Domain Not responding to DNS requests
We are in the proces of migrating from a exchange 2003 server to exchange 2007. everything was working fine then the exchange 2003 server went down. we removed the server from the domain and believe we have the exchange 2007 server configured correctly to
recieve mail. but the server will not receive email. if I run telnet servername.domainname 25 I get a the correct response but when I do the same test just to the domain name it fails
telnet domainname 25 times out so I believe this is my problem with recieving mail but I can not figure out how to resolve this issue.
I have a valid mx record in my dns and forward and reverse lookup zones are all configured and double checked to make sure that the records are as they should be.
I ran best practicese on the exchange 2007 and it does not come up with any errors.
I have 2 domain controllers running 2003 32 bit and are both dns servers
1 exchange server running server 2003 64 bit and exchange 2007
Any suggestions on what to check ?
February 15th, 2011 8:06pm
Please go to https://testexchangeconnectivity.com and do an inbound mail flow test and post the results.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 8:30pm
Testing inbound SMTP mail flow for domain
person@comapny.com.
Inbound SMTP mail flow was verified successfully.
Test Steps
Attempting to retrieve DNS MX records for domain company.com.
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host Server.company.com, Preference 10
Testing Mail Exchanger Server.company.com .
This Mail Exchanger was tested successfully.
Test Steps
Attempting to resolve the host name Server.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 100.100.100.100
Testing TCP port 25 on host Server.company.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Banner received: 220 Server.company.com Microsoft ESMTP MAIL Service ready at Tue, 15 Feb 2011 20:43:09 -0500
Attempting to send a test e-mail message to
person@company.com using MX Server.company.com.
The test message was delivered successfully.
Testing the MX essex.dsa-nwk.rutgers.edu for open relay by trying to relay to user
Admin@TestExchangeConnectivity.com.
The Open Relay test passed. This mx isn't an open relay.
Additional Details
The open relay test message delivery failed, which is a good thing.
The exception detail:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpOpenRelayTest.PerformTestReally()
February 15th, 2011 8:50pm
Looks good, so you didn't get the test email from
Admin@TestExchangeConnectivity.com to your mailbox?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 8:53pm
the problem comes I believe when servers are doing a revierse dns check on my domain and they do not get a response if the check is not done then the mail gos through.
February 15th, 2011 8:55pm
Ahh I see, go to http://www.mxtoolbox.com/ReverseLookup.aspx and enter your domain.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 9:05pm
I get a reverse dns failed error and I also get
Warning - Reverse DNS does not match SMTP Banner
I double check my reverse dns and I have a valid prt record with the correct ip
February 15th, 2011 9:18pm
If you go to http://www.mxtoolbox.com/ enter your domain and do mx lookup, smtp test link, reverse lookup link. You should get response like below. Are you getting failed?
OK - x.x.x.x resolves to smtp.company.com
OK - Reverse DNS matches SMTP Banner
0 seconds - Good on Connection time
Not an open relay.
0.250 seconds - Good on Transaction time
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 9:21pm
ok I did this 2 times and both of my dns servers answered the mx lookup (one each time) but when a ran the smtp diag I got
Timeout occurred due to inactivity.
2/15/2011 8:35:06 PM Connection attempt #1 - Timeout occurred due to inactivity. [16.22 sec]
February 15th, 2011 9:37pm
Don't worry about that, it seems your ptr record is incorrect if you're getting the
Reverse DNS does not match SMTP Banner. Please double check that your external mail IP has a reverse ptr record.
From a computer outside your network do:
nslookup -type=ptr MyExternalMailIP
Server: cdns2.cox.net
Address: 68.105.28.12
Non-authoritative answer:
x.x.x.x.in-addr.arpa name = mail.company.com
If you're not getting a resolution above in bold you either have an incorrect reverse record or you're actually don't own your IP space and you need your ISP to enter the reverse record.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 9:46pm
We do not have an ISP with the ptr we are in a subdomain of a university and the university is forwarding the dns traffic to our dns subdomain. I ran the command from a different network on campus and returned the following results
Server:
customer2.com
Address:
xxx.xxx.xxx.xxx
domainname.com
primary name server = servername.domainname.com
responsible mail addr = hostmaster
serial = 14111
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
February 15th, 2011 10:18pm
Just to recap the issue, sending to some domains fail because you suspect that you don't have a valid ptr record? Does your Exchange server send out to the internet or do you have a gateway SMTP server? I would start looking at your SMTP logs to see why
the particular emails are failing. The logs will tend to be fairly specific on why it's failing and point out if it's due a missing ptr record.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 10:32pm
Run the command from outside your campus network.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
February 15th, 2011 10:35pm
I ran the command from home and recieved the same results as above when run from a different network on campus. The reverse dns was working until the 2003 server went down it seems that there is a disconnect between the domainname and smtp server
it is like the domain does not known about the smtp server it does not know which server to pass the request to for the reply.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 8:59am
Does your Exchange server send directly to the internet? Can you see if your internet send connector's FQDN matches the DNS hostname?
1. EMC
2. Org Config, Hub Transport, Send Connectors
3. Internet Connector Properties, specify the FQDN this connector will provide in response to HELO or EHLO.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
February 16th, 2011 9:40am
Yes the FQDN is in the SMTP connector.
found a few things wrong one is the my two domain controllers were not syncing Fixed that issue by removing the second domain controller and readding it. also added the Exchange 2007 server as a domain controller with dns enabled. I can
now telnet to the domain port 25 and get the correct response but in the email queue i and still getting rejections from other servers on dns reverse lookup. I check the the reverse lookup with the site you suggested earlier. and this is the result I
get back
No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:25
but the ip address returned is not the mail server it is the main domain controller. how does the domain respond to smtp requests when the smtp request is sent to the domain port 25 shouldn't the answering domain controller respond back with the correct email
server ip address or forward the request to the email server and have it answer ? is there some setting in the dns that has to be set to respond to outside dns queries ? or the email server ?
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 1:44pm
You're running into some DNS mixups. Your DC is answering because your internal AD domain name resolves to all your DCs. Is your internal domain name the same as your external email domain name? Also not best practice to have Exchange
on same box as DC, you run into separate configuration managment scenarios that can cause headaches down the road.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
February 16th, 2011 1:57pm
yes inside and outside domain names are the same.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 2:08pm
In your external send connector, add your external DNS server addresses to be used in addition to your internal DNS setup. This seems to resolve the problems for our customers.....
February 16th, 2011 2:14pm
Who hosts your public DNS? Is your internal AD\DNS server also your public DNS server?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 3:00pm
yes we host the public and it is the same as the internal main dns is like university.edu and we are a subdomain. so the universities main dns server forward all requests to the dns servers listed for the subdomain whick are the 3 domain controllers
February 16th, 2011 3:54pm
I see, that makes sense then. You're experiencing the headaches of not using separate internal and external DNS namespace. When you send email externally, destination domains block your email after they do a ptr lookup. The ptr lookup looks up the external
IP of your mail server but resolves to your DCs because your internal and external name are the same.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 4:11pm
yes that seems to be correct, any suggestions, I have another domain where this is working fine and this current domain use to work fine before the server problem.
February 16th, 2011 4:37pm
Hmm, maybe you were relaying through a smarthost before?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 4:43pm