This article describes how to troubleshoot the error ‘host name lookup failure’ in the FortiMail Cross-search log.
Scope
FortiMail.
Solution
Step 1: If FortiMail fails to send the email to the recipient with the error below in the cross-search log, follow the steps below to troubleshoot the issue:
to=<[email protected]>, delay=00:00:16(tries=1), xdelay=00:00:16, mailer=esmtp, pri=126322, relay=smtp.domain.com., dsn=4.0.0, stat=Deferred: Name server: domain.com.: host name lookup failure
Step 2: Run the CLI command below to verify whether the configured DNS server in FortiMail can get the MX record for the recipient domain:
exe nslookup name domain.com type mx server x.x.x.x <----- Replace x.x.x.x with the configured DNS Primary and Secondary servers in the FortiMail.
Step 3: If the FortiMail can get the MX record, run the following CLI command to verify whether the FortiMail can get the A record from the MX record or not. For example, below is the MX record of Gmail, the A record is the highlighted entries.
exe nslookup name gmail.com type mx server 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com. gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 30 alt3.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 40 alt4.gmail-smtp-in.l.google.com.
Step 4: The CLI command below can be used to verify the A record:
exe nslookup name gmail-smtp-in.l.google.com type a server 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: gmail-smtp-in.l.google.com Address: 142.251.175.26
Step 5: If the configured DNS servers in the FortiMail are not able to get the MX or A record of the recipient domain, check with the relevant DNS server support team.