Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsHelp setting up DNS with PTR in windows server 2012
BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

#132209 12-Oct-2013 17:20
Send private message

Exchange server 2010 can send mail but no receive anything.

Current setup :

 

PTR --> x.x.x.1 (internal ip) point to 1.2.3.4 (public ip)
domain controller = x.x.x.1 ( abc.com )
exchange server = x.x.x.2 (internal ip)

iv setup the the PTR in the DNS server on the domain controller.
Have also setup the forwards in DNS Server on the domain controller.

For some reason the mx record keeps showing the local ip ( x.x.x.2 ) on mxtoolbox.com

Any idea why it keeps showing the internal IP of the exchange server?




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

Filter this topic showing only the reply marked as answer Create new topic
Regs
4066 posts

Uber Geek
+1 received by user: 206

Trusted
Snowflake

  #914199 12-Oct-2013 19:19
Send private message

can your exchange server be seen from the internet? i.e. if you telnet to port 25 on your external ip do you get the "220 myserver.mydomain.co.nz Microsoft ESMTP MAIL Service ready" banner?

not quite sure i understand what you're doing with DNS and PTR/MX records. normally you have an A record, a PTR (if available) and an MX record.

note that a PTR record is *not* required for mail delivery. If you don't have one, you may be more likely to get blocked as spam by other mail servers.

an MX record *is* required. This is what tells other servers where to send mail for your domain.

e.g. (if your ext IP was 200.200.200.200)

External DNS records:
200.200.200.200 A myserver.mydomain.co.nz
mydomain.co.nz MX 10 myserver.mydomain.co.nz
myserver.mydomain.co.nz PTR 200.200.200.200

Internal DNS records (if using split brain DNS):
192.168.0.2 A myserver.mydomain.co.nz
mydomain.co.nz MX 10
myserver.mydomain.co.nz PTR 192.168.0.2

Normally external dns servers do not show internal records unless you explicitly load them. Not sure how you ended up with an internal IP address there.




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs



Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #914787 14-Oct-2013 13:45
Send private message

Great answer by Regs.

Also for the external PTR if you're not the owner of the ip address range, you will need to get your provider who owns the ip address range to setup a reverse dns record/delegation.

Regs
4066 posts

Uber Geek
+1 received by user: 206

Trusted
Snowflake

  #914798 14-Oct-2013 13:54
Send private message

Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs



Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #914810 14-Oct-2013 14:12
Send private message

Yes definitely not a good idea for AD server to be doing internal and external dns imo.

BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

  #914824 14-Oct-2013 14:34
Send private message

Regs: Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.


Thanks again for the help Reg....All is up and running...well not now due to me swopping some servers around.Did some mods to my supermicro server which sounded like a Jet taking off.Dropped the fans from 12v to 5v....working like a charm now, and most importantly, not so louuuuuuuuuuuuud.


With the D/C , i was under the impression the setup goes something like this :
Domain.com ---> internet ---> PTR points to D/C --> domain controller (distributing the required info) ---> exchange server

turns out that pointing the PTR directly to the exchange server solved everything, including the DNS management stuff you mentioned with godaddy.




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

  #914832 14-Oct-2013 14:38
Send private message

Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #914995 14-Oct-2013 19:54
Send private message

BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction

BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

  #915012 14-Oct-2013 20:08
Send private message

Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

Regs
4066 posts

Uber Geek
+1 received by user: 206

Trusted
Snowflake

  #915031 14-Oct-2013 20:36
Send private message

BinaryLimited:
Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?


sometimes you want to run an internal IP address for a site which is different to external IP address.
e.g.
internal www.mydomain.co.nz A 192.168.1.100
external: www.mydomain.co.nz A 200.200.200.200

when accessing the www site internally, traffic will be directly to the web server instead of traversing out, then back in, the firewall. sometimes its not even possible to hit your own external IP from inside the firewall - depends on the firewall you have and the NAT/routing setup.




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Filter this topic showing only the reply marked as answer Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright