Diagnosing Mail delivery Problems DNS related.Diagnosing Mail delivery Problems DNS related.
ou have performed some basic mail tests right? If not, go here.
DNS
I cant begin to say how important DNS is to a properly functioning exchange system. I wont go into the why’s and wherefores of an DNS system as this is way beyond what I am trying to do here. Just give you what you need to know. There are some great tools out there to help you. Some you have to pay for. But I try and use the tools that come with the system. By and large they work great.
The most basic is nslookup. But nslookup only tells you part of the story. Nslookup is a client tool really and not server class. For server class tools we need Dcdiag and DnsLint.
The syntax pages for Dcdiag is here
The syntax pages for Dnslint is here
Note: Dcdiag is part of resource kit tools (reskit).
Lets start with Dcdiag. This is a great tool for diagnosing Domain Controller issues or problems. But we are interested in DNS right? So lets focus on those parts of the test. Of course you could run all the tests. But that provides way to much information. We need to get down to the nitty gritty. So lets go.
If you look at the construct of the Dcdiag command then you will see that it works this way:
Dcdiag /Test: / /
We are going to perform some DNS tests to verify that the internal DNS and external tests to ensure that all is well in regards to the DNS configuration.
So the 1st test we want to run is to ensure that we have the basic DNS working as it should. So we put the command together like this:
Dcdiag /Test:DNS /DNSBasic
The above command specifies that we are skipping all the other tests and are just testing DNS and we are performing a DNS Basic test. The output ought to look something like this:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SITEA\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: SITEA\SERVER
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : exchange-admin.org
Running enterprise tests on : exchange-admin.org
Starting test: DNS
......................... exchange-admin.org passed test DNS
This means that the test ran OK and the domain in question passed all its tests.
Now we can perform some other tests now that we have ascertained that we have a basic and functioning DNS system.
The next test involves the DNS forwarders. These forwarders forward DNS requests that cannot be resolved internally. Usually that's to a third party such as your ISP that hosts your external DNS or it may be a DNS server or servers that reside within the DMZ of your company. But wherever it is, if the DNS name cannot be resolved internally then this is where the DNS lookups go. This command is:
Dcdiag /Test:DNS /DNSForwarders
The output that is produced should look something like the output from /DNSBasic. But this test checks the forwarders explained above.
If you put the “/v” option at the end of these two commands you get a lot more information. This may be of further use to you.
Note: Dnslint ships with windows 2008.
Ok so lets move onto DnsLint. This is another free tool that Microsoft have written to help us ensure that we have a well configured DNS system. The command is very easy to use. For DNS its:
Dnslint /d
The above command produces a nice HTML report for the domain in question.
The report lists all the DNS servers, the MX records if the DNS server in question is SOA etc.
The other realy cool thing we can do with DnsLint is check the local server to see if it can resolve the CNAME and A records. This command is just
Dnslint /ad /s localhost (/v)
Add the /v if you want more verbose output.
That's basically it on DNS for now.
DNS
I cant begin to say how important DNS is to a properly functioning exchange system. I wont go into the why’s and wherefores of an DNS system as this is way beyond what I am trying to do here. Just give you what you need to know. There are some great tools out there to help you. Some you have to pay for. But I try and use the tools that come with the system. By and large they work great.
The most basic is nslookup. But nslookup only tells you part of the story. Nslookup is a client tool really and not server class. For server class tools we need Dcdiag and DnsLint.
The syntax pages for Dcdiag is here
The syntax pages for Dnslint is here
Note: Dcdiag is part of resource kit tools (reskit).
Lets start with Dcdiag. This is a great tool for diagnosing Domain Controller issues or problems. But we are interested in DNS right? So lets focus on those parts of the test. Of course you could run all the tests. But that provides way to much information. We need to get down to the nitty gritty. So lets go.
If you look at the construct of the Dcdiag command then you will see that it works this way:
Dcdiag /Test:
We are going to perform some DNS tests to verify that the internal DNS and external tests to ensure that all is well in regards to the DNS configuration.
So the 1st test we want to run is to ensure that we have the basic DNS working as it should. So we put the command together like this:
Dcdiag /Test:DNS /DNSBasic
The above command specifies that we are skipping all the other tests and are just testing DNS and we are performing a DNS Basic test. The output ought to look something like this:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SITEA\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: SITEA\SERVER
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : exchange-admin.org
Running enterprise tests on : exchange-admin.org
Starting test: DNS
......................... exchange-admin.org passed test DNS
This means that the test ran OK and the domain in question passed all its tests.
Now we can perform some other tests now that we have ascertained that we have a basic and functioning DNS system.
The next test involves the DNS forwarders. These forwarders forward DNS requests that cannot be resolved internally. Usually that's to a third party such as your ISP that hosts your external DNS or it may be a DNS server or servers that reside within the DMZ of your company. But wherever it is, if the DNS name cannot be resolved internally then this is where the DNS lookups go. This command is:
Dcdiag /Test:DNS /DNSForwarders
The output that is produced should look something like the output from /DNSBasic. But this test checks the forwarders explained above.
If you put the “/v” option at the end of these two commands you get a lot more information. This may be of further use to you.
Note: Dnslint ships with windows 2008.
Ok so lets move onto DnsLint. This is another free tool that Microsoft have written to help us ensure that we have a well configured DNS system. The command is very easy to use. For DNS its:
Dnslint /d
The above command produces a nice HTML report for the domain in question.
The report lists all the DNS servers, the MX records if the DNS server in question is SOA etc.
The other realy cool thing we can do with DnsLint is check the local server to see if it can resolve the CNAME and A records. This command is just
Dnslint /ad /s localhost (/v)
Add the /v if you want more verbose output.
That's basically it on DNS for now.
Comments
Post a Comment