Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsHelp setting up DNS with PTR in windows server 2012
BinaryLimited

796 posts

Ultimate Geek

Trusted

#132209 12-Oct-2013 17:20
Send private message

Exchange server 2010 can send mail but no receive anything.

Current setup :

 

PTR --> x.x.x.1 (internal ip) point to 1.2.3.4 (public ip)
domain controller = x.x.x.1 ( abc.com )
exchange server = x.x.x.2 (internal ip)

iv setup the the PTR in the DNS server on the domain controller.
Have also setup the forwards in DNS Server on the domain controller.

For some reason the mx record keeps showing the local ip ( x.x.x.2 ) on mxtoolbox.com

Any idea why it keeps showing the internal IP of the exchange server?




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

Filter this topic showing only the reply marked as answer Create new topic
Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #914199 12-Oct-2013 19:19
Send private message

can your exchange server be seen from the internet? i.e. if you telnet to port 25 on your external ip do you get the "220 myserver.mydomain.co.nz Microsoft ESMTP MAIL Service ready" banner?

not quite sure i understand what you're doing with DNS and PTR/MX records. normally you have an A record, a PTR (if available) and an MX record.

note that a PTR record is *not* required for mail delivery. If you don't have one, you may be more likely to get blocked as spam by other mail servers.

an MX record *is* required. This is what tells other servers where to send mail for your domain.

e.g. (if your ext IP was 200.200.200.200)

External DNS records:
200.200.200.200 A myserver.mydomain.co.nz
mydomain.co.nz MX 10 myserver.mydomain.co.nz
myserver.mydomain.co.nz PTR 200.200.200.200

Internal DNS records (if using split brain DNS):
192.168.0.2 A myserver.mydomain.co.nz
mydomain.co.nz MX 10
myserver.mydomain.co.nz PTR 192.168.0.2

Normally external dns servers do not show internal records unless you explicitly load them. Not sure how you ended up with an internal IP address there.




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs



Ragnor
8218 posts

Uber Geek

Trusted

  #914787 14-Oct-2013 13:45
Send private message

Great answer by Regs.

Also for the external PTR if you're not the owner of the ip address range, you will need to get your provider who owns the ip address range to setup a reverse dns record/delegation.

Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #914798 14-Oct-2013 13:54
Send private message

Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs



Ragnor
8218 posts

Uber Geek

Trusted

  #914810 14-Oct-2013 14:12
Send private message

Yes definitely not a good idea for AD server to be doing internal and external dns imo.

BinaryLimited

796 posts

Ultimate Geek

Trusted

  #914824 14-Oct-2013 14:34
Send private message

Regs: Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.


Thanks again for the help Reg....All is up and running...well not now due to me swopping some servers around.Did some mods to my supermicro server which sounded like a Jet taking off.Dropped the fans from 12v to 5v....working like a charm now, and most importantly, not so louuuuuuuuuuuuud.


With the D/C , i was under the impression the setup goes something like this :
Domain.com ---> internet ---> PTR points to D/C --> domain controller (distributing the required info) ---> exchange server

turns out that pointing the PTR directly to the exchange server solved everything, including the DNS management stuff you mentioned with godaddy.




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

BinaryLimited

796 posts

Ultimate Geek

Trusted

  #914832 14-Oct-2013 14:38
Send private message

Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

Ragnor
8218 posts

Uber Geek

Trusted

  #914995 14-Oct-2013 19:54
Send private message

BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
BinaryLimited

796 posts

Ultimate Geek

Trusted

  #915012 14-Oct-2013 20:08
Send private message

Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #915031 14-Oct-2013 20:36
Send private message

BinaryLimited:
Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?


sometimes you want to run an internal IP address for a site which is different to external IP address.
e.g.
internal www.mydomain.co.nz A 192.168.1.100
external: www.mydomain.co.nz A 200.200.200.200

when accessing the www site internally, traffic will be directly to the web server instead of traversing out, then back in, the firewall. sometimes its not even possible to hit your own external IP from inside the firewall - depends on the firewall you have and the NAT/routing setup.




Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright