Amiga.org
Coffee House => Coffee House Boards => CH / Science and Technology => Topic started by: mgerics on January 24, 2008, 02:58:49 PM
-
Be warned, non-Amiga content follows.
No help foound anywere for this problem, so I humbly come to this group for assistance.
Exchange Server 5.5 on Win2k, but win nt domain server.
We have DSL and corporate mail comes through it fine. Occasionally, our DSL will drop out. When this does, the email server for those of us INSIDE becomes "unavailable", or at least extrememly slow until the DSL service is restored.
I am fairly certain that this is due to the loss of DNS (as supplied by our DSL provider). Other internal network functions work fine, but businesses almost *thrive* on e-mail..as your boss and his bosses will tell you ad infinitum until the problem is fixed.
What can I do to alleviate this ?
Thanks all
-
i'm hardly an expert but this sounds like a problem coming from your DSL provider.
have they offered an explaination??
-
Well, yeah, it's a DSL provider issue at heart. It doesn't happen all that often and is usually rather quickly resolved, but my concern is that it might become a lengthy delay at some point in time; what can I do in Exchange to alleviate the problem? As stated earlier, when DSL goes down, it appears to become a DNS issue.
Maybe temporarily pointing DNS inside until the DSL comes back up?
-
Try adding all internal servers to the hosts file on the clients (I'd suggest trying with a single one first). That'd be a workaround, and not a sollution, but at least it'd work. :-)
-
If you have an internal DNS server, you should be using it 100% of the time. Just configure it to forward unresolvable queries to your ISP's DNS servers. If your DSL goes offline, you'll still have timeout delays for unresolvable hosts, but you can minimize those by tweaking your DNS server's timeout values to suit your client environment. (None of these suggestions address security, which should always be a concern in a DNS environment. At least with an internal server, you don't have to worry about someone spoofing your Exchange server by modifying your external DNS zones, assuming your network environment allowed connectivity to an external server.)
-
Trev wrote:
If you have an internal DNS server, you should be using it 100% of the time. Just configure it to forward unresolvable queries to your ISP's DNS servers. If your DSL goes offline, you'll still have timeout delays for unresolvable hosts, but you can minimize those by tweaking your DNS server's timeout values to suit your client environment. (None of these suggestions address security, which should always be a concern in a DNS environment. At least with an internal server, you don't have to worry about someone spoofing your Exchange server by modifying your external DNS zones, assuming your network environment allowed connectivity to an external server.)
Hmm. Expanding, clarifying, or adding to the confusion:
1. Previous to Win2k this was the province of WINS. With Win2k apparently MS switched to DNS, which might explain something.
2. XP (and presumably Vista) has a per-machine local DNS cache active by default. If the problem is that your primary and only DNS is offsite, increasing the TTL on the records (to something like double the length of your average outage) is a band-aid.
3. XP's (and presumably Vista's) local cache also caches "negative" entries, when the server can't be reached (which it really shouldn't) with a TTL of 5 minutes. This can make life worse if you have lots of dropouts/lost packets for periods that last less than 5 minutes.
4. The Windows DNS caches are relatively vulnerable to DNS poison attacks and should probably be considered dangerous.
5. Disabling all the local caches and running a proper DNS cache for the LAN, or at least a single Windows-based cache, will make life more deterministic. Running the local ("reliable") server is somewhat equivalent to reconfiguring every client, as far as reducing the painful 'negative response cached' behavior.
6. I'm not familiar with Exchange (hallelujah), but is it possible that it's been configured for buzzword or data-retention compliance and you have no 'local'... what's Exchange-ese for it? Folders? Inboxes? Users? If something has to bounce through offsite machines (via SMTP, POP, whatever the proprietary Exchange protocol is, or whatever authentication protocol might be used), you potentially have two problems, the availability of your DNS and the availability of that service.
I have the Windows cache on the brain because I've run into a few home users having trouble with it lately. I'm not sure if that's because of any particular attack (no reason to believe it's anything like that) or just because more people have bought shiny new machines and started hooking them up via wireless (where, boom, every dropped connection means the negative cache entry penalty for every site they've tried to visit until they get back in range).
[Edit: Wow, didn't notice the original post was so old. Hope all this still helps someone, someday.]