mx lookup not working for 2 domains

[KenC]

I am having problems with our Exchange server not being able to send mail to
some domains, many AOL. I have tracked it down to a DNS problem. I have our
exchange server on one box and a DC and DNS running on another box. When I
go to a command prompt and type nslookup and then set type=mx, then type
aol.com, I get DNS request timed out. This happens on both the exchange
server and on the DC. I am able to get responses on other domains but not
aol. I am also having this problem with one other domain.
I don't have the dns setup with forwards, and I did upgrade to exchange 2003
and windows 2003.

Any ideas on this?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I am having problems with our Exchange server not being able to send
mail to some domains, many AOL. I have tracked it down to a DNS
problem. I have our exchange server on one box and a DC and DNS
running on another box. When I go to a command prompt and type
nslookup and then set type=mx, then type aol.com, I get DNS request
timed out. This happens on both the exchange server and on the DC. I
am able to get responses on other domains but not aol. I am also
having this problem with one other domain.
I don't have the dns setup with forwards, and I did upgrade to
exchange 2003 and windows 2003.

Any ideas on this?

You most likely don't have a reverse lookup for your mail server IP address.
Check with www.dnsstuff.com for your reverse lookup is the easy way to
check.

 

[Jonathan de Boyne Pollard]

K> I am having problems with our Exchange server not being able
K> to send mail to some domains, many AOL. [...] I did upgrade
K> to [...] windows 2003.

<URL:http://groups.google.com/[email protected]>

 

[KenC]

I tried setting the timout to 10, 20, 30 seconds and it still does not come
back with the MX record. When I try to query the aol name servers I get just
the root servers. I am able to ping the aol mail servers
(mailin-01.mx.aol.com) by name and it does resolve. I cleared the cache and
tried it again, but that didn't help.
I currently just have the one DNS server on the DC, and that is the only ip
address in the mail server for a DNS. I could try settting up another DNS
server on the exchange server, it wouldn't hurt to have a backup DNS server.

 

[KenC]

Here is the fix for it. I couldn't find anything on how to disable it on the
firewall, so I posted to another news group and they gave me this info.

EDNS is at your Windows 2003 level, not at the PIX level.
According to
http://archives.neohapsis.com/archives/ntbugtraq/2003-q2/0071.html
You can disable EDNS-0 in your W2K3 DNS server by running this command:
dnscmd /Config /EnableEDnsProbes 0

 

[Dmitry Korolyov]

When you say that you can successfully resolve other domains, do you mean
external or internal domains? Have you configured your firewall to allos DNS
requests from your DNS server to flow into the internet - to resolve all
external names? The problem seems to be in the firewall for me, although it
is not clear why you cannot resolve only some domains. Maybe it's your ISP
blocking certain traffic?