This may help, depending on your exact issue and
application. (Sorry for the HTML posting).
Windows Server 2003: The EDNS0
enigma
[ by Marcus Oh, Contributor myITforum.com ]
During a migration to Windows Server 2003, we upgraded our root domain name server (DNS). Although everything appeared fine, we started receiving complaints about getting to certain sites. Areas of Yahoo, such as mail.yahoo.com and finance.yahoo.com, seemed to be the biggest issue. At first, it looked like Yahoo was unresponsive to queries. However, we found host records to other sites were resolving properly, but their MX records were not. This meant that e-mail was not routing!
As a means of troubleshooting, we double-checked all our DNS configurations. Everything looked fine. As a second step, we gathered network traces to find out what was going on. The traces showed packets leaving the root DNS server, destined for Yahoo, but showed no replies returning.
The problem here is that Windows 2003 enables Extension Mechanisms for DNS (EDNS0 as defined in RFC 2671), a standard introduced in 1999, by default. EDNSO allows requestors to advertise their EDNS0 capabilities, hence receiving UDP packets larger than 512 bytes.
While this in itself is not problematic, some firewalls do not allow UDP packets larger than 512 bytes. This explains why the network traces showed nothing returning! Our DNS servers were sending out packets advertising themselves as capable of EDNS0, and our firewalls were dropping the responses. Turning off EDNS0 support allowed all queries to work as expected.
If you're experiencing the same issue or planning an upgrade of your own, this command will disable this enabled-by-default feature:
dnscmd ServerName /Config /EnableEDnsProbes 0
Sources and other information:
[ by Marcus Oh, Contributor myITforum.com ]
During a migration to Windows Server 2003, we upgraded our root domain name server (DNS). Although everything appeared fine, we started receiving complaints about getting to certain sites. Areas of Yahoo, such as mail.yahoo.com and finance.yahoo.com, seemed to be the biggest issue. At first, it looked like Yahoo was unresponsive to queries. However, we found host records to other sites were resolving properly, but their MX records were not. This meant that e-mail was not routing!
As a means of troubleshooting, we double-checked all our DNS configurations. Everything looked fine. As a second step, we gathered network traces to find out what was going on. The traces showed packets leaving the root DNS server, destined for Yahoo, but showed no replies returning.
The problem here is that Windows 2003 enables Extension Mechanisms for DNS (EDNS0 as defined in RFC 2671), a standard introduced in 1999, by default. EDNSO allows requestors to advertise their EDNS0 capabilities, hence receiving UDP packets larger than 512 bytes.
While this in itself is not problematic, some firewalls do not allow UDP packets larger than 512 bytes. This explains why the network traces showed nothing returning! Our DNS servers were sending out packets advertising themselves as capable of EDNS0, and our firewalls were dropping the responses. Turning off EDNS0 support allowed all queries to work as expected.
If you're experiencing the same issue or planning an upgrade of your own, this command will disable this enabled-by-default feature:
dnscmd ServerName /Config /EnableEDnsProbes 0
Sources and other information:
- Learn about the Request for Comment on EDNS0
- Read
Microsoft's article on how to turn off EDNS0
- Find out about the EDNS0 process
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of David Dewlow
Sent: Monday, July 12, 2004 1:48 PM
To:
[EMAIL PROTECTED]
Subject: [IMail Forum] Microsoft DNS
issues
Are there any issues with DNS and Windows
2003 and IMAIL Server??
I spoke with Eric at Ipswitch and they told me to
email you.....do you have any info that may be
useful.
Thanks,
DD
David Dewlow
Webster Hall
Records
Director of Sales
v -
212-353-1600
f - 212-420-8310
To
Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List
Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge
Base/FAQ: http://www.ipswitch.com/support/IMail/
