iis smtp nntp: I'm running the SMTP service under W2K SP4 behind a NAT router that is
configured as a DHCP server on the LAN side with automatic assignment
of the DNS servers on the WAN side. The single NIC on the W2K box is
configured with a fixed IP address and both the default gateway and
the preferred DNS server are set to the router's LAN address. With the
router and NIC configured this way, I can browse the web, ping, run
NSLOOKUP, and recover POP3 messages on the box on which SMTP is
running. I can't, however, use the SMTP service to send any messages.

SMTP always fails with the following Event Log incident:

Source: smtpsvc
Category: None
Type: Warning
Event ID: 4000
Description: Message delivery to the remote domain
'destination_domain_name_here' failed for the following reason: An
internal DNS error caused a failure to find the remote server.

If I change the NIC configuration so that the preferred DNS server is
set to a working DNS server for the ISP, the SMTP service works
correctly.

Why does the SMTP service fail when the NIC is configured to use the
router as a DNS server?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

[quoted text, click to view]

MSKB 263237 explains how to use NSLOOKUP to check for proper DNS
function via TCP queries. I found that my firewall was blocking TCP
port 53.

MSKB 330070 explains that SMTP uses TCP port 53, not UDP port 53 and
it provides instructions for configuring one or the other or both. I
used MetaEdit to switch SMTP to UDP, but it made no difference -- port
53 was still blocked by the firewall.

What these articles do not explain is *why* MS SMTP's use of port 53
gets blocked by the firewall. DNS resolution is used by every web app
and service. How do the others manage to work across the firewall?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

[quoted text, click to view]

It wouldn't surprise me too much if this was due to poor or incomplete DNS
implementation in what is probably a product intended for home use.

I have one such router here myself. While it doesn't appear to have a
problem with MX records, I notice that it can't reverse resolve its own
internal IP address. I am not sure whether that would affect the SMTP
service, but it is a common test to validate DNS functionality -- and this
router is definitely failing it.

--
Chris Priede (priede@panix.com)

On Tue, 12 Apr 2005 02:28:51 +0200, Andrew Aronoff
[quoted text, click to view]

How do you know the firewall is blocking port 53 TCP or UDP? Have you
added a rule to allow it? What do the firewall logs show?

Hi, Jeff.

Thanks for replying.

[quoted text, click to view]

I followed the instructions in MSKB 263237:

I set the preferred DNS server on the NIC to the router's LAN address,
disabled/enabled the NIC, and checked via IPCONFIG that the change had
been made. I started NSLOOKUP, issued the commands "set vc" and "set
q=mx", then tried to resolve the domain name of my ISP's mail server.
NSLOOKUP returned an error. When I returned to the initial
configuration, NSLOOKUP worked normally.

[quoted text, click to view]

No. I do not want to allow unsolicited incoming DNS. After all, it's
not needed if the NIC DNS servers are set to external IP addresses.

[quoted text, click to view]

Due to an oversight, I do not have logs for the test period.

Again, the SMTPSVC works fine as long as I specify the DNS servers on
the local NIC. The SMTPSVC fails, but no web app fails, if I set the
NIC DNS server to the router's LAN address.

I'd simply like to understand why the SMTPSVC fails if the router is
used as a DNS proxy. If the logs are necessary, I can certainly
produce them. But isn't there a simple explanation that I'm just
missing?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

[quoted text, click to view]

Are you surmising, then, that the router fails for the SMTPSVC but
succeeds for a web browser? The router's (tiny) DNS server might not
return the MX records that the SMTPSVC needs? So the problem, then,
isn't that the SMTPSVC has a problem, but the router does?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

[quoted text, click to view]

I better understand this problem.

I'm running SMTPSVC under Windows 2000 Professional SP4.

I own a Netgear RT314 router. Per the thread here:
http://www.dslreports.com/forum/remark,3964885
I learned that the router's DNS server does not listen to TCP queries.
This explains why SMTPSVC, which by default sends TCP DNS queries,
does not work if it sends its query to the NIC which forwards to the
router's DNS server. OTOH, if SMTPSVC forwards to the NIC which
forwards to an *external* DNS server (which obviously handles TCP DNS
queries), SMTPSVC works correctly.

Two solutions suggest themselves:

1. Leave the external DNS servers configured in the NIC. The drawback
is that it's never a good idea to "hard-wire" IP addresses for DNS.

2. Configure the SMTPSVC to use UDP for DNS queries. That's explained
in MSKB 330070, "Mail May Not Be Delivered When DNS Resolution Uses
Only the UDP Protocol".

So, I launched MetaEdit 2.2, went to LM\SmtpSvc\1 and added the DWORD
"36997" with data = 2. I then restarted IIS/SMTP and opened two
command line windows. In the first, I started up NSLOOKUP, set a
virtual connection with "set vc", restricted queries to MX records
with "set q=mx", and queried "microsoft.com". The query failed with
the following error, "*** UnKnown can't find microsoft.com:
Unspecified error". While the query was running, in the second command
window I ran "netstat -n" and saw that the router's IP address was
being queried on port 53 via TCP, not UDP.

I tried again after rebooting. Same result. In MetaEdit, I added the
DWORD to LM\SmtpSvc and restarted IIS/SMTP. Same result. I rebooted.
Same result.

So, here's my question:

Do the MetaEdit configuration instructions to restrict SMTPSVC DNS
queries to UDP apply to the SMTPSVC supplied with Windows 2000
Professional (SP4)? If so, what am I doing wrong? If not, is there any
other way to restrict the SMTPSVC to UDP DNS queries in this O/S?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

I would like to configure the SMTPSVC to use UDP for DNS queries. A
method is explained in MSKB 330070, "Mail May Not Be Delivered When
DNS Resolution Uses Only the UDP Protocol".

According to that article, UDP can be configured with MetaEdit by
adding the name "36997" with a value of 2 (DWORD) at the location
LM\SmtpSvc\1

However, under W2K Pro SP4, this does not appear to have any effect.
"NETSTAT -n" shows that DNS queries still proceed via TCP, not UDP.

Is there any way to restrict SMTPSVC DNS queries to UDP under Windows
2000 Professional (SP4)?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org