Some time ago I had already pointed out the following error, here in connection with Exchange 2013:
If emails cannot be delivered and Exchange displays the error "451 4.7.0 Temporary server error. Please try again later. PRX2" in the queues, there may be another reason for this. This applies to both Exchange 2013 and Exchange 2016/2019.
The cause of the error is almost always problems with the DNS, and not always necessarily with the DNS server itself, as described in the article linked above, but also with the DNS settings of the Exchange server.
The following DNS configuration is often found on servers and clients, especially in very small environments:
In very small environments, for example, there is only one domain controller, which is also used as the DNS server. In this example, the DC has the IP 192.168.100.1 and is set as the preferred DNS server. As there is no other DC as a DNS server, a DNS forwarder is often entered as an alternative DNS server, in this example the router.
The reason why, for example, a router is specified here as an alternative DNS server: If the DC fails, at least I still have name resolution and can surf the Internet, for example. Of course, if the only domain controller fails, you still have a problem: without DNS and Active Directory, Exchange no longer works either. You might still be able to surf the Internet, but not much more.
However, Exchange has a problem with this configuration. Exchange uses all configured DNS servers, not just the preferred DNS server. This makes sense, because it is a very simple way to achieve simple load balancing across all configured DNS servers.
In most small environments, however, the router, for example, cannot resolve the DNS zones of the Active Directory. Routers and various other alternative "non-DC DNS servers" forward DNS queries to DNS servers on the Internet, but cannot do anything with DNS queries to the "Underscore Zones (e.g. _msdcs)" and return an NX domain (domain or entry does not exist).
In this example, a DNS query for "gc._msdcs.frankysweb.local" against the preferred DNS server (domain controller) would be successful and return the IP address of the domain controller. However, the same DNS query to the router would be answered with "non-existent domain (NX domain)":
This is also the reason for the error "451 4.7.0 Temporary server error. Please try again later. PRX2", Exchange can no longer find its domain controller or cannot resolve relevant DNS entries.
Solution:
In such small environments, the alternative DNS server for Exchange Server can be dispensed with. If the domain controller fails, you have a problem anyway and nobody will use the Exchange server for surfing anyway.
With some routers, it is possible to configure DNS forwarding. For example, you can configure that all queries to _msdcs.frankysweb.local are forwarded to the domain controller. Of course, this only helps to a limited extent with only one domain controller (limited in the sense of "not at all")...
This problem can also occur in environments with two or more domain controllers, as all configured DNS servers must be able to resolve the "Underscore Zones".