Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

DNS Tips #11 - DNS, Exchange and Firewalls

Sponsor

When using Windows 2003 and Exchange 2003, there is an issue that can occur when you attempt to resolve certain Domain Name System (DNS) query responses through a firewall. When DNS queries are passed through a firewall they are inspected (this depends on your firewall). DNS query packets may be blockedif they are larger than 512 bytes.

When sending email to certain domains you may get the following error: '

Usersname@domain.com' on 9/13/2005 9:00 AM There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.

The problem here is that RFC 2671, "Extensions Mechanisms for DNS (EDNS0)," will allow DNS requests to send UDP packets larger than the standard 512 bytes. Depending on if the ISP has enabled this, DNS queries returned from those ISPs will be blocked if the firewall is configured to block oversized UDP packets. There are two ways to resolve this issue, the first is to allow these packets through your firewall.

For this you will have to consult your firewall documentation. Secondly and maybe easier is to use DNSCMD to disable EDNS0 on your Exchange server. From a command prompt run:

dnscmd /Config /EnableEDnsProbes 0

This will disable outbound EDNS0 only. Inbound EDNS0 requests will continue to function normally.





Published Tuesday, September 13, 2005 9:03 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

  
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008