On Wed, Apr 29, 2009 at 7:25 PM, Charlie Kaiser <[email protected]> wrote: > Bottom line is that DNS lookups are failing, and mail is going to the A > record for the remote domain instead of the MX record. Apparently this is by > design with E2K3/W2K3 when a negative reply comes back.
If a domain name has no MX records, but does have A records, then SMTP MTAs are supposed to treat the domain as if it had specified the hosts at those A records as the mail exchangers. This is per the relevant RFC. Does it happen for "all" domains, or just some? As someone else said, query logging would be good. Another thing to try is a packet sniffer. (Sometimes that's even better, because you might see stuff that the person programming an application's logging routines didn't think was relevant.) In the NT 4.0 days, I sometimes fixed deficiencies in the NT 4.0 DNS server by having it forward all DNS queries to a local ISC BIND "named" resolver which then did the Internet-facing stuff. The MS DNS server was much improved in Win 2000, but it's a thought if you get desperate. > What I'm trying to find out is this: Is there a way to prevent server-side > caching of negative replies to remote DNS queries? The normal control for this is the "minimum TTL" field from the SOA record of the zone being queried. Microsoft's documentation seems to imply that they just use that: "The Windows 2000 DNS server caches negative responses according to the minimum TTL in the SOA record. However, it cannot be less than one minute or greater than 15 minutes." (http://technet.microsoft.com/en-us/library/cc959309.aspx) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
