Re: SMTP delivery failure when NIC DNS server points to router

>>What these articles do not explain is *why* MS SMTP's use of port 53
>>gets blocked by the firewall. DNS resolution is used by every web app
>>and service. How do the others manage to work across the firewall?
>
>How do you know the firewall is blocking port 53 TCP or UDP? Have you
>added a rule to allow it? What do the firewall logs show?

I better understand this problem.

I'm running SMTPSVC under Windows 2000 Professional SP4.

I own a Netgear RT314 router. Per the thread here:
http://www.dslreports.com/forum/remark,3964885
I learned that the router's DNS server does not listen to TCP queries.
This explains why SMTPSVC, which by default sends TCP DNS queries,
does not work if it sends its query to the NIC which forwards to the
router's DNS server. OTOH, if SMTPSVC forwards to the NIC which
forwards to an *external* DNS server (which obviously handles TCP DNS
queries), SMTPSVC works correctly.

Two solutions suggest themselves:

1. Leave the external DNS servers configured in the NIC. The drawback
is that it's never a good idea to "hard-wire" IP addresses for DNS.

2. Configure the SMTPSVC to use UDP for DNS queries. That's explained
in MSKB 330070, "Mail May Not Be Delivered When DNS Resolution Uses
Only the UDP Protocol".

So, I launched MetaEdit 2.2, went to LM\SmtpSvc\1 and added the DWORD
"36997" with data = 2. I then restarted IIS/SMTP and opened two
command line windows. In the first, I started up NSLOOKUP, set a
virtual connection with "set vc", restricted queries to MX records
with "set q=mx", and queried "microsoft.com". The query failed with
the following error, "*** UnKnown can't find microsoft.com:
Unspecified error". While the query was running, in the second command
window I ran "netstat -n" and saw that the router's IP address was
being queried on port 53 via TCP, not UDP.

I tried again after rebooting. Same result. In MetaEdit, I added the
DWORD to LM\SmtpSvc and restarted IIS/SMTP. Same result. I rebooted.
Same result.

So, here's my question:

Do the MetaEdit configuration instructions to restrict SMTPSVC DNS
queries to UDP apply to the SMTPSVC supplied with Windows 2000
Professional (SP4)? If so, what am I doing wrong? If not, is there any
other way to restrict the SMTPSVC to UDP DNS queries in this O/S?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

**********
.

Relevant Pages

  • RE: Help with ipfw rules to allow DNS queries through
    ... If a DNS reply exceeds the maximum size of a udp datagram, it will be sent using TCP so the rule is needed. ... > I have a stand alone server co-located on my employers T1 line. ...
    (FreeBSD-Security)
  • Re: Windows 2003 Help
    ... Reconfigure the DC's as also posted in DNS NG: ... In the private ip range i would not enable the firewall between the DC's. ... 53211 TCP ... 53 TCP and UDP ...
    (microsoft.public.windows.server.general)
  • RE: TCP DNS requests
    ... Note that you can sometimes have tcp/53 connections for queries. ... tcp 53 53 Queries with long replies between servers, ... DNS server uses port 53 both as the source and destination for it's ... port number to UDP port 53. ...
    (Security-Basics)
  • SMTP Outgoing - Connection Dropped
    ... Searching for Exchange external DNS settings. ... Checking TCP/UDP SOA serial number using DNS server. ... TCP test failed. ... UDP test succeeded. ...
    (microsoft.public.windows.server.sbs)
  • SMTP delivery problem
    ... Searching for Exchange external DNS settings. ... Checking TCP/UDP SOA serial number using DNS server. ... Starting TCP and UDP DNS queries for the local domain. ...
    (microsoft.public.inetserver.iis.smtp_nntp)