Re: How to disable the "implicit mx record" in Exchange
- From: Andy David {MVP} <adavid@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Feb 2007 13:13:26 -0500
On Mon, 26 Feb 2007 10:06:43 -0800, Evan McNally
<EvanMcNally@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I am having a problem with exchange sending to hosts in recipient domains
where these hosts are not actually mail servers. After a lot of review of
the SMTP logs, I realized that sometimes Exchange is sending to the correct
MX record host, and sometimes it is sending to the host with the A record for
the actual domain. When I say the record for the domain, I mean an A record
that refences the bare domain name rather than an individual host in the
domain.
So when Exchange gets a DNS timeout looking up an MX record, it falls back
to sending to the domain A record. This causes an immediate failure with no
further retry in cases where the MX and A records go to diferent IP addresses
and the A record host accepts mail but not for the particular recipients we
are sending to--we get the "cannot relay for that user" type error.
This link explains how this behavior is by design according to the RFC:
http://exchangepedia.com/blog/2006/11/rfc-2821-and-implicit-mx-rule-can-you.html
I feel that this problem is a combination of saturated bandwidth causing DNS
request packets to be dropped and poor performance with our ISP's DNS and
perhaps slow response from the recipient domain's DNS servers during
recursive lookup. BUT, it is not feasable to fix those problems quickly.
Does anyone know if it is possible to tell Exchange to do one of the
following:
1. Retry the MX lookup more times. I have already increased the DNS timout
value in the forwarder section of our internal DNS server, but it does not
help when the DNS packet is simply lost.
2. Disable the fall back to using the domain A record. If it would just
retry the MX lookup after a while, we would be fine.
I beilieve I can also "fix" this by entering Exchange routing rules with an
explicit recipient host for the problem domains, but that's kind a crummy way
to cover up the problem.
Thanks for any advice!
Evan
If your link is saturated from looking up DNS records, its time to get
a new link.
If you are unable to lookup a mx record for a domain, then you should
not be able to look up their A record either.
I suspect you have something else going on that is causing problems.
.
- Follow-Ups:
- Re: How to disable the "implicit mx record" in Exchange
- From: Evan McNally
- Re: How to disable the "implicit mx record" in Exchange
- Prev by Date: Re: Exchange Version of Calendar Update Tool for DST
- Next by Date: Re: Exporting users calenders in Exchange 5.5 using Exmerge
- Previous by thread: Exporting users calenders in Exchange 5.5 using Exmerge
- Next by thread: Re: How to disable the "implicit mx record" in Exchange
- Index(es):
Relevant Pages
|
