Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




791 posts

Ultimate Geek

Trusted

# 132209 12-Oct-2013 17:20
Send private message

Exchange server 2010 can send mail but no receive anything.

Current setup :

 

PTR --> x.x.x.1 (internal ip) point to 1.2.3.4 (public ip)
domain controller = x.x.x.1 ( abc.com )
exchange server = x.x.x.2 (internal ip)

iv setup the the PTR in the DNS server on the domain controller.
Have also setup the forwards in DNS Server on the domain controller.

For some reason the mx record keeps showing the local ip ( x.x.x.2 ) on mxtoolbox.com

Any idea why it keeps showing the internal IP of the exchange server?




Filter this topic showing only the reply marked as answer Create new topic
Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 914199 12-Oct-2013 19:19
3 people support this post
Send private message

can your exchange server be seen from the internet? i.e. if you telnet to port 25 on your external ip do you get the "220 myserver.mydomain.co.nz Microsoft ESMTP MAIL Service ready" banner?

not quite sure i understand what you're doing with DNS and PTR/MX records. normally you have an A record, a PTR (if available) and an MX record.

note that a PTR record is *not* required for mail delivery. If you don't have one, you may be more likely to get blocked as spam by other mail servers.

an MX record *is* required. This is what tells other servers where to send mail for your domain.

e.g. (if your ext IP was 200.200.200.200)

External DNS records:
200.200.200.200 A myserver.mydomain.co.nz
mydomain.co.nz MX 10 myserver.mydomain.co.nz
myserver.mydomain.co.nz PTR 200.200.200.200

Internal DNS records (if using split brain DNS):
192.168.0.2 A myserver.mydomain.co.nz
mydomain.co.nz MX 10
myserver.mydomain.co.nz PTR 192.168.0.2

Normally external dns servers do not show internal records unless you explicitly load them. Not sure how you ended up with an internal IP address there.




8035 posts

Uber Geek

Trusted

  # 914787 14-Oct-2013 13:45
Send private message

Great answer by Regs.

Also for the external PTR if you're not the owner of the ip address range, you will need to get your provider who owns the ip address range to setup a reverse dns record/delegation.

 
 
 
 


Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 914798 14-Oct-2013 13:54
Send private message

Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.




8035 posts

Uber Geek

Trusted

  # 914810 14-Oct-2013 14:12
Send private message

Yes definitely not a good idea for AD server to be doing internal and external dns imo.



791 posts

Ultimate Geek

Trusted

  # 914824 14-Oct-2013 14:34
Send private message

Regs: Binary was using windows DNS server in an AD domain to host the *.mydomain.co.nz nameserver records.

Because the server was serving internal addresses, there was a need to either:
* set up a second non-AD integrated DNS server and use this for external zone (split brain DNS)
* use the domain name hosting services (godaddy) to host the external facing DNS

Easiest option was to go with external DNS services, and i think this is all up and running now.


Thanks again for the help Reg....All is up and running...well not now due to me swopping some servers around.Did some mods to my supermicro server which sounded like a Jet taking off.Dropped the fans from 12v to 5v....working like a charm now, and most importantly, not so louuuuuuuuuuuuud.


With the D/C , i was under the impression the setup goes something like this :
Domain.com ---> internet ---> PTR points to D/C --> domain controller (distributing the required info) ---> exchange server

turns out that pointing the PTR directly to the exchange server solved everything, including the DNS management stuff you mentioned with godaddy.






791 posts

Ultimate Geek

Trusted

  # 914832 14-Oct-2013 14:38
Send private message

Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)




8035 posts

Uber Geek

Trusted

  # 914995 14-Oct-2013 19:54
Send private message

BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction

 
 
 
 




791 posts

Ultimate Geek

Trusted

  # 915012 14-Oct-2013 20:08
Send private message

Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?




Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 915031 14-Oct-2013 20:36
Send private message

BinaryLimited:
Ragnor:
BinaryLimited:
Ragnor: Yes definitely not a good idea for AD server to be doing internal and external dns imo.


Why is that? Technical or Noob answer would be fine :)


Security - there are whole bunch of attacks/exploits that are enabled by running caching/recursive and authoritative dns on the same server.
http://bestpractices.wikia.com/wiki/DNS_Introduction


any other reasons?


sometimes you want to run an internal IP address for a site which is different to external IP address.
e.g.
internal www.mydomain.co.nz A 192.168.1.100
external: www.mydomain.co.nz A 200.200.200.200

when accessing the www site internally, traffic will be directly to the web server instead of traversing out, then back in, the firewall. sometimes its not even possible to hit your own external IP from inside the firewall - depends on the firewall you have and the NAT/routing setup.





Filter this topic showing only the reply marked as answer Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.