Exchange 2010: Message Queued with 451 4.4.0 Dns query failed
We discussed this error earlier here http://msexchangeguru.com/2013/11/23/451-4-4-0-dns-query-failed-the-error-was-smtpsend-dns-nonexistentdomain-nonexistent-domain/
We also know this issue can come because of multiple reasons. So today I discovered another fix so I am sharing here.
This infrastructure has windows 2012 R2 domain controllers with AD integrated DNS on it.
We are migrating from Exchange 2007 to Exchange 2010. This is customer choice, I would have chosen Exchange 2013.
Mixed mode with Exchange 2007 and windows 2008 non R2 DCs.
Until migration everything was working fine.
Post cut over we got few secure domains had Message Queue with 451 4.4.0 DNS Query failed
Did the nslookup and look for the mx record. Mx record was present and telnet to this record was working. This means DNS Query was working.
I created the send connector and pointed to one of the MX record hostname.
Restart the transport service on all exchange 2010 servers
But still the messages were queued up with the same error.
Turn off the EDNS0 feature on Windows-based DNS servers. To do this, take the following action:
Open the command prompt with run as administrator,
Type the following command, and then press Enter:
dnscmd /config /enableednsprobes 0
Did the same on all domain controllers.
Selected the message to retry or restart transport fixed my issue.
This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server DNS.
EDNS0 allows larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not allow UDP packets that are larger than 512 bytes. Therefore, these DNS packets may be blocked by the firewall.
This applies to domain controllers post windows 2008 R2 and above which is why windows 2008 non R2 domain controllers were working fine.
Microsoft Solutions Architect