Bad DNS Query
Hello there, I am having infinite messages on my gateway router and the connection mill totally slow down. Would you please help?
The following are part of the messages displaying on the router.
Nov 22 06:59:02.846: %DNSSERVER-3-BADQUERY: Bad DNS query from 42.3.151.198
Nov 22 06:59:02.974: %DNSSERVER-3-BADQUERY: Bad DNS query from 111.193.196.204
Nov 22 06:59:06.146: %DNSSERVER-3-BADQUERY: Bad DNS query from 219.106.240.238
Nov 22 06:59:06.294: %DNSSERVER-3-BADQUERY: Bad DNS query from 145.255.176.101
It looks like you have a DNS server on your router and it's being bombarded with requests from the outside world. If you have no need for the router to be a DNS server, turn it of with the "no ip dns server" configuration command. If you need internal DNS to be served by the router, but have no requirement to provide DNS to the Internet, I would deny DNS requests on the inbound ACL of your Internet-facing interfaces. If, for whatever reason, you do have such a requirement, I would set up control-plane policing to ensure that your router isn't being overloaded.
Similar Messages
-
please help me in creating a DNS query program to display the resource records it returns
Construct an application to send and receive DNS queries and responses. application must be able to send queries for a given hostname [The application must send the query to a given DNS server, wait for the response and display all the Resource Records returned.
-
Hi,
I have two Exchange 2010 servers running on Windows 2008 Ent R2.
These mail servers have been running fine for a few years.
Today I noticed two things.
1. users were telling me they were having delays receiving emails from outside of our own domain. The mail gets sent out, but it takes about 15-30 mins for users outside our our domain to get their mail. Mail sent from inside our domain gets delivered right
away.
2. An error message that I see when I go to Tools->Queue Viewer in EMC. The error is: 451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain. This error shows up when you click on the "Queues" tab and then look at the
"hub version 14" under "next hop domain" column.
I'm assuming these two things are related. I don't understand why the problem is just showing up now. As I said, mail delivery has been fine for a while and I haven't done any major updates to the server in a few months.
Thanks for any ideas and suggestions as to what might be causing it and where I can look.
MikeHi,
1. I replaced my Cert with the same exact cert from GoDaddy, just an updated expire date.
2. We have two exchange servers.
3. The message I am seeing now, is under "Last Error" for every queue (not individual messages).
That error message is: 451 4.4.0 Primary Target IP address responded with 421 4.2.1 Unable to connect. Attempted failover to alternate host but that did not succeed.
OR
451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain. (This is the same error I mentioned earlier.
I ran some tests on mxmailbox.com for my domain name.I got the following alerts back when running a DNS check.
SOA Serial Number format is invalid. ns.rackspace.com Serial XXXXXXXX : Suggested serial format year was 1402 which is before 1970
AND
SOA Expire value out of recommended range. ns.rackspace reported Expire 604800. Expire is recommeded to be between 1209600 and 2419200
I use Rackspace DNS servers for External lookups.
Does this point my mail delay problem to Rackspace or something local on my own machine?
Thanks!
Mike -
Constant DNS querying for 127.0.0.1
Hello,
I'm quite puzzled... I noticed a constant low bandwidth traffic on the WAN port of the router and tracked it back to the MacOS X (10.5.2) host constantly DNS querying for 127.0.0.1 (about every three seconds). I am using DHCP and the network configuration picks up the external DNS server.
I thought this localhost information should be picked up directly from /etc/hosts (in my case)
cat /etc/hosts
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
and there should be no need to ask for this reverse DNS name resolution to the external DNS server.
do I really have to use dscl and create an entry for localhost to stop this DNS querying activity?
andreaand tcpdump reports:
tcpdump -A -n -i en0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes
00:01:51.873347 IP 192.168.21.100.5353 > 192.168.21.1.53: 13522+[|domain]
E..YO..........d.......5.EnB4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:51.889664 IP 62.31.176.39.53 > 192.168.21.100.5353: 13522 NXDomain[|domain]
E....A@.....>..'...d.5.....S4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:54.873113 IP 192.168.21.100.5353 > 192.168.21.1.53: 13523+[|domain]
E..Yd..........d.......5.EnA4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:54.889388 IP 62.31.176.39.53 > 192.168.21.100.5353: 13523 NXDomain[|domain]
E....B@.....>..'...d.5.....R4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:01:57.872864 IP 192.168.21.100.5353 > 192.168.21.1.53: 13524+[|domain]
[email protected]
dnsbugtest.1.0.0.127.in-addr.ar
00:01:57.888922 IP 62.31.176.39.53 > 192.168.21.100.5353: 13524 NXDomain[|domain]
E....C@.....>..'...d.5.....Q4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:00.873402 IP 192.168.21.100.5353 > 192.168.21.1.53: 13525+[|domain]
E..Y)..........d.......5.En?4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:00.889180 IP 62.31.176.39.53 > 192.168.21.100.5353: 13525 NXDomain[|domain]
E....D@.....>..'...d.5.....P4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:03.872666 IP 192.168.21.100.5353 > 192.168.21.1.53: 13526+[|domain]
..........d.......5.En>4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:03.891466 IP 62.31.176.39.53 > 192.168.21.100.5353: 13526 NXDomain[|domain]
E....E@.....>..'...d.5.....O4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:06.872956 IP 192.168.21.100.5353 > 192.168.21.1.53: 13527+[|domain]
E..Y.(.........d.......5.En=4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:06.888972 IP 62.31.176.39.53 > 192.168.21.100.5353: 13527 NXDomain[|domain]
E....F@.....>..'...d.5.....N4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:09.872419 IP 192.168.21.100.5353 > 192.168.21.1.53: 13528+[|domain]
E..Y!..........d.......5.En<4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
00:02:09.890732 IP 62.31.176.39.53 > 192.168.21.100.5353: 13528 NXDomain[|domain]
E....G@.....>..'...d.5.....M4............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
^C
14 packets captured
60 packets received by filter
0 packets dropped by kernel
pretty clear that the 127.0.0.1 entry in /etc/hosts is unfortunately not used.
localhost and 127.0.0.1 are part of the loopback interface (lo0) and a lookup from /etc/hosts should suffice! no reason at all to query a DNS service unless explicitly specified. -
CSM DNS query payload translation
Similar to IOS NAT for overlapping networks where DNS query payloads are translated, is there any thing similar in CSM?
We have a situation where the client queries the DNS server located behind the CSM, we need CSM modify the reply where the payload ip address is changed to a new virtual address which the client can talk to.not possible with the csm.
Gilles. -
451 4.4.0 DNS query failed - NonExistentDomain
I am in the process of migrating from Exch 2007 to 2013 for a small company. It is a very simple setup of just a single domain which has
1 server, 1 organization and 1 database. Here is what I have done so far:
1. Installed a physical server EX13 for Exchange 2013 with SP1. All updates have been applied.
2. Added a new Receive Connector of EX13 in addition to existing EX07.
3. Changed SMTP port forwarding on the firewall from EX07 to EX13.
4. Migrated a few mailboxes to the EX13.
Accounts on both servers have no issues with exchanging email both ways on the Internet. However, when accounts on the old server email to
migrated users, the new server does not always receive the messages promptly. There is a delay as much as 30 minutes that happens sporadically.
I checked the message header on the delayed messages and found that they had been stuck in EX07 for a long time before forwarding to EX13.
From Ex07 queue viewer, I found the following error:
451 4.4.0 DNS query failed. The error was: SMTPSEND.DNS.NonExistentDomain; nonexistent domain
Net Hop Domain: hub version 15
Delivery type: SMTP Relay in Active Directory
Message Source Name: FromLocal
Last Error: 451 4.4.0 DNS query failed. The error was: SMTPSEND.dns.NonExistentDomain;nonexistentdomain
The status showed "retry" and eventually the message would be delivered. Once it went through, I sent another one again from an EX07
account to EX13 account, the message was received instantly.
So far I have tried the following:
1. Added a host entry to point EX13.my_external_domain.com to the internal address of EX13
2. Added an 'A' record on the internal DNS server with the same entry.
3. Verified that EX13.my_external_domain.com was accessible from EX07 using this FQDN.
4. Removed EX07 and leaving only EX13 on the Receive Connector list
5. Removed EX13 and leaving only EX07 on the Receive Connector list
6. Put both connectors back
There is no change of status. Every morning our users are saying that they could not email users on the new server. Then after 30 minutes,
the problem disappeared but it will come back later in the day. On the other hand, users on the new server do not notice any delay when sending messages to the those on the new box. At this point, I don't feel comfortable migrating more users. Can someone
please shed some lights?As suggested by Cara, I queried the message logs of both servers to track the delayed message. This time, it took an hour for a message to be delivered.
========================================
Message Log on Sending Server EXCH07
========================================
[PS] C:\Windows\system32>get-messagetrackinglog -messagesubject "exch07-user1 to
exch13-user1" | fl
Timestamp : 3/28/14 2:18:00 PM
ClientIp : fe80::a5d8:d604:af26:37a9
ClientHostname : EXCH07.contoso.local
ServerIp : fe80::a5d8:d604:af26:37a9%10
ServerHostname : EXCH07
SourceContext :
ConnectorId :
Source : STOREDRIVER
EventId : RECEIVE
InternalMessageId : 4106
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 3897
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 04I:
Timestamp : 3/28/14 3:12:02 PM
ClientIp : 2002:960a:116::960a:116
ClientHostname : EXCH07
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13.contoso.local
SourceContext : 08D1189FA5E0283C
ConnectorId : Intra-Organization SMTP Send Connector
Source : SMTP
EventId : SEND
InternalMessageId : 4106
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {250 2.1.5 Recipient OK}
TotalBytes : 4337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 3/28/14 2:18:00 PM
Timestamp : 3/28/14 3:40:22 PM
ClientIp : fe80::a5d8:d604:af26:37a9
ClientHostname : EXCH07.contoso.local
ServerIp : fe80::a5d8:d604:af26:37a9%10
ServerHostname : EXCH07
SourceContext :
ConnectorId :
Source : STOREDRIVER
EventId : RECEIVE
InternalMessageId : 4685
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 3905
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1-1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 04I:
Timestamp : 3/28/14 4:34:27 PM
ClientIp : 2002:960a:116::960a:116
ClientHostname : EXCH07
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13.contoso.local
SourceContext : 08D1189FA5E0295D
ConnectorId : Intra-Organization SMTP Send Connector
Source : SMTP
EventId : SEND
InternalMessageId : 4685
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
GE.contoso.local>
Recipients : {[email protected]}
RecipientStatus : {250 2.1.5 Recipient OK}
TotalBytes : 4345
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1-1
Sender : [email protected]
ReturnPath : [email protected]
MessageInfo : 3/28/14 3:40:22 PM
Timestamp : 3/28/14 2:18:00 PM
ClientIp : fe80::a5d8:d604:af26:37a9%10
ClientHostname : EXCH07
ServerIp :
ServerHostname : EXCH07
SourceContext : MDB:caef6319-6c43-4f5e-8b42-34b112a9f6a4, Mailbox:589
783a4-b411-45d8-b359-23095d3cd24d, Event:114759020, M
essageClass:IPM.Note, CreationTime:2014-03-28T18:17:5
9.653Z, ClientType:OWA
ConnectorId :
Source : STOREDRIVER
EventId : SUBMIT
InternalMessageId :
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E607@TO-EXCHAN
GE.contoso.local>
Recipients : {}
RecipientStatus : {}
TotalBytes :
RecipientCount :
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath :
MessageInfo :
Timestamp : 3/28/14 3:40:22 PM
ClientIp : fe80::a5d8:d604:af26:37a9%10
ClientHostname : EXCH07
ServerIp :
ServerHostname : EXCH07
SourceContext : MDB:caef6319-6c43-4f5e-8b42-34b112a9f6a4, Mailbox:589
783a4-b411-45d8-b359-23095d3cd24d, Event:114778671, M
essageClass:IPM.Note, CreationTime:2014-03-28T19:40:2
1.777Z, ClientType:OWA
ConnectorId :
Source : STOREDRIVER
EventId : SUBMIT
InternalMessageId :
MessageId : <CC47D79927E02645940E84883BD0D909F58F56E608@TO-EXCHAN
GE.contoso.local>
Recipients : {}
RecipientStatus : {}
TotalBytes :
RecipientCount :
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1-1
Sender : [email protected]
ReturnPath :
MessageInfo :
========================================
Message Log on Sending Server EXCH07
========================================
[PS] C:\Users\administrator.contoso\Desktop>get-messagetrackinglog -messagesubject "exch07-user1 to exch13-user1" | fl
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:01 PM
ClientIp :
ClientHostname :
ServerIp :
ServerHostname : EXCH13
SourceContext : No suitable shadow servers
ConnectorId :
Source : SMTP
EventId : HAREDIRECTFAIL
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 5337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp :
MessageInfo :
MessageLatency :
MessageLatencyType : None
EventData : {[DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:02 PM
ClientIp : 2002:960a:125::960a:125
ClientHostname : EXCH13.contoso.local
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13
SourceContext : 08D1189F8F482FF4;2014-03-28T19:09:18.823Z;0
ConnectorId : EXCH13\Default EXCH13
Source : SMTP
EventId : RECEIVE
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 5337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp : 2002:960a:116::960a:116
MessageInfo : 0cI:
MessageLatency :
MessageLatencyType : None
EventData : {[FirstForestHop, EXCH13.contoso.local], [ProxiedClientIPAddress, 65.114.181.16],
[ProxiedClientHostname, qw01016.businesswatchnetwork.com], [ProxyHop1,
EXCH13.contoso.local(2002:960a:125::960a:125)], [DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:02 PM
ClientIp :
ClientHostname : EXCH13
ServerIp :
ServerHostname :
SourceContext :
ConnectorId :
Source : AGENT
EventId : AGENTINFO
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 5337
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp : 2002:960a:116::960a:116
MessageInfo :
MessageLatency :
MessageLatencyType : None
EventData : {[CompCost, |ETR=0], [DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:38 PM
ClientIp : 2002:960a:125::960a:125
ClientHostname : EXCH13
ServerIp : 2002:960a:125::960a:125
ServerHostname : EXCH13.contoso.local
SourceContext : 08D1189F8F482FFC;250 2.0.0 OK;ClientSubmitTime:2014-03-28T18:17:59.590Z
ConnectorId : Intra-Organization SMTP Send Connector
Source : SMTP
EventId : SEND
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {250 2.1.5 Recipient OK}
TotalBytes : 6130
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp :
MessageInfo : 2014-03-28T18:18:00.077Z;LSRV=EXCH13.contoso.local:TOTAL=36|QDM=35
MessageLatency : 00:54:38.1220000
MessageLatencyType : LocalServer
EventData : {[E2ELatency, 3278], [Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel,
Opportunistic], [DeliveryPriority, Normal]}
RunspaceId : 4ec43dbc-f727-4ac4-850e-ecac5e5e23ab
Timestamp : 3/28/2014 3:12:38 PM
ClientIp :
ClientHostname : EXCH13.contoso.local
ServerIp :
ServerHostname : EXCH13
SourceContext : 08D1189F97D8A52F;2014-03-28T19:12:38.090Z;ClientSubmitTime:2014-03-28T18:17:59.590Z
ConnectorId :
Source : STOREDRIVER
EventId : DELIVER
InternalMessageId : 1236950581391
MessageId : <[email protected]>
Recipients : {[email protected]}
RecipientStatus : {}
TotalBytes : 6130
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : EXCH07-USER1 to EXCH13-USER1
Sender : [email protected]
ReturnPath : [email protected]
Directionality : Originating
TenantId :
OriginalClientIp : 2002:960a:116::960a:116
MessageInfo : 2014-03-28T18:18:00.077Z;SRV=EXCH13.contoso.local:TOTAL=0;SRV=EXCH13.contoso.lo
cal:TOTAL=35|QDM=35;SRV=EXCH13.contoso.local:TOTAL=0
MessageLatency : 00:54:38.1220000
MessageLatencyType : EndToEnd
EventData : {[MailboxDatabaseName, Mailbox Database 1497118588], [Mailboxes,
43a77dd2-c8bb-4b4c-804c-e761b15da654], [E2ELatency, 3278], [DeliveryPriority, Normal]} -
Hi,
Is there a way to implement user exit / BADI in query.
This we need to be implemented for some key figures / calculated key figure.
Regards,
CharuHi,
i need to implement BADI for queries.
My scenario:
To implement different logics for different variables in a query, is this possible to implement it in a single BADI definition. (BI 7.0)
currently i had implemented with different different BADI definitions for different logics.
please reply as soon as possible. -
Hi Expert.
How I can allow dmz zone server to resolve only dns query through nslookup on ASA 5540 ?
What is the configuration required on ASA 5540 ?
ThanksHi Samir,
By IP address will be very simple, depending on the security level that it has (higher than 0 for DMZ and 0 for the outside) it will be allowed by default.
If there is an access-list alreay applied denying all the http traffic what you need to do is simply allowed that specific host on the ACL and then deny the rest.
Access-list DMZ permit tcp host host eq 80
Access-list DMZ deny ip any any
access-group DMZ in interface DMZ
Then you can add a host entry on the hostfile for the server on the DMZ to translate the IP address to a hostname and you will be able to access it using the web browser (not really scalable, but it works)
WARNING: This will only allow traffic from the DMZ server going to specific host on the internet on port 80, any other traffic going to any other interface will be dropped.
Mike -
ACE - Can it Create/Populate a Serverfarm with Real Servers Based on a DNS Query?
I have a special requirement for a serverfarm where the ACE would need to load-balance a server farm based upon a response from a DNS query to a delegated DNS server. This delegated DNS server is a "smart connect" node that decides which sub-node should be the active node in the serverfarm, and responds to the DNS query with that sub-node address. There are many application/node architectural reasons why the ACE simply can't be used for making that decision, so I won't muddy the waters with that.
Essentially, the ACE would only have one node in it's serverfarm at one time, based upon the reponse from the Smart-Connect to the DNS query.
Thanks for any input.
Mike.Kanwai,
So when the request comes into the VIP, the ACE would send a DNS query to a rack cluster IP address and the response to that query would end up being the real server that ACE forwards the initial request to. Sounds bizarre, I know, and I questions the performance of such, but that is the architecture I'm being asked to create.
Thanks,
Mike. -
How can I find flash media playback setup page? Flash media playback OSMF site - missing, hijacked, bad DNS?
I'm having this issue as well. Weird how hard is to find info and solutions on Google.What do people use instead? A lot of tutorials link to this page...
-
Hi All,
I would like to find out at what stage does Java do the DNS query with the following code snippet when establishing a webserver connection through http/socks proxy:
String url = "http://www.abc.com";
URL server = new URL(url);
Properties systemProperties = System.getProperties();
systemProperties.setProperty("http.proxyHost","proxyServer");
systemProperties.setProperty("http.proxyPort",8080);
HttpURLConnection connection = (HttpURLConnection) server.openConnection();
....Does it carry out the DNS resolution first before passing the IP address of target host to proxy/socks server, or does it simply pass the URL to proxy server that will do the DNS query on its behalf?
Thanks,
JackJoachimSauer wrote:
DrClap wrote:
When I have turned on logging in my proxy server, I see machine names and not IP addresses in the requests being forwarded. That suggests to me that it's the proxy server doing the name resolution.Which makes sense because when you're using a HTTP proxy...Well of course it makes sense. Any reasonable developer would do it that way. But the OP has a history of not recognizing the obvious without having it clearly pointed out. That's why I answered the way I did. -
ASA 5510 denying local DNS Query
I have a ASA5510 ASA v7.0.8 in routed firewall mode. It is setup as the internal router and default gateway.
I was asked to set up a wireless router, I chose a D-Link DIR-815 (we are a small buisiness).
I have it all set up but I cannot get any name resolution.
The firewall is blocking traffic that is all internal. To clarify, it is only blocking the DNS traffic from the D-Link wireless router, the rest of the network operates just fine.
the message in the ASA log is like the following:
Deny inbound UDP from 192.168.1.246/xxxx to 192.168.1.10/53 due to DNS Query.
.246 being the "WAN" port my wireless router and .10 being my DNS server.
I tried adding an ACL "access-list dns extended permit udp any eq 53 any" but this didn't help.
Any ideas? Thanks.To let anyone know, if I take the same IP settings from the wireless router WAN port and put them on the LAN settings and use it like an AP it all works just fine.
-
Edge Transport Server Fails DNS Query When Emailing to one Specific Domain
This issue occurs for the same domain across three different edge transport servers.
All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9. Emails are delivered using DNS connector from edge. Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated. Connectivity Logging generated the following:
2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry
I changed the servers DNS settings to different servers with the same response. Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.
I did a packet capture and received the following:
12 32.280037 172.28.16.55 208.241.124.200 DNS Standard query AAAA SMTPSERVER.subdomain.domain.com
So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup. I then went about disabling TCP/IP6 as per this article:
http://technet.microsoft.com/en-us/network/cc987595.aspx
this stated to do the following:
Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .
To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:
Log on to the computer with a user account that has local administrator privileges.
From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
At the command prompt, type ipv6 uninstall .
Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .
This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
Add the following registry value (DWORD type) set to 0xFF:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.
As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.
I've tried disabling the TCPIP6, and still doesnt work. Any suggestions?Hi Allen and Paul,
we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.
The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is [email protected]) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine
this situation is unacceptable and damaging our customer relations.
Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)
I hope you can help us...
Thanks in advance
Leonard
Hi Leonard,
as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records
to the new DNS service mail started coming in from every customer that had problems.
So for your clients i would suggest a similar solution, it helped over here at least.
Kind regards,
Philipp -
Format of a DNS query in java...
Does anybody know what method and class I should use for create a DNS query to get a remote hosts information regarding ip , name, and all other information in RFC1035?
ThanksUse the JNDI/DNS service provider. Available at
http://developer.java.sun.com/developer/earlyAccess/jndi/
and also bundled with JDK 1.4, http://java.sun.com/j2se/1.4 -
Doing a DNS query ???
I am having a hard time to find a right method and class to do a simple DNS query and get the octet information.
My app should get a URL address and create a query in a packet and send the packet to the remote host to get the response back in octet codes.
something like:
$ dns www.amazon.com
service: 53
server: tamara.acs.marland.edu
IP: 142.225.32.12
len: 32
65620100 00010000 00000000 03777777
06616d61 7a6fe03 636f6d00 00010001
65620100 00010000 00000000 03777777
06616d61 7a6fe03 636f6d00 00010001
c00c0001 00010000 003c0004 cfabb510
the first octet code is the query and the next is the answer coming back from the remote hosts.
any hint or any suggestion ??
ThanksHello,
If a shameless plug is allowed, you're welcome to have a look at my own DNS classes which are a part of the network package you'll find here:
http://www.larsan.net/java/
Cheers
- Lars J. Nilsson
Maybe you are looking for
-
How do I insert into an array only if the condition is true?
I am buiding an array made up of pairs of data from a file. I am going through line by line putting the values in an array and then taking the pairs of two indexes oring them and putting the number into another array. I do not know if there is more t
-
How do i transfer photos from phone to Mac Book Pro?
wut Do i do once i hook up my phone to my computer? AND I hate that the back space key is to close to the POWER Key. Hit it constantly and it will shut me down Right in the middle of important tasks
-
How to Enable Loopback Processing in W2K8
How to Enable Loopback Processing in Windows Server 2008. I am unable to find following: In the Group Policy Microsoft Management Console (MMC), click Computer Configuration. Locate Administrative Templates, click System, click Group Policy, and then
-
TS3694 im getting 1015 error trying to restore iphone 3g
Hi i tried to restore an iphone 3g now im stuck in recovery. nothing i do works.
-
HT1414 how can i open my phone when i have forgotten my password ? thank you.
hello i have forgotten my password & now i have got a red band saying iphone is disabled , how can i open my phone now when i have connected it to any pc yet so i can't go through itunes. thank you.