Have you encountered an instance where Exchange cannot deliver mail to a destination on the Internet? This is becoming more and more common. You may question why this is happening in the first place and why it’s becoming more common.
The answer lies in how Exchange does DNS queries. Exchange was designed to run on a corporate network where you have full control on how DNS is setup and configured. Basically, Exchange believes that DNS will always respond with a correct answer. But when Exchange sends mail to the Internet, DNS queries and answers might not always be what you expect. This is especially true when more and more organizations start using IPv6.
When using Network Monitor or any other network sniffer when Exchange tries to deliver mail over the Internet you will see that there is a query for MX. One problem here is if the destination domain has IPv6 information in their Internet DNS but does not have AAAA records for hosts specified in their MX records. Exchange will simply do another query for A records for the MX hosts and mail will queue on Exchange.
There are variations on what information is in the destination DNS zone and how your DNS is configured- if you have IPv6 etc, but the behavior is the same, DNS will sometimes fail.
The solution is very simple. Configure the send connector used for sending mail to the Internet to use external DNS. You will not need to reconfigure your Windows box to query another name server but simply use the Exchange configuration
Set-SendConnector <SendConnectorNameToInternet> -UseExternalDNSServersEnabled $True
You don’t even have to specify a name server on your HUB/Edge server, but you can if you like. This will change the behavior of Exchange DNS queries to not stop when there is no AAAA records or if no other IPv6 information is found. This will allow Exchange to continue to do IPv4 DNS queries. Remember that Windows prefers IPv6 over IPv4. This can be verified by using a network sniffer.
After testing both HUB and Edge servers with Exchange 2010 and 2013, I've noticed the behavior is the same.
There is one reference on Technet on this matter and it discusses normal and lenient mode, but it doesn’t provide an explanation as to the changed behavior if using external DNS.
So in short, configure your send connectors sending to Internet to use an external DNS to make your life easier.