Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




791 posts

Ultimate Geek

Trusted

# 132209 12-Oct-2013 17:20
Send private message

Exchange server 2010 can send mail but no receive anything.

Current setup :

 

PTR --> x.x.x.1 (internal ip) point to 1.2.3.4 (public ip)
domain controller = x.x.x.1 ( abc.com )
exchange server = x.x.x.2 (internal ip)

iv setup the the PTR in the DNS server on the domain controller.
Have also setup the forwards in DNS Server on the domain controller.

For some reason the mx record keeps showing the local ip ( x.x.x.2 ) on mxtoolbox.com

Any idea why it keeps showing the internal IP of the exchange server?




Filter this topic showing only the reply marked as answer Create new topic
Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 914199 12-Oct-2013 19:19
3 people support this post
Send private message

can your exchange server be seen from the internet? i.e. if you telnet to port 25 on your external ip do you get the "220 myserver.mydomain.co.nz Microsoft ESMTP MAIL Service ready" banner?

not quite sure i understand what you're doing with DNS and PTR/MX records. normally you have an A record, a PTR (if available) and an MX record.

note that a PTR record is *not* required for mail delivery. If you don't have one, you may be more likely to get blocked as spam by other mail servers.

an MX record *is* required. This is what tells other servers where to send mail for your domain.

e.g. (if your ext IP was 200.200.200.200)

External DNS records:
200.200.200.200 A myserver.mydomain.co.nz
mydomain.co.nz MX 10 myserver.mydomain.co.nz
myserver.mydomain.co.nz PTR 200.200.200.200

Internal DNS records (if using split brain DNS):
192.168.0.2 A myserver.mydomain.co.nz
mydomain.co.nz MX 10
myserver.mydomain.co.nz PTR 192.168.0.2

Normally external dns servers do not show internal records unless you explicitly load them. Not sure how you ended up with an internal IP address there.




8034 posts

Uber Geek

Trusted

  # 914787 14-Oct-2013 13:45
Send private message

Great answer by Regs.

Also for the external PTR if you're not the owner of the ip address range, you will need to get your provider who owns the ip address range to setup a reverse dns record/delegation.

 
 
 
 


Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 914798 14-Oct-2013 13:54
Send private message

Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.




8034 posts

Uber Geek

Trusted

  # 914810 14-Oct-2013 14:12
Send private message

Yes definitely not a good idea for AD server to be doing internal and external dns imo.



791 posts

Ultimate Geek

Trusted

  # 914824 14-Oct-2013 14:34
Send private message

Regs: Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.


Thanks again for the help Reg....All is up and running...well not now due to me swopping some servers around.Did some mods to my supermicro server which sounded like a Jet taking off.Dropped the fans from 12v to 5v....working like a charm now, and most importantly, not so louuuuuuuuuuuuud.


With the D/C , i was under the impression the setup goes something like this :
Domain.com ---> internet ---> PTR points to D/C --> domain controller (distributing the required info) ---> exchange server

turns out that pointing the PTR directly to the exchange server solved everything, including the DNS management stuff you mentioned with godaddy.






791 posts

Ultimate Geek

Trusted

  # 914832 14-Oct-2013 14:38
Send private message

Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)




8034 posts

Uber Geek

Trusted

  # 914995 14-Oct-2013 19:54
Send private message

BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction

 
 
 
 




791 posts

Ultimate Geek

Trusted

  # 915012 14-Oct-2013 20:08
Send private message

Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?




Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 915031 14-Oct-2013 20:36
Send private message

BinaryLimited:
Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?


sometimes you want to run an internal IP address for a site which is different to external IP address.
e.g.
internal www.mydomain.co.nz A 192.168.1.100
external: www.mydomain.co.nz A 200.200.200.200

when accessing the www site internally, traffic will be directly to the web server instead of traversing out, then back in, the firewall. sometimes its not even possible to hit your own external IP from inside the firewall - depends on the firewall you have and the NAT/routing setup.





Filter this topic showing only the reply marked as answer Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.