Citrix DNS Counters

This article contains information about the newnslog Domain Name Server (DNS) counters and its brief description.

Using the Counters

Log on to the ADC using an SSH client, change to SHELL, navigate to the /var/nslog directory, and then use the ‘nsconmsg’ command to see comprehensive statistics using the different counters available. For the detailed procedure refer to Citrix Blog – NetScaler ‘Counters’ Grab-Bag!.

DNS Counter

The following table lists the newnslog DNS counters with a simple description of the counter

Newnslog Counter

Description

dns_tot_Queries

This counter tracks the total number of DNS queries received.

dns_tot_Answers

This counter tracks the total number of DNS responses received.

dns_tot_aaaaQueries

This counter tracks the total number of AAAA queries received.

dns_tot_aaaaResponses

This counter tracks the total number of AAAA responses received.

dns_tot_aQueries

This counter tracks the total number of A queries received.

dns_tot_aResponses

This counter tracks the total number of A responses received.

dns_tot_nsQueries

This counter tracks the total number of NS queries received.

dns_tot_nsResponses

This counter tracks the total number of NS responses received.

dns_tot_mxQueries

This counter tracks the total number of MX queries received.

dns_tot_mxResponses

This counter tracks the total number of MX responses received.

dns_tot_soaQueries

This counter tracks the total number of SOA queries received.

dns_tot_soaResponses

This counter tracks the total number of SOA responses received.

dns_tot_cnameQueries

This counter tracks the total number of CNAME queries received.

dns_tot_cnameResponses

This counter tracks the total number of CNAME responses received.

dns_tot_ptrQueries

This counter tracks the total number of PTR queries received.

dns_tot_ptrResponses

This counter tracks the total number of PTR responses received.

dns_tot_srvQueries

This counter tracks the total number of SRV queries received.

dns_tot_srvResponses

This counter tracks the total number of SRV responses received.

dns_tot_anyQueries

This counter tracks the total number of ANY queries received.

dns_tot_anyResponses

This counter tracks the total number of ANY responses received.

dns_err_ResponseClassUnsupported

This counter tracks the total number of responses for which response types were unsupported.

dns_err_ResponseTypeUnsupported

This counter tracks the total number of responses for which response type requested was unsupported.

dns_tot_UnsupportedQueries

This counter tracks the total number of requests for which query type requested was unsupported.

dns_err_QueryClassUnsupported

This counter tracks the total number of queries for which query class was unsupported.

dns_err_QueryFormats

This counter tracks the total number of queries whose format was invalid.

dns_err_ResponseFormats

This counter tracks the total number of responses for which there was a format error.

dns_tot_multi_Queries

This counter tracks the total number of Multi Query request received.

dns_err_strayanswers

This counter tracks the total number of stray answers.

dns_tot_cache_flush_called

This counter tracks the total number of times cache was flushed.

dns_tot_cached_entries_flushed

This counter tracks the total number of cache entries flushed.

dns_tot_ServerQueries

This counter tracks the total number of Server queries sent.

dns_tot_ServerResponses

This counter tracks the total number of Server responses received.

dns_err_aaaaNoDomains

This counter tracks the total number of times AAAA record lookup failed.

dns_err_aNoDomains

This counter tracks the total number of times A record lookup failed.

dns_err_nsNoDomains

This counter tracks the total number of times NS record lookup failed.

dns_err_mxNoDomains

This counter tracks the total number of times MX record lookup failed.

dns_err_cnameNoDomains

This counter tracks the total number of times CNAME record lookup failed.

dns_err_soaNoDomains

This counter tracks the total number of times SOA record lookup failed.

dns_tot_aaaa_updates

This counter tracks the total number of AAAA record updates.

dns_err_ptrNoDomains

This counter tracks the total number of times PTR record lookup failed.

dns_err_srvNoDomains

This counter tracks the total number of times SRV record lookup failed.

dns_err_anyNoDomains

This counter tracks the total number of times ANY query lookup failed.

dns_tot_aaaa_updates

This counter tracks the total number of AAAA record updates.

dns_tot_a_updates

This counter tracks the total number of A record updates.

dns_tot_ns_updates

This counter tracks the total number of NS record updates.

dns_tot_mx_updates

This counter tracks the total number of MX record updates.

dns_tot_soa_updates

This counter tracks the total number of SOA record updates.

dns_tot_cname_updates

This counter tracks the total number of CNAME record updates.

dns_tot_ptr_updates

This counter tracks the total number of PTR record updates.

dns_tot_srv_updates

This counter tracks the total number of SRV record updates.

dns_tot_record_updates

This counter tracks the total number of record updates.

dns_err_multiquery_disabled

This counter tracks the total number of times a multi query was disabled and received a multi query.

dns_tot_AuthAnswers

This counter tracks the number of queries which were authoritatively answered.

dns_err_NoDomains

This counter tracks the number of queries for which no record was found.

dns_err_ResponseWithoutAnswers

This counter tracks the number of DNS responses received without answer.

dns_err_ResponseBadLength

This counter tracks the number of DNS responses received with invalid resource data length.

dns_tot_ReqRefusals

This counter tracks the number of DNS requests refused.

dns_tot_OtherErrors

This counter tracks the total number of other errors.

dnsrec_tot_queries

This counter tracks the total number of DNS queries received.

dns_tot_entries

This counter tracks the total number of DNS record entries.

dns_tot_updates

This counter tracks the total number of DNS proactive updates.

dns_tot_Resp

This counter tracks the total number of DNS server responses.

dns_tot_requests

This counter tracks the total number of DNS queries received.

dns_err_limits

This counter tracks the total number of times you have received DNS record with more entries than that you support.

dns_err_RespFormats

This counter tracks the total number of times you have received malformed responses from the backend.

dns_err_AliasExists

This counter tracks the total number of times you have received non-cname record for a domain for which an alias exists.

dns_err_NoDom

This counter tracks the total number of cache misses.

dns_cur_entries

This counter tracks the current number of DNS entries.

dns_cur_records

This counter tracks the current number of DNS Records.

Related:

  • No Related Posts

SMG doesn’t use higher preference MX routes?

I do not need a solution (just sharing information)

We have a compliance rule which routes matching messages to a domain name using MX records that we have defined in our DNS.  There are two MXes with preference 10 and one MX with preference 100.

During our most recent DR test, when both MX 10s were unavailable, the matching emails were just queueing up, Not willing to go to the MX 100 route.  I even started a TCPDUMP session which detected zero attempts to connect to the MX 100 target host.

Lowered the MX to 50.   Nothing.

Lowered the MX to 10, to match the other two – bingo, the emails flowed out to that target host.

So what’s going on there?  Is SMG’s routing logic broken?

0

Related:

server4.inboundmx.com and server5.inboundmx.com

I need a solution

Hi All

We use Fusion who just bought Megapath and Apptix, they have their Exchange server using Symantec Message Labs.

We are having issue with anybody using ProofPoint and sending us email, for 6 months Fusion and Symantec blame the other party saying their are sending to the wrong IP address of the MX 216 and when the current one are 67, is right but after deep investigation we found out that one of our client have a high volume of email beetween proofpoint users, so they DNS query is realyl high due to the high volume of emails. We saw that when ProofPoint does a high volume of DNS query then they get a old IP address of that MX record and we think that’s because Message Labs thinks is a DOS attack or something so it provide a wrong IP hoping it will not receive more request.

This need to be fix asap, due to really affect our business, if a moderator need to know our domain please DM cause I don’t want to make that inforamtion public do to be big firm names.

Thank you!

0

Related:

Being throttled by Messagelabs Server

I need a solution

Hi Support

cluster5.eu.messagelabs.com throttling our mail servers.

We had issues on our mail queues and once we resolved it, a lot of mails were sent in the queues. Subsequently we are now being throttled. I have mailed, called Symantec Support to no avail. Please assist us urgently.

Date Received: 2019/03/25 13:56:19

Expiration Time: 2019/03/27 13:56:19

Last Error: 421 Service Temporarily Unavailable

196.214.76.171 External MX record mail.4cgroup.co.za

196.22.223.200 External MX record mail1.4cgroup.co.za

209.203.1.2 External MX record mail2.4cgroup.co.za

Kind Regards

Leo

0

Related:

SMG design Questions

I need a solution

(the design attached)
i would like to implement TWO SMG physical appliances as below :

1- one SMG is Scanner only and the second one is Control center & scanner

2- will use inbound & outbound email for both SMG

3- Two physical interfaces on each SMG eth0 & eth1

3- will add a smart route on microsfot Edge Server to forward outbound email traffic to SMG hostname and will use DNS round robin to have a loadbalance for the two SMG.

4- for inbound traffic will create two MX record with same preference.

My Questions :

A- my above points follow the best practices ?

B- is it ok to have eth0 & eth1 in same subnet ? ex. eth0 (inbound) 10.10.10.5 & eth1(outbound) 10.10.10.6 

C-  any recommendation ?

0

Related:

7023320: 450 Host Down When Using Hostname for “Relay Host for Outbound Messages”

This document (7023320) is provided subject to the disclaimer at the end of this document.

Environment

GroupWise 18
GroupWise 2014 R2
GroupWise 2012
GroupWise 8

Situation

When setting up the GroupWise Internet Agent (GWIA) and populating the setting “Relay Host for Outbound Messages” with a hostname instead of an IP address — 450 Host Down can occur in a couple of situations.

Resolution

In most instances, the likely cause is simply the inability of a GWIA to communicate directly with Relay Host (whether it is by using an IP address or hostname). This can be tested simply by creating a telnet connection from the GWIA to the mail relay.
To accomplish this open a terminal screen on the GWIA server on Linux or a Command Prompt on a Windows Server if GWIA is in the Windows environment and type in the following command:
telnet <relay hostname> 25 (Linux)
telnet <relay hostname>:25 (Windows)
telnet <IP address of relay> 25 (Linux)
telnet <IP address of relay>:25 (Windows)
If no connection information is returned for any of the options, then there likely is a router/firewall issue. If the connection works for the IP address but not the hostname, there is likely a problem with the “A” record of the relay server in DNS or DNS is not setup properly on the server itself.
Another possibility might be that a MX record was inadvertently assigned directly to the hostname. For instance: if the relay hostname is relay.mailserver.com and an MX record was assigned to that hostname directing it elsewhere, GWIA will use that entry first before testing it as an A record. The MX record should be assigned to the domain name “mailserver.com” which will point to the A record of “relay.mailserver.com”.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

I can not send email to domain protected messagelabs.com

I need a solution

I send messages to domain ford.com, nutricia.com, mazdaeur.com, uta.com etc.

Each domain reply back “Remote Server at cluster8a.eu.messagelabs.com (85.158.139.103) returned ‘550 4.4.7 QUEUE.Expired; message expired'” or ” Remote Server at cluster8a.eu.messagelabs.com (85.158.139.103) returned ‘441 4.4.1 Error encountered while communicating with primary target IP address: “421 4.4.2 Connection dropped due to ConnectionReset.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 85.158.139.103:25’

When I try list MX record for e.g ford.com DNS returns 

cluster4a.us.messagelabs.com    internet address = 216.82.251.230
cluster4.us.messagelabs.com     internet address = 67.219.247.49
cluster4.us.messagelabs.com     internet address = 67.219.246.97
cluster4.us.messagelabs.com     internet address = 67.219.251.49
cluster4.us.messagelabs.com     internet address = 67.219.250.193
cluster4.us.messagelabs.com     internet address = 67.219.250.97
cluster4.us.messagelabs.com     internet address = 67.219.246.193

I have 10 mailserver in one subnet 80.188.242.x  Any address is not on blacklist http://ipremoval.sms.symantec.com/lookup/

If I try to connect via telnet on port 25 to messagelabs.com from subnet 80.188.242.x I get answer “connection abort” or something similar.

SMTPDiag from one of the servers

Searching for Exchange external DNS settings.
Computer name is MFX.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for ford.com.
Checking external DNS servers.
Checking internal DNS servers.
SOA serial number match: Passed.

Checking local domain records.
Checking MX records using TCP: mf.cz.
Checking MX records using UDP: mf.cz.
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Checking MX records using TCP: ford.com.
Checking MX records using UDP: ford.com.
Both TCP and UDP queries succeeded. Remote DNS test passed.

Checking MX servers listed for info@ford.com.
Connecting to cluster4.us.messagelabs.com [67.219.251.49] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [67.219.250.97] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [67.219.250.193] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [67.219.247.49] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [67.219.246.97] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4.us.messagelabs.com [67.219.246.193] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4.us.messagelabs.com.
Connecting to cluster4a.us.messagelabs.com [216.82.251.230] on port 25.
Error: Expected “250”. Server rejected the recipient address.
Failed to submit mail to cluster4a.us.messagelabs.com.

0

Related:

Working with lots of sub-domains

I do not need a solution (just sharing information)

Has anyone had the requirement to recieve mail from multiple sub-domains, and how have you configured this?

On our current platform we are able to receive anything pointed to us (resolved by the MX lookup) and can route to our exchange servers based on a match on the destination domain. For example if our domain was contoso.com we have many MX entries under the contoso.com domain in DNS like (test, help, users, etc). An incoming message to matt@test.contoso.com would resolve the MX to our server. The SMTP route then matches *.contoso.com and forwards the messages. 

At this stage it appears within Symantec.cloud I am going to have to set up many domains, one for each MX record as I cannot find a way to accept messages to the subdomains. 

0

Related: