We have an exchange 2007 domain that we are in the process of upgrading to exchange 2010. Currently we are doing a coexist roleout and everything works fine except for the above error. Exchange 2007 is a cas/hst/mbx, and exchange 2010 are 2 cas/host boxes in an nlb and 2 mailbox servers with 1 dag currently. We have 3 external ip's routed to postine, 1 for the old legacy connection to exchange 2007 and 2 for each hub/transport server. Mailflow works correctly in and out of the 2007 box, and internal mail as well as receiving from external works on the exchange 2010 side. but any mail you try to send from 2010 to external fails with delivery tyep dnsconnectordelivery 451 4.4.0 dns query failed. protocol logging is set to verbose on both send connectors internal and external but for some reason there is still no log being generated in the logs directory. Almost like the exchange 2010 hubs aren't even trying to send anything out.

hi, DNS query failed is the most common error I come across while troubleshooting mail flow for my clients. In this post I will publish all the troubleshooting I have perform to resolve the error. If Exchange server is on windows 2008, please make sure IPv6 is disabled in the network adapter settings.Make sure the deployed firewall is configured to allow DNS port 53 (UDP). If possible configure the same rule in windows internal firewall.DNS server is one of the major component required to run exchange server in your organisation. Therefore, please make sure forwarders and zones are configured properly.Check if HUB server can connect to DNS server. hope can help you thanks,CastinLu TechNet Community Support

Run nslookup on your hub server to see if you can resolve the postini hostname you are trying to contact on your send connector. Make sure your ipv4 config is the same on your 2010 server as you 2007 too i.e. using the same internal DNS server that has root hints and forwarders configured correctly.

It seems the issue is that we had the wrong internal ip connected to the external route on the firewall. I was under the impression that the ip address configured for the cas array was bi directional and couldn't find any information stating otherwise. Once we set the default ip on the server to the external route everything worked as expected.