AT&T DNS problems?

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

We are seeing problems with DNS lately, but it seems to be happening
more with AT&T. Here is the set-up:

internal DNS servers on Windows 2000/2003 (AD domain controllers)
Microsoft Exchange 2003

The internal servers are not set up with forwarders, nor are they
doing anything else special. The Exchange server is pointing to the
internal DNS servers for name resolution.

The problem is that we seem to see MX records that just flat out
*break*. When queried, they give no response. I tried an nslookup from
both the DNS servers themselves and from the Exchange server, and the
query times out.

In this case, the two domains were yahoo.com and aol.com. When I
changed to query an outside server at UCLA or at Mindspring, they
worked fine. As a stopgap measure, on one network we enabled
forwarders and pointed them to Mindspring. On another network, we set
up the virtual SMTP server to use a different outside DNS server.
However, I think there is a bigger underlying problem.

In the event log on the DNS server, we are seeing:

Event ID 5504

The DNS server encountered an invalid domain name in a packet from
192.5.5.241. The packet will be rejected. The event data contains the
DNS packet.

These are messages I expect when secure cache is on.

We have tried secure cache on/off, but the queries for the MX records
for AOL and Yahoo still fail. No difference.

Stopping and restarting the DNS servers and clearing the cache also
didn't seem to make a difference.

Does anyone know if anything weird is going on with AT&T DNS? Since we
just have root hints in our servers, I didn't think we would be
relying on the DNS at all, but it's weird that we'd have "holes" in
our name resolution.

Any help would be appreciated,

Christopher Hayashida
chris@prosum.com
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:556ed15a.0406250937.310cb494@posting.google.com,
Christopher Hayashida <chris@prosum.com> posted a question
Then Kevin replied below:

Would you happen to have a PIX firewall?
If it is, this is an EDNS0 issue, Win2k3 supports UDP packets over 512 bytes
which are rejected by PIX firewalls.
I understand you can fix the Firewall to let the packets through, or you can
disable EDNS0 on the Win2k3 server.
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731


> We are seeing problems with DNS lately, but it seems to be happening
> more with AT&T. Here is the set-up:
>
> internal DNS servers on Windows 2000/2003 (AD domain controllers)
> Microsoft Exchange 2003
>
> The internal servers are not set up with forwarders, nor are they
> doing anything else special. The Exchange server is pointing to the
> internal DNS servers for name resolution.
>
> The problem is that we seem to see MX records that just flat out
> *break*. When queried, they give no response. I tried an nslookup from
> both the DNS servers themselves and from the Exchange server, and the
> query times out.
>
> In this case, the two domains were yahoo.com and aol.com. When I
> changed to query an outside server at UCLA or at Mindspring, they
> worked fine. As a stopgap measure, on one network we enabled
> forwarders and pointed them to Mindspring. On another network, we set
> up the virtual SMTP server to use a different outside DNS server.
> However, I think there is a bigger underlying problem.
>
> In the event log on the DNS server, we are seeing:
>
> Event ID 5504
>
> The DNS server encountered an invalid domain name in a packet from
> 192.5.5.241. The packet will be rejected. The event data contains the
> DNS packet.
>
> These are messages I expect when secure cache is on.
>
> We have tried secure cache on/off, but the queries for the MX records
> for AOL and Yahoo still fail. No difference.
>
> Stopping and restarting the DNS servers and clearing the cache also
> didn't seem to make a difference.
>
> Does anyone know if anything weird is going on with AT&T DNS? Since we
> just have root hints in our servers, I didn't think we would be
> relying on the DNS at all, but it's weird that we'd have "holes" in
> our name resolution.
>
> Any help would be appreciated,
>
> Christopher Hayashida
> chris@prosum.com



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================