    Now this could be a loooong shot. If both above are true then mostly the
    issue is ENDS Probes. Please see the link below, how to disable EDNS Probes
    on your Server.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;828731

    It might be possible that since couple of weeks your
    ISP has upgraded his DNS servers to Win 2003, with EDNS Probes enabled.
    If you are behind a firewall/router which does not support EDNS, you will
    not
    get the correct answer.

    The actual Names Server holding the MX record might not have EDNS probes
    enabled , in which case you will get correct answer, through Root Hints.

    Sharad
     
    Sharad Naik, Dec 16, 2004
    #2
    1. Advertisements

  3. Hello Sharad

    1. DNS is indeed on a win2003 server (sorry forgot to mention).
    2. It is behind ISA 2004 server. I already looked over and over again, but
    I don't see anything beiing blocked here.

    A couple of weeks ago, Kevin D. Goodknecht (who does a great job here) made
    me look at the EDSN0 issue, but I don't have a PIX firewall and my provider
    states that he supports EDNS0.

    Strange thing is that if I try several times to resolve manually, all over
    sudden it works without changing anything. So, it can hardly be a EDSN0 or
    firewall issue ?
    I wonder if it could be a caching or TTL- related problem (maybe bug) in
    combination with forwarders ?

    Well, I can work with roothints, but I would like to 'resolve' :eek:) this
    problem (even if it is merely from an academical point of view).
    Thanks for your comments!
    Regards
    Rudy Steyaert
     
    Rudy Steyaert, Dec 16, 2004
    #3
  4. Rudy Steyaert

    Sharad Naik Guest

    Did you already try with disabling EDNS probes? If yes what was the result?
    The response may not be always a UDP packet, it could be TCP packet too
    so this behaviour does not rule out EDNS issue.
    I don't think so. I have my DNS on win 2003 server, I use forwarders, I
    am behind a router which does not support EDNS and working with ENDS
    probes disabled since about more than a year. Never faced any such problem
    or to say any other problem with DNS. And in case it indeed is a caching
    problem, everytime you flush dns, it should resolve correctly.

    Are you sure you have problems ONLY with MX records?
    Any other website problems? May be users did not inform you
    thinking the website might be actually down?

    Sharad
     
    Sharad Naik, Dec 16, 2004
    #4
  5. My ISP is investigating the problem So for now I did not disable it, but I
    will try.
    After I do a manual lookup TYPE=ALL, and then again MX, the MX resolves
    immediately.
    That's why I'm thinking in the direction of cache or TTL ?
    Only MX for now.
     
    Rudy Steyaert, Dec 17, 2004
    #5
  6. RS> As soon as I *remove* all forwarders [...], MX-records are resolved
    RS> immediately. What is wrong with forwarders ?

    That's a question that you should be asking the people whose servers you
    were forwarding queries to, not us.
     
    Jonathan de Boyne Pollard, Dec 19, 2004
    #6
  7. I did, they are investigating my question. But they too point the finger to
    me, suggesting I configured (perhaps firewalled) something wrong (I did
    not). I'm trying to collect information here and perhaps arguments to make
    them look deeper. Perhaps a few people will tell me here that MS-DNS on Win
    2003 can't handle forwarders well I can stop digging can't I ? Or perhaps
    someone will point me to register setting #39838947398463 to correct the
    problem. This would not be the first time !

    Further, I don't understand your reaction. If all questions that pop-up
    here could and should be asked to the people which are responsible for the
    corresponding problems, there would be no much use of these newsgroup. I
    was helped, and I have seen great help (amongst others from you) for more
    basic problems then this one.

    I'm about as far away of a DNS-guru someone can be, but if I see an
    opportunity to help someone here (with my also basic and humble knowlegde) I
    will. Also, since stupid questions do not exist, I will keep asking
    questions as I like. That's what these newsgroups are all about.

    Regards and thanks for your time
    Rudy Steyaert
     
    Rudy Steyaert, Dec 19, 2004
    #7
  8. Rudy Steyaert

    Todd J Heron Guest

    Maybe you made a typo on an entry for your ISP DNS server in the Forwarders
    tab? I've seen this happen before by a poster to this newsgroup.
     
    Todd J Heron, Dec 19, 2004
    #8
  9. No, thanks but I checked this over and over again. The IP's of the
    forwarders are OK, they even resolve the records fine when I connect
    directly to them (from the DNS-servers console). But they do not function
    as forwarders. The MX records do not resolve, unless I do manually a lookup
    with type=all (which, I assume, caches all information).
     
    Rudy Steyaert, Dec 19, 2004
    #9
  10. In
    Then I must ask why you would want to use those DNS servers as forwarders?
    Forwarders are not required and in your case seem to be the cause of your
    failures.

    Show us an output of a query to these servers using nslookup -d2


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Dec 19, 2004
    #10
  11. Rudy Steyaert

    Sharad Naik Guest

    If I were you I would two things first:
    1. Try with ISP's DNS server as forwarders with EDNS probes disabled.

    2. Try with some different forwarder. You can set the forwarder to IP
    address: 4.2.2.2 and try.

    Sharad
     
    Sharad Naik, Dec 20, 2004
    #11
  12. Hello Kevin
    I had a few NT4 servers including DNS, proxy and Exchange 5.5, website ...
    A couple of months ago, I started configuring new servers for WIN 2003. For
    DNS I just copied the existing parameters to the new servers, including the
    forwarders. It worked for years on the NT4 machine. It's only after
    installing Exchange 2003 and observing the queues there that I saw the
    resolve problems. They are not always there, it works for days, then over
    sudden it pop-ups again.

    At first, I had a typing error in the IP-address of one of the forwarders.
    Then, it took a long time to resolve (mx-records but also a-records, cnames
    etc...). You can imagine I was not very pleased with my new 2003 killer
    server. But, after I found this stupidity I found my DNS extremely
    responsive. That's why I found the delays in the exchange queues so
    strange.

    Why use forwarders. Good question. Because my provider said me to do so
    back in 1997, and I never give it any thought no more until now. The only
    reasons I can think of is avoiding a trip to a root server when I can take
    profit of the cache of my provider nearby, and perhaps reduce the load on
    the root servers when everybody does so ?

    But, it works now, so indeed I will leave them away. But, this still leaves
    me with the unsolved question why something that should work doesn't. I'd
    be more happy to know why.
    Reconfigured with forwarders again, but can't produce the problem, it works.
    Grrrrrrrrrrrrrrrrr
     
    Rudy Steyaert, Dec 20, 2004
    #12
  13. Good idea, I'll try that (as soon as I can regenerate the problem, I can't
    now, it's gone again).
     
    Rudy Steyaert, Dec 20, 2004
    #13
  14. Rudy Steyaert

    magician Guest

    This is interesting as we have a very similar problem. We first noticed it in
    exactly the same circumstances - Our Exchange 2003 servers were sending ndr's
    to staff after having problems resolving a name. As far as we are aware there
    is only one name that cannot be resolved.

    Also, to make things worse - this only happens occasionally! Sometimes it
    will work, sometimes it won't. When it doesn't work on one server I can do
    the lookup on a second identical server and it's successful.

    While looking into the problem we do get an entry in the cached results but
    ONLY for ns records. No MX or any other.

    Just yesterday I have discovered what appears to be exactly the same problem
    except its an A record (for www no less) that I cannot get. This is for a
    major site and I would hope they are running decent kit!

    I usually manage to resolve the probelm by deleting the cached zone and
    forcing it to recreate itself. (How does this work if the zone contains the
    same NS records before and after deletion???)

    I'm very interested in the EDNS fix but wonder if it's applicable in this
    case? If I can sometimes resolve the records I want surely the NS at the
    other end is compatible with EDNS???

    What are the advantages of EDNS and any disadvantage if we turn it off???

    We have no forwarders at all and queries go through ISA2004 firewalls and
    also GB1000.
     
    magician, Dec 23, 2004
    #14
  15. Hello magician

    I had the same problem yesterday (and now without forwarders configured). I
    would not have mentioned it without your post. There is 'something', but I
    can't get my finger point to it for now :O(
    Looking further ...
    Regards
    Rudy Steyaert
     
    Rudy Steyaert, Dec 23, 2004
    #15
  16. Rudy Steyaert

    Sharad Naik Guest

    When EDNS is enabled, it caches whether the other server supports EDNS or
    not .
    By default time value for this information is one week. Thus if a Server is
    supporting
    ENDS, your server will for one week assume that it does so.
    So if other server in betwwen disables EDNS (for whatever resaon), or goes
    behind
    a firewall / router not supporting EDNS(ISP's can change routing), for the
    remaining
    days of the week, your DNS is assuming that it does support ENDS, the other
    server
    will cause error.
    When you clear the cache the DNS server will again check first it the other
    server
    supports EDNS or not and find that it doen's support, will not send larger
    UDP packets
    and the name will be resolved.
    So same NS record earlier and later but now it is working.
    You can try reducing the EDNSCacheTimeOut.

    Please see below link for some details about EDNS and how to change the
    EDNSCacheTimeout.

    http://www.microsoft.com/resources/...rd/proddocs/en-us/sag_DNS_imp_EDNSsupport.asp

    The advantage of ENDS is that, since it can work with larger UDP packets,
    no. of packets are reduced in the transaction, resolving is faster.
    With EDNS enabled, this will work only with other servers which support
    EDNS, there could be several ones which are not supporting, where your
    DNS server will not use EDNS packets. Disadvantage of turning it off is
    this faster resolving with other server DNS supporting ENDS, will take
    normal time as for the ones not suppprting EDNS.

    Sharad
     
    Sharad Naik, Dec 24, 2004
    #16
  17. Rudy Steyaert

    magician Guest

    Thanks Sharad! We are now closed until next year now but if I get really
    bored over the holiday I might run a few tests.
    But then again :)
    Have a great Christmas. Best wishes for the New Year!
     
    magician, Dec 24, 2004
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.