Beruflich Dokumente
Kultur Dokumente
ALAN MALMBERG
Support Engineer Exchange Connectors -Texas Microsoft Corporation May 12, 2004
Background Information
Name Resolution
Applications that need to communicate with
other networked computers, require a communication mechanism A network operating system is used to facilitate network communication requests Applications send their requests to the operating system which handles the request The Windows OS provides a number of API sets to handle such requests i.e. NetBIOS, Windows Sockets
Name Resolution
Applications written using Windows sockets can
use the GetHostByName API which triggers name resolution request(s) The OS tries to resolve the name that the application passed to it, into an IP address A Windows OS uses two primary methods for name resolution:
NetBIOS name resolution Host name resolution
Windows NT 4.0
Windows 2000
Client sends a recursive query to DNS server Local DNS server checks in forward zone and cache
- returns answer, or if nothing found, Local DNS server sends iterative query to root servers Root servers helps us find SOA and NS for the domain Local DNS server sends an iterative query to remote NS Local DNS server gets answer from remote NS and sends response to client
NetBIOS Caching Resolver Service is used to reduce network traffic Service can be viewed, stopped and started like other services
To To To To view cache: ipconfig /displaydns clear the cache: ipconfig /flushdns stop: net stop dns client Start: net start dns client
Getting Resolution
Caching
Resolver Cache
The cache is always checked before queries are
sent to a DNS server
Positive and negative responses can be cached Decreases network traffic Positive entries are cached for a max period = TTL returned with the record from DNS Negative entries are cached for a max period = minimum TTL in SOA record Cannot be less than one minute Cannot be greater than 15 minutes
Resolver Cache
Caching behavior is configurable
Entries are cached for the number of seconds specified by the TTL But never for longer than the values specified in
registry
Resolver Cache
View TTLs in cache:
ipconfig /displaydns
DNS Queries
If the name is not in cache resolver queries the DNS
servers configured on each adapter
DNS Queries
Each adapter can be configured with multiple
DNS servers (list servers) Resolver sends queries to the first DNS server on the preferred adapters list
Waits one second for a response If no response Resolver sends the query to the first DNS
servers listed on all adapters lists Waits two seconds for a response
If no response from any server Resolver sends query to all DNS servers on all adapters Waits two seconds for a response
DNS Queries
At the 5 second point: If a response is not received from any DNS server
Resolver sends query to all DNS servers on all adapters and waits four seconds for a response If a response is not received from any DNS server Resolver sends query to all DNS servers on all adapters and waits 8 seconds for a response If no DNS servers respond Resolver responds with a Timeout message
Total time could be 17 seconds If resolver does not receive a response from any server on a given adapter Resolver stops querying that adapters DNS servers For 30 seconds returns a time-out
If the resolver receives a positive response at any point in the process Resolver stops querying DNS servers Adds response to cache Returns response to client
Resolver may move servers up or down the list based on quickly they respond Keep infrastructure as simple as possible Resolver list management behavior is not configurable Refer to Q135919 DNS Server Search Order Functionality in
Windows NT
CONFIGURATION
Exchange 2000 & DNS
Symptoms
Establish that the problem is in DNS. Common
things to look for:
There is a remote queue for the domain which is in retry. The queue diagnostic indicates DNS, or at the very least, it doesnt indicate something else. You are getting an NDR with the DNS error code (5.4.0 on E2K SP1, or 5.0.0 prior to that). Event 4000 in App log (Could be a SMTP error)
SMTP VS does not have a valid FQDN Lookup of your SMTP VS FQDN failed Contacts domain does not resolve to any SMTP
address spaces
Verification / Relief
Verifying DNS problems
Bypass the DNS Server Q285863 XCON: How to Bypass DNS Name Resolution to Test SMTP Mail Flow Point the server to a known good DNS server with forwarder dialcache021.ns.uu.net (198.6.100.218) dns1.microsoft.com (131.107.1.7 ) ISPs DNS Server
Adding FQDN entry in Hosts file ( if using Core SMTP DNS resolver )
Configuration
Configuration Issues
Full computer name (FQDN) DNS Suffix name Virtual Servers FQDN Forwarding to invalid External DNS Servers Forwarding to Root Hint Servers (timeouts) Incorrect entries in .hosts file Incorrect records in DNS Missing records in DNS
3) 4) 5) 6)
Multihomed Machines
Primary and/or Secondary on both NICs
point to AD DNS Server
setting on NIC to primary DNS for the zone For AD Integrated, point them to any AD DNS server
Setting up Forwarders
Right Click the DNS
Server, Properties, Forwarders Tab
If Enabled
Setting up Forwarders
Now Enable
forward lookup, which is a search based on the DNS name of another computer as stored in an address (A) resource record. This type of query expects an IP address as the resource data for the answered response.
All GCs are listed in the root _tcp folder. GC - specific records Type DNS Record ------------------------------------------------Gc SRV ldap._tcp.gc._msdcs.<DnsForestName> GcIpAddress A _gc._msdcs.<DnsForestName> GenericGc SRV _gc._tcp.<DnsForestName>
Dynamic Updates
Not having this turned on is bad! Upgrade any BIND DNS servers to version 8.1.2 or later of the BIND software to meet the DNS requirements for Active Directory support.
Netdiag
Tests many things including DNS and DC Lists NetDiag is a Resource Kit command line utility.
From a command line prompt type the commands below in the directory where NetDiag lives. NetDiag /test:DNS Using the "netdiag /fix" (without the quotation marks) command on the domain controller will verify that all SRV records that are in the Netlogon.dns file are registered on the primary DNS server. Q219289 Running netdiag with no switches runs all available tests
DCDiag
dcdiag with no switches will test many
things, including connectivity, machine accounts, replication, and FSMO
NSLookup
Used to determine basic DNS connectivity and name
resolution Extremely powerful tool & probably best to troubleshoot DNS problems Comes with the OS by default. Internet gateways for NSLookup Q200525 Using NSlookup.exe Q203204 XFOR: How to Obtain MX Records with the Nslookup.exe Utility
otherwise Can limit query example - Set q=mx http://www.codeflux.com/tools/
DSADiag
Dsadiag includes 2 switches, 1 and 2
Run dsadiag 1 to get a list of available
DCs and GCs, and their status (Up, Down, Fast, and In Sync)
IPConfig
IPConfig /all
Shows configuration info for all adapters Useful in determining problems with DNS suffixes and
IP addresses
IPConfig (continued)
ipconfig /flushdns clears the local DNS resolver
cache ipconfig /registerdns forces re-registration of all DNS records (Note: restarting netlogon does this as well) On Domain controllers stop Netlogon and remove Netlogon.dns and Netlogon.dnb C:\WINNT\system32\config ipconfig /displaydns shows the local DNS resolver cache
NLTest
Capable of many things including secure
channel resets and Site/DC/GC queries Run nltest /dsgetsite if Ex2K setup fails with Could not determine Site Name Run nltest /dsgetdc:domain.com to get DC statistics Run nltest /dsgetdc:domain.com /gc to get GC statistics Same as above except shows DC only if it has Flag of GC
DNS_DC DNS_DOMAIN DNS_FOREST
Netmon Capture
A NetMon trace can also be very useful to
see what is being queried for and what fails.
Regtrace
Modules = SMTP Files: If you have isolated that DNS is
DNS adns.cpp, smtpdns.cpp, remoteq.cxx
Regtrace
DNS - The quickest way to figure out what is
wrong in DNS is often to use dnsquery, dnsq.exe or nslookup.exe to troubleshoot. If this is not possible, trace files may be used. Functions that trace errors:
CAsyncDns::DnsParseMessage in adns.cpp
Traces the hostname that was attempted to be resolved and the Win32 error code from DNS.
REMOTE_QUEUE::BeginInitializeAsyncDnsQuery in
remoteq.cxx
Slow DNS
Slowness of the DMZ DNS server can
result in mail accumulating in the queues if the domains to which mail is going to are external domains being resolved by the DNS Sink DMZ resolver. dnsq.exe can be used to figure out how slow a DNS server is. Workaround have more threads doing DNS resolution. The following metabase key controls this:
/SmtpSvc/1/MaxRemQThreads default is 1
Additional Notes
Ping by name does NOT tell us that DNS is
fully functional (Doesnt test LDAP lookup to DC/GC)
cant resolve within a few minutes after this triage), get them to Win2k Networking to resolve this case.
Geek Slide
Zone Files are stored in this folder
C:\WINNT\system32\dns This is if you use Standard Primary
Questions?
RESOURCES
XFOR: Mail Sits in the Exchange 2000 Outbound Queue DNS behind Proxy cannot resolve Internet names XFOR: Outbound SMTP Mail Stopped With Exchange Behind ISA
MX Record Failover Does Not Occur When 4xx Error Occurs XFOR: Mail May Not Flow from One Exchange 2000 Server to Another XIMS: Message Cannot Be Sent to Domains with MX Record Pointing XADM: Exchange System Manager Doesn't Verify Smart Host DNS XADM: NDR "Unable to forward the message because no directory se XCON:Exchange 2000 will not deliver mail to domains whose MX rec XIMS: Message cannot be sent to domains with MX record pointing DNS Setting on Exchange 2000 Bridgehead Server for Internet Mail XCON: Internet Mail Service Requires Domain Name System Name XCON: How to Bypass DNS Name Resolution to Test SMTP Mail Flow XFOR: "Host Unknown" Message When Sending Outbound Internet
Tools
All DNS troubleshooting tools are at: \\Exutils\Exes \\Quadra\Tools
Internet Gateways
http://www.codeflux.com/Tools http://www.dnsreport.com http://www.dnsstuff.com http://www.network-tools.com/ http://www.wazoo.com/inetutil.html http://samspade.org/t/
Support 1886 DNS Extensions to Support IP Version 6 1995 Incremental Zone Transfer in DNS 1996 A Mechanism for Prompt DNS Notification of Zone Changes 2136 Dynamic Updates in the Domain Name System (DNS UPDATE) 2181 Clarifications to the DNS Specification 2308 Negative Caching of DNS Queries (DNS Negative CACHE)