Outgoing smtp mail failing. Defintiely DNS problem . . .maybe.

[SimonDavis]

Hi all,

I`m having a problem here, and I thinmk it's a DNS issue, which is something I'm not really an expert in.

My setup is more or less;

Exchange 5.5 server sends mail to smtp server (with mailfilter), which sends to a raptor firewall, then out to the world.

This was all working OK, until 2 weeks ago when all outgoing mail started bouncing. It was also the day I left for a 2 week trip (of course).

far as I can see, it's leaving the exchange server, passing through the mailfilter, but doesn't get out through the firewall.

I get the following error on the mailfilter (smtp service running) server (win2k):

Event Type: Warning
Event Source: smtpsvc
Event Category: None
Event ID: 4000
Date: 4/7/2006
Time: 9:40:13 AM
User: N/A
Computer: IBMX206MAIL
Description:

Message delivery to the remote domain 'yahoo.com' failed for the following reason: Destination server does not exist.

Data:
0000: d6 02 04 c0 Ö..À

This happens for all external mail - internal and incoming mail works OK.

The firewall logs have many entries with the following messages;

Apr 07 13:34:14.234
CHICAGO
dnsd[1748]: 343
dnsd Warning: forwarding on but server 200.198.188.67 refuses to do recursion

(200.198.188.67 is the DNS server our ISP told me to use)

The error message received on outlook is something like;

Reporting-MTA: dns;ibmx206mail.mydomain.com
Received-From-MTA: dns;ibmx206mail.mydomain.com
Arrival-Date: Fri, 24 Mar 2006 10:48:07 -0300

Final-Recipient: rfc822;recipient@client.com
Action: failed
Status: 5.0.0

So . . .

I suspect somehwere I have muffed up our DNS settings. I have 2 servers running DNS (both win2k), and I was also given 2 DNS servers IP addresses by our ISP. I put entries for those in the DNS servers, and it used to work, but now is kaput.

Internet connection is fine, through the same line - it`s a 512kb fibre, on a Cisco router, connected to the raptor firewall on of two NICs. The second NIC connects to the internal network. Everything else seems OK.

If you're still reading, any ideas how I can check that my DNS configuration is good, or any other tips?
Thanks a lot.

 

[elgrandeperro]

dnsd Warning: forwarding on but server 200.198.188.67 refuses to do recursion

So did you add recursion or query protection on your DNS server? Your outgoing MTA needs to use DNS to deliver mail.

gene

 

[ShackDaddy]

Can you point your firewall to a different external DNS server for testing? Try temporarily pointing to 66.51.205.100 (this is an open DNS server run by an ISP I use) and see if that makes a difference. If it does, forward that "no recursion" error message to your ISP and make them deal with that.

ShackDaddy

 

[SimonDavis]

Thnks,

bigdog - to be honest, I'm not sure, but I'll take a look.

Shackdaddy - can I assume that removing entries from the DNS servers probably won't make things worse? I have two, and they seem to have a lot of garbage hanging around - machines that don't exist any more etc - I'm thinking to cut them down to just machines I know are here, then remove the DNS servers given by the ISP, and add the one you suggested - can you see any disasters with that?

Sorry to be a moron, but this is a little beyond me at the moment.

Thanks.

 

[ShackDaddy]

No. No disasters. Just write down what you've removed, just in case. The DNS server you pick will either work or not work, it won't create new issues in the short term.

Getting some alternate results will be what you need to take this back to your ISP and get them involved, if it is in fact a problem with their server.

ShackDaddy

 

[SimonDavis]

OK, update.

Spoke to the ISP and it seems the dns servers I had been using 'weren't theirs'.

I put in the new ones they gave me, and we're up and running.

This doesn't answer the question why the servers they originally gave me (which have worked for a year) now don't exist, but all's well that ends well I suppose.

Thanks a lot for your help though, it did clarify where I should be looking.