Constant DNS querying for 127.0.0.1

Hello,
I'm quite puzzled... I noticed a constant low bandwidth traffic on the WAN port of the router and tracked it back to the MacOS X (10.5.2) host constantly DNS querying for 127.0.0.1 (about every three seconds). I am using DHCP and the network configuration picks up the external DNS server.
I thought this localhost information should be picked up directly from /etc/hosts (in my case)
cat /etc/hosts
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
and there should be no need to ask for this reverse DNS name resolution to the external DNS server.
do I really have to use dscl and create an entry for localhost to stop this DNS querying activity?
andrea

and tcpdump reports:
tcpdump -A -n -i en0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes
00:01:51.873347 IP 192.168.21.100.5353 > 192.168.21.1.53: 13522+[|domain]
E..YO..........d.......5.EnB4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:51.889664 IP 62.31.176.39.53 > 192.168.21.100.5353: 13522 NXDomain[|domain]
E....A@.....>..'...d.5.....S4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:54.873113 IP 192.168.21.100.5353 > 192.168.21.1.53: 13523+[|domain]
E..Yd..........d.......5.EnA4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:54.889388 IP 62.31.176.39.53 > 192.168.21.100.5353: 13523 NXDomain[|domain]
E....B@.....>..'...d.5.....R4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:57.872864 IP 192.168.21.100.5353 > 192.168.21.1.53: 13524+[|domain]
[email protected]
dnsbugtest.1.0.0.127.in-addr.ar
00:01:57.888922 IP 62.31.176.39.53 > 192.168.21.100.5353: 13524 NXDomain[|domain]
E....C@.....>..'...d.5.....Q4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:00.873402 IP 192.168.21.100.5353 > 192.168.21.1.53: 13525+[|domain]
E..Y)..........d.......5.En?4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:00.889180 IP 62.31.176.39.53 > 192.168.21.100.5353: 13525 NXDomain[|domain]
E....D@.....>..'...d.5.....P4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:03.872666 IP 192.168.21.100.5353 > 192.168.21.1.53: 13526+[|domain]
..........d.......5.En>4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:03.891466 IP 62.31.176.39.53 > 192.168.21.100.5353: 13526 NXDomain[|domain]
E....E@.....>..'...d.5.....O4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:06.872956 IP 192.168.21.100.5353 > 192.168.21.1.53: 13527+[|domain]
E..Y.(.........d.......5.En=4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:06.888972 IP 62.31.176.39.53 > 192.168.21.100.5353: 13527 NXDomain[|domain]
E....F@.....>..'...d.5.....N4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:09.872419 IP 192.168.21.100.5353 > 192.168.21.1.53: 13528+[|domain]
E..Y!..........d.......5.En<4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:09.890732 IP 62.31.176.39.53 > 192.168.21.100.5353: 13528 NXDomain[|domain]
E....G@.....>..'...d.5.....M4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
^C
14 packets captured
60 packets received by filter
0 packets dropped by kernel
pretty clear that the 127.0.0.1 entry in /etc/hosts is unfortunately not used.
localhost and 127.0.0.1 are part of the loopback interface (lo0) and a lookup from /etc/hosts should suffice! no reason at all to query a DNS service unless explicitly specified.

Similar Messages

  • Constant dns lookups for non-existent addresses

    Hi. I'm connected to a large network and I've noticed
    that there are constant dns lookups for addresses that
    do not exist.
    When i run tcpdump, almost every second
    I see a few requests to the dns server from my IP. And all
    of them get the response NXDOMAIN.
    Is there a reason this should happen or is there something
    not working properly on my computer?
    Thanks
    Last edited by m00nblade (2010-01-25 21:42:23)

    It all depends on your setup.
    If you use only local mail domains, just make sure you do not have a catchall address (luser_relay) and messages to unknown users will not be accepted by Postfix in the first place.
    If you use virtual mail domain, you will need to change your setup as Apple's default setup will always accept mail for unknown users and then bounce it back to sender. See here for a how to: Making Virtual Mail Users in OS X 10.4/10.5 Server
    HTH,
    Alex

  • Edge Transport Server Fails DNS Query When Emailing to one Specific Domain

    This issue occurs for the same domain across three different edge transport servers.
    All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9.  Emails are delivered using DNS connector from edge.  Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated.  Connectivity Logging generated the following:
    2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
    2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry
    I changed the servers DNS settings to different servers with the same response.  Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.
    I did a packet capture and received the following:
    12    32.280037    172.28.16.55    208.241.124.200    DNS    Standard query AAAA SMTPSERVER.subdomain.domain.com
    So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup.  I then went about disabling TCP/IP6 as per this article:
    http://technet.microsoft.com/en-us/network/cc987595.aspx
    this stated to do the following:
    Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .
    To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:
    Log on to the computer with a user account that has local administrator privileges.
    From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
    At the command prompt, type ipv6 uninstall .
    Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
    In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .
    This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
    Add the following registry value (DWORD type) set to 0xFF:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
    This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
    I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.
    As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.
    I've tried disabling the TCPIP6, and still doesnt work.  Any suggestions?

    Hi Allen and Paul,
    we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.
    The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is [email protected]) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine
    this situation is unacceptable and damaging our customer relations.
    Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)
    I hope you can help us...
    Thanks in advance
    Leonard
    Hi Leonard,
    as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records
    to the new DNS service mail started coming in from every customer that had problems.
    So for your clients i would suggest a similar solution, it helped over here at least.
    Kind regards,
    Philipp

  • Global query block is causing a DNS server to fail a query with error code Name Error exists in the DNS database for WPAD

    Global query block is causing a DNS server to fail a query with error code Name Error exists in the DNS database for WPAD on a Windows 2008 server.

    The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names.  This feature has caused the DNS server to fail a query with error code NAME ERROR for wpad.contoso.com. even though data
    for this DNS name exisits in the DNS database.  Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server
    service on this computer is restarted.

  • Query on DNS setup for Active Directory for a new data center

    I have third party DNS appliances providing DNS Service for Active Directory (Windows 2008 R2) and there are also secondary DNS servers, which are MS DNS server with a secondary zone configured, for redundancy. I have to setup a new data center
    and move servers/services to this data center. In this scenario, can I install a new Microsoft DNS server with a secondary zone and use this as the primary DNS Server for all the member servers at this new location ? I am aware that this new DNS server will
    not be able to make any updates to the secondary zone and for that purpose, is there anyway to redirect such requests to the DNS appliances in my current data center across the WAN ? I am trying to avoid purchasing a new DNS appliance for the new data center
    and want to know what are the alternatives I have.
     

    im not entirely sure by your setup, as normally you would use AD integrated zones for DNS in an AD environment - although there are other options as you have already setup.
    the fact the zone is a secondary zone in DNS server terms doesn't mean you can't point your clients to it as their primary dns server. They will quite happily resolve names using a secondary server.
    so as long as your dns devices are correctly setup to support the additional secondary zone I see no reason why you couldn't do this.
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    My Blog
    LinkedIn:

  • Operations manager failed to run a wmi query for wmi events (0x800706ba)

    Hi everyone,
    I've been working on this issue for a while and I am still no closer to finding out what the problem is.  If anybody can offer any other advice or things to check, I'm all ears.
    I'm running SCOM 2012 R2 with UR2, and the Cluster Management Pack v6.0.7063.0
    My problem is on one particular batch of cluster servers where I am getting the following error.
    Name: Operations Manager failed to run a WMI query for WMI events
    Alert Description:
    Module was unable to enumerate the WMI data
    Error: 0x800706ba
    Details: The RPC server is unavailable
    Workflow name: Microsoft.Windows.Cluster.Node.StateMonitoring
    Instance Name: servername.domain.local
    Instance ID: {instance_id}
    Management group: SCOM_Management_Grp_Name
    I am getting this alert regardless of whether I run the Windows Cluster Action Account as Local System, or as a domain user with full local admin privileges on all the cluster nodes.
    When looking at the management pack and the workflow in particular (Microsoft.Windows.Cluster.Node.StateMonitoring), I can see that it's trying to access
    MSCluster_Node in the root\MSCLUSTER WMI namespace.
    This is the workflow for your information...
    <UnitMonitor> ID="Microsoft.Windows.Cluster.Node.StateMonitoring" Accessibility="Public" Enabled="onEssentialMonitoring" Target="ClusLibrary!Microsoft.Windows.Cluster.Node" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="ClusLibrary!Microsoft.Windows.Cluster.CheckState" ConfirmDelivery="false">
    <Category>AvailabilityHealth</Category>
    <AlertSettings AlertMessage="Microsoft.Windows.Cluster.Node.StateMonitoring.AlertMessage">
    <AlertOnState>Warning</AlertOnState>
    <AutoResolve>true</AutoResolve>
    <AlertPriority>Normal</AlertPriority>
    <AlertSeverity>MatchMonitorHealth</AlertSeverity>
    <AlertParameters>
    <AlertParameter1>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter1>
    <AlertParameter2>$Target/Property[Type="ClusLibrary!Microsoft.Windows.Cluster.Node"]/ClusterName$</AlertParameter2>
    </AlertParameters>
    </AlertSettings>
    <OperationalStates>
    <OperationalState ID="Success" MonitorTypeStateID="Online" HealthState="Success" />
    <OperationalState ID="Warning" MonitorTypeStateID="Partial" HealthState="Warning" />
    <OperationalState ID="Error" MonitorTypeStateID="NotOnline" HealthState="Error" />
    </OperationalStates>
    <Configuration>
    <ClusterObjectName>$Target/Property[Type='ClusLibrary!Microsoft.Windows.Cluster.Node']/NodeName$</ClusterObjectName>
    <PollInterval>60</PollInterval>
    <ClusterObjectClass>MSCLUSTER_Node</ClusterObjectClass>
    <OnlineExpression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
    </ValueExpression>
    <Operator>Equal</Operator>
    <ValueExpression>
    <Value Type="String">0</Value>
    </ValueExpression>
    </SimpleExpression>
    </OnlineExpression>
    <OnlineExpressionOnDemand>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
    </ValueExpression>
    <Operator>Equal</Operator>
    <ValueExpression>
    <Value Type="String">0</Value>
    </ValueExpression>
    </SimpleExpression>
    </OnlineExpressionOnDemand>
    <PartialExpression>
    <Or>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
    </ValueExpression>
    <Operator>Equal</Operator>
    <ValueExpression>
    <Value Type="String">2</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
    </ValueExpression>
    <Operator>Equal</Operator>
    <ValueExpression>
    <Value Type="String">3</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    </Or>
    </PartialExpression>
    <PartialExpressionOnDemand>
    <Or>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
    </ValueExpression>
    <Operator>Equal</Operator>
    <ValueExpression>
    <Value Type="String">2</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
    </ValueExpression>
    <Operator>Equal</Operator>
    <ValueExpression>
    <Value Type="String">3</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    </Or>
    </PartialExpressionOnDemand>
    <NotOnlineExpression>
    <And>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value Type="String">0</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value Type="String">2</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value Type="String">3</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    </And>
    </NotOnlineExpression>
    <NotOnlineExpressionOnDemand>
    <And>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value Type="String">0</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value Type="String">2</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value Type="String">3</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    </And>
    </NotOnlineExpressionOnDemand>
    <WMIFields>Name, State</WMIFields>
    </Configuration>
    </UnitMonitor>
    I can confirm that I am able to browse the MSCluster_Node class locally, as well as remotely using WMIEXPLORER and WBEMTEST,
    however it only works when I set the Authentication Level to
    Packet Privacy.  If I do not select Packet Privacy, a WMI event log error 5605 is logged on the remote servers application log that says...
    The root\mscluster namespace is marked with the RequiresEncryption flag.  Access to this namespace might be denied if the script or application does not have the appropriate authentication level.  Change the authentication level to Pkt_Privacy
    and run the script or application again.
    I can confirm that all firewalls are turned off, and there are no firewalls between the management servers and the agents in question.  AV exclusions have been done and appear to be in place.  The nodes are all Windows 2008 R2 with SP1.  As
    far as I can tell there is plenty of memory available on each of the nodes in question (50%+) of RAM is available. 
    If I manually run the "Discover the Windows Server 2008 R2 Cluster Components" task in the Cluster Service State section of the management pack in the Monitoring Pane in the console, on the nodes in question - the discovery runs successfully.
    Does anybody have any other ideas or suggestions I could try?
    Many thanks in advance,
    Noel.
    http://www.dreamension.net

    Hi,
    Common causes of RPC errors include:
    Errors resolving a DNS or NetBIOS name.
    The RPC service or related services may not be running.
    Problems with network connectivity.
    File and printer sharing is not enabled.
    For more information, please review the link below:
    Windows Server Troubleshooting: "The RPC server is unavailable"
    http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#Identify
    Troubleshooting RPC Errors
    http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • 2K8 - Best practice for setting the DNS server list on a DC/DNS server for an interface

    We have been referencing the article 
    "DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers"
    http://technet.microsoft.com/en-us/library/dd378900%28WS.10%29.aspx but there are some parts that are a bit confusing.  In particular is this statement
    "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain
    controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller.
    The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.”
    The paragraph switches from using the term "its own IP address" to "loopback" address.  This is confusing becasuse technically they are not the same.  Loppback addresses are 127.0.0.1 through 127.255.255.255. The resolution section then
    goes on and adds the "loopback address" 127.0.0.1 to the list of DNS servers for each interface.
    In the past we always setup DCs to use their own IP address as the primary DNS server, not 127.0.0.1.  Based on my experience and reading the article I am under the impression we could use the following setup.
    Primary DNS:  Locally assigned IP of the DC (i.e. 192.168.1.5)
    Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
    Tertiary DNS:  127.0.0.1
    I guess the secondary and tertiary addresses could be swapped based on the article.  Is there a document that provides clearer guidance on how to setup the DNS server list properly on Windows 2008 R2 DC/DNS servers?  I have seen some other discussions
    that talk about the pros and cons of using another DC/DNS as the Primary.  MS should have clear guidance on this somewhere.

    Actually, my suggestion, which seems to be the mostly agreed method, is:
    Primary DNS:  Locally assigned IP of the DC (i.e. 192.168.1.5)
    Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
    Tertiary DNS:  empty
    The tertiary more than likely won't be hit, (besides it being superfluous and the list will reset back to the first one) due to the client side resolver algorithm time out process, as I mentioned earlier. Here's a full explanation on how
    it works and why:
    This article discusses:
    WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB).
    The DNS Client Side Resolver algorithm.
    If one DC or DNS goes down, does a client logon to another DC?
    DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders)
    Client side resolution process chart
    http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-
    logon-to-another-dc-and-dns-forwarders-algorithm.aspx
    DNS
    Client side resolver service
    http://technet.microsoft.com/en-us/library/cc779517.aspx 
    The DNS Client Service Does Not Revert to Using the First Server in the List in Windows XP
    http://support.microsoft.com/kb/320760
    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    I agree with this proposed solution as well:
    Primary DNS:  Locally assigned IP of the DC (i.e. 192.168.1.5)
    Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
    Tertiary DNS:  empty
    One thing to note, in this configuration the Best Practice Analyzer will throw the error:
    The network adapter Local Area Connection 2 does not list the loopback IP address as a DNS server, or it is configured as the first entry.
    Even if you add the loopback address as a Tertiary DNS address the error will still appear. The only way I've seen this error eliminated is to add the loopback address as the second entry in DNS, so:
    Primary DNS:  The assigned IP of another DC (i.e. 192.168.1.6)
    Secondary DNS: 127.0.0.1
    Tertiary DNS:  empty
    I'm not comfortable not having the local DC/DNS address listed so I'm going with the solution Ace offers.
    Opinion?

  • DNS querier

    please help me in creating a DNS query program to display the resource records it returns

    Construct an application to send and receive DNS queries and responses. application must be able to send queries for a given hostname [The application must send the query to a given DNS server, wait for the response and display all the Resource Records returned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • 451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain

    Hi,
    I have two Exchange 2010 servers running on Windows 2008 Ent R2.
    These mail servers have been running fine for a few years.
    Today I noticed two things.
    1. users were telling me they were having delays receiving emails from outside of our own domain. The mail gets sent out, but it takes about 15-30 mins for users outside our our domain to get their mail. Mail sent from inside our domain gets delivered right
    away.
    2. An error message that I see when I go to Tools->Queue Viewer in EMC. The error is: 451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain. This error  shows up when you click on the "Queues" tab and then look at the
    "hub version 14" under "next hop domain" column. 
    I'm assuming these two things are related. I don't understand why the problem is just showing up now. As I said, mail delivery has been fine for a while and I haven't done any major updates to the server in a few months.
    Thanks for any ideas and suggestions as to what might be causing it and where I can look.
    Mike

    Hi,
    1. I replaced my Cert with the same exact cert from GoDaddy, just an updated expire date.
    2. We have two exchange servers.
    3. The message I am seeing now, is under "Last Error" for every queue (not individual messages).
    That error message is:  451 4.4.0 Primary Target IP address responded with 421 4.2.1 Unable to connect. Attempted failover to alternate host but that did not succeed.
    OR
    451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain. (This is the same error I mentioned earlier.
    I ran some tests on mxmailbox.com for my domain name.I got the following alerts back when running a DNS check.
    SOA Serial Number format is invalid. ns.rackspace.com Serial XXXXXXXX : Suggested serial format year was 1402 which is before 1970
    AND
    SOA Expire value out of recommended range.  ns.rackspace reported Expire 604800. Expire is recommeded to be between 1209600 and 2419200
    I use Rackspace DNS servers for External lookups.
    Does this point my mail delay problem to Rackspace or something local on my own machine?
    Thanks!
    Mike

  • CSM DNS query payload translation

    Similar to IOS NAT for overlapping networks where DNS query payloads are translated, is there any thing similar in CSM?
    We have a situation where the client queries the DNS server located behind the CSM, we need CSM modify the reply where the payload ip address is changed to a new virtual address which the client can talk to.

    not possible with the csm.
    Gilles.

  • 451 4.4.0 DNS query failed - NonExistentDomain

    I am in the process of migrating from Exch 2007 to 2013 for a small company. It is a very simple setup of just a single domain which has
    1 server, 1 organization and 1 database. Here is what I have done so far: 
    1. Installed a physical server EX13 for Exchange 2013 with SP1. All updates have been applied. 
    2. Added a new Receive Connector of EX13 in addition to existing EX07. 
    3. Changed SMTP port forwarding on the firewall from EX07 to EX13. 
    4. Migrated a few mailboxes to the EX13. 
    Accounts on both servers have no issues with exchanging email both ways on the Internet. However, when accounts on the old server email to
    migrated users, the new server does not always receive the messages promptly. There is a delay as much as 30 minutes that happens sporadically.
    I checked the message header on the delayed messages and found that they had been stuck in EX07 for a long time before forwarding to EX13.
    From Ex07 queue viewer, I found the following error: 
    451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain; nonexistent domain 
    Net Hop Domain: hub version 15 
    Delivery type: SMTP Relay in Active Directory 
    Message Source Name: FromLocal 
    Last Error: 451 4.4.0 DNS query failed. The error was: SMTPSEND.dns.NonExistentDomain;nonexistentdomain 
    The status showed "retry" and eventually the message would be delivered. Once it went through, I sent another one again from an EX07
    account to EX13 account, the message was received instantly. 
    So far I have tried the following: 
    1. Added a host entry to point EX13.my_external_domain.com to the internal address of EX13 
    2. Added an 'A' record on the internal DNS server with the same entry. 
    3. Verified that EX13.my_external_domain.com was accessible from EX07 using this FQDN. 
    4. Removed EX07 and leaving only EX13 on the Receive Connector list 
    5. Removed EX13 and leaving only EX07 on the Receive Connector list 
    6. Put both connectors back 
    There is no change of status. Every morning our users are saying that they could not email users on the new server. Then after 30 minutes,
    the problem disappeared but it will come back later in the day. On the other hand, users on the new server do not notice any delay when sending messages to the those on the new box. At this point, I don't feel comfortable migrating more users. Can someone
    please shed some lights?

    As suggested by Cara, I queried the message logs of both servers to track the delayed message.  This time, it took an hour for a message to be delivered.
    ========================================
    Message Log on Sending Server EXCH07
    ========================================
    [PS] C:\Windows\system32>get-messagetrackinglog -messagesubject "exch07-user1 to
     exch13-user1" | fl
    Timestamp               : 3/28/14 2:18:00 PM
    ClientIp                : fe80::a5d8:d604:af26:37a9
    ClientHostname          : EXCH07.contoso.local
    ServerIp                : fe80::a5d8:d604:af26:37a9%10
    ServerHostname          : EXCH07
    SourceContext           :
    ConnectorId             :
    Source                  : STOREDRIVER
    EventId                 : RECEIVE
    InternalMessageId       : 4106
    MessageId               : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
                              GE.contoso.local>
    Recipients              : {[email protected]}
    RecipientStatus         : {}
    TotalBytes              : 3897
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    MessageInfo             : 04I:
    Timestamp               : 3/28/14 3:12:02 PM
    ClientIp                : 2002:960a:116::960a:116
    ClientHostname          : EXCH07
    ServerIp                : 2002:960a:125::960a:125
    ServerHostname          : EXCH13.contoso.local
    SourceContext           : 08D1189FA5E0283C
    ConnectorId             : Intra-Organization SMTP Send Connector
    Source                  : SMTP
    EventId                 : SEND
    InternalMessageId       : 4106
    MessageId               : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
                              GE.contoso.local>
    Recipients              : {[email protected]}
    RecipientStatus         : {250 2.1.5 Recipient OK}
    TotalBytes              : 4337
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    MessageInfo             : 3/28/14 2:18:00 PM
    Timestamp               : 3/28/14 3:40:22 PM
    ClientIp                : fe80::a5d8:d604:af26:37a9
    ClientHostname          : EXCH07.contoso.local
    ServerIp                : fe80::a5d8:d604:af26:37a9%10
    ServerHostname          : EXCH07
    SourceContext           :
    ConnectorId             :
    Source                  : STOREDRIVER
    EventId                 : RECEIVE
    InternalMessageId       : 4685
    MessageId               : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
                              GE.contoso.local>
    Recipients              : {[email protected]}
    RecipientStatus         : {}
    TotalBytes              : 3905
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1-1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    MessageInfo             : 04I:
    Timestamp               : 3/28/14 4:34:27 PM
    ClientIp                : 2002:960a:116::960a:116
    ClientHostname          : EXCH07
    ServerIp                : 2002:960a:125::960a:125
    ServerHostname          : EXCH13.contoso.local
    SourceContext           : 08D1189FA5E0295D
    ConnectorId             : Intra-Organization SMTP Send Connector
    Source                  : SMTP
    EventId                 : SEND
    InternalMessageId       : 4685
    MessageId               : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
                              GE.contoso.local>
    Recipients              : {[email protected]}
    RecipientStatus         : {250 2.1.5 Recipient OK}
    TotalBytes              : 4345
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1-1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    MessageInfo             : 3/28/14 3:40:22 PM
    Timestamp               : 3/28/14 2:18:00 PM
    ClientIp                : fe80::a5d8:d604:af26:37a9%10
    ClientHostname          : EXCH07
    ServerIp                :
    ServerHostname          : EXCH07
    SourceContext           : MDB:caef6319-6c43-4f5e-8b42-34b112a9f6a4, Mailbox:589
                              783a4-b411-45d8-b359-23095d3cd24d, Event:114759020, M
                              essageClass:IPM.Note, CreationTime:2014-03-28T18:17:5
                              9.653Z, ClientType:OWA
    ConnectorId             :
    Source                  : STOREDRIVER
    EventId                 : SUBMIT
    InternalMessageId       :
    MessageId               : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
                              GE.contoso.local>
    Recipients              : {}
    RecipientStatus         : {}
    TotalBytes              :
    RecipientCount          :
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              :
    MessageInfo             :
    Timestamp               : 3/28/14 3:40:22 PM
    ClientIp                : fe80::a5d8:d604:af26:37a9%10
    ClientHostname          : EXCH07
    ServerIp                :
    ServerHostname          : EXCH07
    SourceContext           : MDB:caef6319-6c43-4f5e-8b42-34b112a9f6a4, Mailbox:589
                              783a4-b411-45d8-b359-23095d3cd24d, Event:114778671, M
                              essageClass:IPM.Note, CreationTime:2014-03-28T19:40:2
                              1.777Z, ClientType:OWA
    ConnectorId             :
    Source                  : STOREDRIVER
    EventId                 : SUBMIT
    InternalMessageId       :
    MessageId               : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
                              GE.contoso.local>
    Recipients              : {}
    RecipientStatus         : {}
    TotalBytes              :
    RecipientCount          :
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1-1
    Sender                  : [email protected]
    ReturnPath              :
    MessageInfo             :
    ========================================
    Message Log on Sending Server EXCH07
    ========================================
    [PS] C:\Users\administrator.contoso\Desktop>get-messagetrackinglog -messagesubject "exch07-user1 to exch13-user1" | fl
    RunspaceId              : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
    Timestamp               : 3/28/2014 3:12:01 PM
    ClientIp                :
    ClientHostname          :
    ServerIp                :
    ServerHostname          : EXCH13
    SourceContext           : No suitable shadow servers
    ConnectorId             :
    Source                  : SMTP
    EventId                 : HAREDIRECTFAIL
    InternalMessageId       : 1236950581391
    MessageId               : <[email protected]>
    Recipients              : {[email protected]}
    RecipientStatus         : {}
    TotalBytes              : 5337
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        :
    MessageInfo             :
    MessageLatency          :
    MessageLatencyType      : None
    EventData               : {[DeliveryPriority, Normal]}
    RunspaceId              : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
    Timestamp               : 3/28/2014 3:12:02 PM
    ClientIp                : 2002:960a:125::960a:125
    ClientHostname          : EXCH13.contoso.local
    ServerIp                : 2002:960a:125::960a:125
    ServerHostname          : EXCH13
    SourceContext           : 08D1189F8F482FF4;2014-03-28T19:09:18.823Z;0
    ConnectorId             : EXCH13\Default EXCH13
    Source                  : SMTP
    EventId                 : RECEIVE
    InternalMessageId       : 1236950581391
    MessageId               : <[email protected]>
    Recipients              : {[email protected]}
    RecipientStatus         : {}
    TotalBytes              : 5337
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        : 2002:960a:116::960a:116
    MessageInfo             : 0cI:
    MessageLatency          :
    MessageLatencyType      : None
    EventData               : {[FirstForestHop, EXCH13.contoso.local], [ProxiedClientIPAddress, 65.114.181.16],
                              [ProxiedClientHostname, qw01016.businesswatchnetwork.com], [ProxyHop1,
                              EXCH13.contoso.local(2002:960a:125::960a:125)], [DeliveryPriority, Normal]}
    RunspaceId              : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
    Timestamp               : 3/28/2014 3:12:02 PM
    ClientIp                :
    ClientHostname          : EXCH13
    ServerIp                :
    ServerHostname          :
    SourceContext           :
    ConnectorId             :
    Source                  : AGENT
    EventId                 : AGENTINFO
    InternalMessageId       : 1236950581391
    MessageId               : <[email protected]>
    Recipients              : {[email protected]}
    RecipientStatus         : {}
    TotalBytes              : 5337
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        : 2002:960a:116::960a:116
    MessageInfo             :
    MessageLatency          :
    MessageLatencyType      : None
    EventData               : {[CompCost, |ETR=0], [DeliveryPriority, Normal]}
    RunspaceId              : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
    Timestamp               : 3/28/2014 3:12:38 PM
    ClientIp                : 2002:960a:125::960a:125
    ClientHostname          : EXCH13
    ServerIp                : 2002:960a:125::960a:125
    ServerHostname          : EXCH13.contoso.local
    SourceContext           : 08D1189F8F482FFC;250 2.0.0 OK;ClientSubmitTime:2014-03-28T18:17:59.590Z
    ConnectorId             : Intra-Organization SMTP Send Connector
    Source                  : SMTP
    EventId                 : SEND
    InternalMessageId       : 1236950581391
    MessageId               : <[email protected]>
    Recipients              : {[email protected]}
    RecipientStatus         : {250 2.1.5 Recipient OK}
    TotalBytes              : 6130
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        :
    MessageInfo             : 2014-03-28T18:18:00.077Z;LSRV=EXCH13.contoso.local:TOTAL=36|QDM=35
    MessageLatency          : 00:54:38.1220000
    MessageLatencyType      : LocalServer
    EventData               : {[E2ELatency, 3278], [Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel,
                              Opportunistic], [DeliveryPriority, Normal]}
    RunspaceId              : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
    Timestamp               : 3/28/2014 3:12:38 PM
    ClientIp                :
    ClientHostname          : EXCH13.contoso.local
    ServerIp                :
    ServerHostname          : EXCH13
    SourceContext           : 08D1189F97D8A52F;2014-03-28T19:12:38.090Z;ClientSubmitTime:2014-03-28T18:17:59.590Z
    ConnectorId             :
    Source                  : STOREDRIVER
    EventId                 : DELIVER
    InternalMessageId       : 1236950581391
    MessageId               : <[email protected]>
    Recipients              : {[email protected]}
    RecipientStatus         : {}
    TotalBytes              : 6130
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : EXCH07-USER1 to EXCH13-USER1
    Sender                  : [email protected]
    ReturnPath              : [email protected]
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        : 2002:960a:116::960a:116
    MessageInfo             : 2014-03-28T18:18:00.077Z;SRV=EXCH13.contoso.local:TOTAL=0;SRV=EXCH13.contoso.lo
                              cal:TOTAL=35|QDM=35;SRV=EXCH13.contoso.local:TOTAL=0
    MessageLatency          : 00:54:38.1220000
    MessageLatencyType      : EndToEnd
    EventData               : {[MailboxDatabaseName, Mailbox Database 1497118588], [Mailboxes,
                              43a77dd2-c8bb-4b4c-804c-e761b15da654], [E2ELatency, 3278], [DeliveryPriority, Normal]}

  • Bad DNS Query

    Hello there, I am having infinite messages on my gateway router and the connection mill totally slow down. Would you please help?
    The following are part of the messages displaying on the router.
    Nov 22 06:59:02.846: %DNSSERVER-3-BADQUERY: Bad DNS query from 42.3.151.198
    Nov 22 06:59:02.974: %DNSSERVER-3-BADQUERY: Bad DNS query from 111.193.196.204
    Nov 22 06:59:06.146: %DNSSERVER-3-BADQUERY: Bad DNS query from 219.106.240.238
    Nov 22 06:59:06.294: %DNSSERVER-3-BADQUERY: Bad DNS query from 145.255.176.101

    It looks like you have a DNS server on your router and it's being bombarded with requests from the outside world. If you have no need for the router to be a DNS server, turn it of with the "no ip dns server" configuration command. If you need internal DNS to be served by the router, but have no requirement to provide DNS to the Internet, I would deny DNS requests on the inbound ACL of your Internet-facing interfaces. If, for whatever reason, you do have such a requirement, I would set up control-plane policing to ensure that your router isn't being overloaded.

  • Dmz dns query on asa 5540

    Hi Expert.
    How I can allow dmz zone server to resolve only dns query through nslookup on ASA 5540 ?
    What is the configuration required on ASA 5540 ?
    Thanks

    Hi Samir,
    By IP address will be very simple, depending on the security level that it has (higher than 0 for DMZ and 0 for the outside) it will be allowed by default.
    If there is an access-list alreay applied denying all the http traffic what you need to do is simply allowed that specific host on the ACL and then deny the rest.
    Access-list DMZ permit tcp host host eq 80
    Access-list DMZ deny ip any any
    access-group DMZ in interface DMZ
    Then you can add a host entry on the hostfile for the server on the DMZ to translate the IP address to a hostname and you will be able to access it using the web browser (not really scalable, but it works)
    WARNING: This will only allow traffic from the DMZ server going to specific host on the internet on port 80, any other traffic going to any other interface will be dropped.
    Mike

  • ACE - Can it Create/Populate a Serverfarm with Real Servers Based on a DNS Query?

    I have a special requirement for a serverfarm where the ACE would need to load-balance a server farm based upon a response from a DNS query to a delegated DNS server. This delegated DNS server is a "smart connect" node that decides which sub-node should be the active node in the serverfarm, and responds to the DNS query with that sub-node address. There are many application/node architectural reasons why the ACE simply can't be used for making that decision, so I won't muddy the waters with that.
    Essentially, the ACE would only have one node in it's serverfarm at one time, based upon the reponse from the Smart-Connect to the DNS query.
    Thanks for any input.
    Mike.

    Kanwai,
    So when the request comes into the VIP, the ACE would send a DNS query to a rack cluster IP address and the response to that query would end up being the real server that ACE forwards the initial request to. Sounds bizarre, I know, and I questions the performance of such, but that is the architecture I'm being asked to create.
    Thanks,
    Mike.

  • GSS as primary DNS Server for Intranet

    Hi,
    Can the GSS be used as a as primary DNS server for Intranet? An additional DNS server can be configured to answer the unknown Records like MX by GSS.
    if it can be configured, I would be thankful if anyone shares with me the brief configuration steps Apart from configuring Answers, answer groups, domain lists, source address lists, DNS rules.
    with thanks
    sathappan

    Yeah I'd certainly recommend against it! So essentially the client machines are unable to update or query dynamic AD related DNS records since they're not pointing to the DNS servers actually used by your AD server(s). I could well imagine that causing
    issues, and meaning that some AD functionality won't work correctly.
    I know you can directly integrate BIND with AD, eg so that the BIND servers are the ones used by AD, though I haven't tried it, but this seems to be neither.
    I can't find any articles relating to your exact situation, presumably no one else has tried to use such a mixed and disjoined setup. I'd focus on looking for articles relating to why you shouldn't point your users at a router (most commonly in small setups
    on ADSL) for the DNS rather than directing them to the server for DNS and then having that query the router for external results. It's a more common scenario and you're more likely to find articles relating to it.
    One article you might find useful is
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx which talks in terms of using your ISP's DNS servers on the client machines, but in your situation it sounds like the BIND servers are essentially providing an equivalent
    setup.
    There's also various discussions and comments on the topic elsewhere on these forums, for instance
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c3ba3859-765e-4b3f-add0-eaf2c18e1068/i-have-dns-in-a-router-and-i-want-to-install-domain-controller?forum=winservergen and
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5df8fd4-7ab2-4d1e-afe2-c5263c4d69c3/dns-server-forwarding-and-clients-getting-address-of-registrars-ip?forum=winserverNIS which are worth checking out.

Maybe you are looking for