I did consider that. Even after repeated retries for the mx records of aol.com to the Windows 2003 DNS they still timed out. After that I changed the timeout to 15 seconds for testing. Same results.
If I clear the cache on the Windows 2000 DNS, it will give me a time out on the first attempt, the if I follow it right up with a second request I has fetched the records into cache just fine. It seems like the Windows 2000 server will wait a bit longer to get the data from a congested server and then add the data to the cache, but the Windows 2003 DNS does not. ----------------------- Miles Holt, MCP Network Engineer Summit Marketing [EMAIL PROTECTED] 770-303-0426 ----------------------- "Show me a completely smooth operation and I'll show you someone who's covering mistakes. Real boats rock." - Frank Herbert, "Chapterhouse: Dune" -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 5:14 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Lookup Problem - Windows 2003 I'm guessing, but the timeout may be just that: a timeout while waiting for the recursive query to finish. I believe by default you only have a count of 5 to get the answer or fail and you may be over that limit. When you make the request, if the result is returned, it get's cached and that would explain why next time you try it's there and would also explain why your queries sometimes work to large organizations and sometimes fail - it's cached and able to be retrieved fast enough to be under the timeout. Al -----Original Message----- From: ml.adlist [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 3:37 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Lookup Problem - Windows 2003 I may be using the wrong terminology to explain what I am trying to do. What I need it to do is for any domain request that the server receives that it is not hosting, walk the tree through the root zones on to the correct DNS server and find the answer. The Windows 2000 DNS is doing this for everything. The Windows 2003 DNS is not, which is what stumps me. We use PIX firewalls, no proxies. If the internal DNS is shut down, you can't get anything at all. I just tried it again and got a very odd result. I setup my workstation to only use one of my DNS servers. I then set that DNS server to not forward to my external servers, restarted the dns service and cleared its cache. Then I did a nslookup against it to bestbuy.com. I got replies for www.bestbuy.com, and using 'set type=mx" for bestbuy.com got the mx records. Without changing any settings I did the same to aol.com and it timed out with no reply (like most of the domains). I then did the same with the server set to forward to my external DNS and got a instant reply. Below is the output. Default Server: atldc2.summitmg.com Address: 10.100.x.x > www.bestbuy.com Server: atldc2.summitmg.com Address: 10.100.x.x Non-authoritative answer: Name: a1103.gc.akamai.net Addresses: 208.254.0.17, 208.254.0.32 Aliases: www.bestbuy.com, www.bestbuy.com.edgesuite.net > set type=mx > bestbuy.com Server: atldc2.summitmg.com Address: 10.100.x.x bestbuy.com MX preference = 5, mail exchanger = tag5.bestbuy.com bestbuy.com MX preference = 5, mail exchanger = tag6.bestbuy.com tag5.bestbuy.com internet address = 205.215.216.98 tag6.bestbuy.com internet address = 198.22.123.162 > aol.com Server: atldc2.summitmg.com Address: 10.100.x.x DNS request timed out. timeout was 2 seconds. *** Request to atldc2.summitmg.com timed-out Below is after I set it to forward to my other server. > aol.com Server: atldc2.summitmg.com Address: 10.100.x.x Non-authoritative answer: aol.com MX preference = 15, mail exchanger = mailin-04.mx.aol.com aol.com MX preference = 15, mail exchanger = mailin-01.mx.aol.com aol.com MX preference = 15, mail exchanger = mailin-02.mx.aol.com aol.com MX preference = 15, mail exchanger = mailin-03.mx.aol.com mailin-04.mx.aol.com internet address = 64.12.136.153 mailin-04.mx.aol.com internet address = 64.12.137.121 mailin-04.mx.aol.com internet address = 64.12.137.152 mailin-04.mx.aol.com internet address = 64.12.138.89 mailin-04.mx.aol.com internet address = 64.12.138.152 mailin-04.mx.aol.com internet address = 152.163.224.122 mailin-04.mx.aol.com internet address = 205.188.156.154 mailin-01.mx.aol.com internet address = 64.12.137.89 mailin-01.mx.aol.com internet address = 64.12.137.184 mailin-01.mx.aol.com internet address = 64.12.138.57 mailin-01.mx.aol.com internet address = 64.12.138.152 mailin-01.mx.aol.com internet address = 152.163.224.26 mailin-01.mx.aol.com internet address = 205.188.156.122 mailin-01.mx.aol.com internet address = 64.12.136.57 mailin-02.mx.aol.com internet address = 64.12.138.120 mailin-02.mx.aol.com internet address = 64.12.136.89 mailin-02.mx.aol.com internet address = 64.12.136.121 mailin-02.mx.aol.com internet address = 64.12.137.89 mailin-02.mx.aol.com internet address = 64.12.137.184 mailin-02.mx.aol.com internet address = 64.12.138.89 > www.aol.com Server: atldc2.summitmg.com Address: 10.100.x.x Non-authoritative answer: www.aol.com canonical name = www.gwww.aol.com > I am REALLY confused now. It seems to be hit or miss, but misses the largest sites and jambs up email as a result. Miles -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 2:37 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Lookup Problem - Windows 2003 Recursive lookups are doing what for you? Are they handling the lookup for you and returning the answer to the client for MX records or are they referring your client? My guess is that your web browsing works because of a proxy server or firewall that has the ability to chase the records or is even just using the external servers for name resolution (why ask an internal DNS server for an external address right?) Is this the case? -----Original Message----- From: ml.adlist [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 2:13 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] DNS Lookup Problem - Windows 2003 I am having an issue with a Windows 2003 AD integrated DNS server doing recursive lookups to find MX records for my outbound mail. Prior to our AD deployment, we were running split brained DNS with Windows 2000 DNS servers internally and externally. Post upgrade, our internal DNS moved to Windows 2003 DNS. Afterwards DNS lookups for web sites appeared to work fine as you could surf the web etc. But in the case of our mail servers and nslookup, all MX record requests would fail, thus blocking outbound email. Using Google, TechNet, and a nice thick Windows 2003 book (William Boswell's), I have to the best of my ability, confirmed that the internal Windows 2003 DNS is setup to do recursive lookups for domains other than the ones it hosts, and in the case of web browsing it does in fact work, even after I clear the DNS caches of my internal servers. To get MX lookups to function, I have had to set the internal servers to forward to one of my two public DNS servers running Windows 2000 DNS. Once done the MX lookups function again just as before. I will need to be upgrading our public servers to Windows 2003 in the very near future and I am afraid that once I do, the MX lookups will fail again. Has anyone else run into this? If not, any suggestions on places to look for more info, or settings to confirm, would be MOST appreciated. I'd really like/need to have my internal servers doing all of the lookups on their own. Thanks for any assistance you can provide. Miles ----------------------- Miles Holt, MCP Network Engineer Summit Marketing [EMAIL PROTECTED] 770-303-0426 ----------------------- "Show me a completely smooth operation and I'll show you someone who's covering mistakes. Real boats rock." - Frank Herbert, "Chapterhouse:Dune" List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/