After a user rebooted her system, email she sent to an internal POP3 email server was being rejected. When I checked the email server's log file, I found that it was rejecting the email because it saw the email coming from the outside address of the firewall. It saw the "to" address of the email message she was trying to send as one that was not destined for an account on the email server and rejected it with a "relaying denied" message. The email server was configured to allow relaying from the IP address of her PC, but since it saw the email coming through the external firewall, it rejected it.
When I tried pinging the internal email server, mail.example.com, from
her system, instead of its internal address, 192.168.0.25, being used, I saw
the external address for the firewall was being used. I checked her
/windows/system32/drivers/etc/hosts file first. I didn't see
any entry for mail.example.com there. Nor did I see the address cached
on her system when I entered the command ipconfig /displaydns |
find /i "mail.example.com" at a command prompt. So I used a
sniffer to observe
the network traffic from/to her system. I saw that her system was
querying the DNS server configured as the secondary name server for her
system, which was an external DNS server provided by her Internet Service
Provider (ISP) rather than the internal name server on her
LAN.
I tried ipconfig /flushdns, but that made no difference.
Her system continued to query the secondary name server and didn't seem
to ever cache the address for mail.example.com. When I tried
ipconfig /registerdns, the system then queried the primary
DNS server again.
The /registerdns argument to the ipconfig command
"refreshes all DHCP leases and re-registers DNS names." The system had
a static IP address, so the "re-registers DNS names" function of the
command must have fixed the problem.
When she tried sending her email message again, though,
it was rejected by the internal mail server. I had her restart her email
client, Microsoft Outlook, and that resolved the problem. Apparently, Outlook
also maintains its own cached information for the mail server it uses. I
still didn't see the internal mail server's address cached when I issued
an ipconfig /displaydns command, though.
The long term solution, though, to prevent the problem recurring would be to set up another internal DNS server to use as the secondary DNS server.
References:
-
XP not using Primary DNS
Date: March 20, 2009
TechTalkz.com Technology @ your fingertips -
Configuring IP Addressing and Name Resolution
Microsoft TechNet: Resources for IP Professionals -
When does a Windows client stop using a secondary DNS server and revert back
to primary
Date: August 11, 2009
Server Fault -
Renew DNS client registration using the ipconfig command
Updated: January 21, 2005
Microsoft TechNet: Resources for IP Professionals
