DNS may be setup incorrectly for my Exchange 2000 Server

  • Thread starter Thread starter Patriot
  • Start date Start date
P

Patriot

When I do an nslookup for my MX record I get the following:

Non-authoritative answer:

towerlife.com MX preference = 10, mail exchanger = mail.mydomain.com



mydomain.com nameserver = serverpdc.mydomain.com

mail.mydomain.com internet address = 218.75.110.43

serverpdc.mydomain.com internet address = 192.168.0.2



I am not sure why my internal ip address is showing. Mail Exchange is
correct and I am getting email, but every so often I get a user from one of
our customers saying they are not able to email us. Could this be because
my internal address comes up? How do I keep my internal address scheme from
showing?



I am behind a Cisco 2600 Router and a Cisco PIX firewall. I am running WIN2K
AS sp4 with Exchange 2000. Thanks in advance...
 
Patriot said:
When I do an nslookup for my MX record I get the following:
towerlife.com MX preference = 10, mail exchanger = mail.mydomain.com
mydomain.com nameserver = serverpdc.mydomain.com
mail.mydomain.com internet address = 218.75.110.43
serverpdc.mydomain.com internet address = 192.168.0.2

I am not sure why my internal ip address is showing. Mail Exchange is
Click to expand...

Is the a dual homed machine (like the router to the Internet or perhaps
a DMZ machine with both addresses?)

You probably should do the lookups from "outside" -- try
www.DNSReports.Com for a quick check of what the
outside world is seeing and other problem area prompts.
 
In
posted their thoughts said:
When I do an nslookup for my MX record I get the following:

Non-authoritative answer:

towerlife.com MX preference = 10, mail exchanger = mail.mydomain.com



mydomain.com nameserver = serverpdc.mydomain.com

mail.mydomain.com internet address = 218.75.110.43

serverpdc.mydomain.com internet address = 192.168.0.2



I am not sure why my internal ip address is showing. Mail Exchange is
correct and I am getting email, but every so often I get a user from
one of our customers saying they are not able to email us. Could
this be because my internal address comes up? How do I keep my
internal address scheme from showing?



I am behind a Cisco 2600 Router and a Cisco PIX firewall. I am
running WIN2K AS sp4 with Exchange 2000. Thanks in advance...
Click to expand...

When I did an nslookup on towerlife.com (assuming this is the name), I
didn't see any private IPs. Here's my results:
================================
set type=mx
towerlife.com
Click to expand...
Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

towerlife.com MX preference = 10, mail exchanger = mail.towerlife.com
mail.towerlife.com internet address = 204.57.101.34
set type=all
towerlife.com
Click to expand...
Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

Non-authoritative answer:
towerlife.com nameserver = midway.fibr.net
towerlife.com nameserver = towerpdc.towerlife.com
towerlife.com MX preference = 10, mail exchanger = mail.towerlife.com

towerlife.com nameserver = midway.fibr.net
towerlife.com nameserver = towerpdc.towerlife.com
midway.fibr.net internet address = 204.57.66.2
towerpdc.towerlife.com internet address = 204.57.101.34
mail.towerlife.com internet address = 204.57.101.34
==================================

Is your AD domain name the same as the external name? If so, since you are
pointing to your own internal DNS server, then that's expected behavior
since internal machines will need to get to it that way. If done from the
Internet, it appears correct. I would probably leave it that way so your
internal machines can get to it that way, if they need be, but internally MX
records and such aren't important. The MX is just for others to send you
mail from other mail servers on the Internet. INternally, you're probably
using a MAPI client (Outlook), which doesn't require that data.

Hope that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
What did DNSReports.com tell you?

(It checks for a bunch of stuff.)

You definitely do not want that internal IP showing
externally.
 
AF> When I did an nslookup on towerlife.com, I
AF> didn't see any private IPs.

That's because your resolving proxy DNS server just happened to
hit the wrong "towerlife.com." content DNS server during query
resolution.

[C:\]dnsqry /serverip:204.57.66.2 ns towerlife.com. | tail /8
[204.57.66.2:0035] -> [0.0.0.0:0000] 115
Header: 0000 1+2+0+2, R, RA, query, no_error
Question: towerlife.com. IN NS
Answer: towerlife.com. IN NS 133788 towerpdc.towerlife.com.
Answer: towerlife.com. IN NS 133788 midway.fibr.net.
Additional: towerpdc.towerlife.com. IN A 172038 204.57.101.34
Additional: midway.fibr.net. IN A 86400 204.57.66.2

[C:\]dnsqry /serverip:204.57.101.34 ns towerlife.com. | tail /6
[204.57.101.34:0035] -> [0.0.0.0:0000] 70
Header: 0000 1+1+0+1, R, RA|AUTH, query, no_error
Question: towerlife.com. IN NS
Answer: towerlife.com. IN NS 3600 towerpdc.towerlife.com.
Additional: towerpdc.towerlife.com. IN A 3600 192.168.10.60

[C:\]

I suspect that, in addition to not employing "split horizon" DNS
service (which is pretty much a requirement when one has dual-homed
servers listening on IP addresses in one or more of the private
address ranges) either

(a) database replication between his "towerlife.com."
content DNS server and the DNS hosting service's
"towerlife.com." content DNS server is not working
at all; or
(b) he doesn't actually have the content DNS service peering
agreement that he thinks he has;

since 204.57.66.2 in fact publishes a lame self-referral for all
"towerlife.com." queries, that appears to come from cached data
(note the decreasing TTLs).

[C:\]dnsqry /serverip:204.57.66.2 a wibble.towerlife.com. | tail /8
[204.57.66.2:0035] -> [0.0.0.0:0000] 122
Header: 0000 1+0+2+2, R, RA, query, no_error
Question: wibble.towerlife.com. IN A
Authority: towerlife.com. IN NS 133428 midway.fibr.net.
Authority: towerlife.com. IN NS 133428 towerpdc.towerlife.com.
Additional: midway.fibr.net. IN A 86400 204.57.66.2
Additional: towerpdc.towerlife.com. IN A 171678 204.57.101.34

[C:\]
 
The NS record for the domain name includes the private IP address of your server. If this zone is AD integrated and this is your Active Directory domain name,
then this problem is unavoidable. If this isn't your Active directory domain name, then simply set the zone as a Standard Primary zone and change the NS
record to reference the public IP address of the DNS server.

Thank you,
Mike Johnston
Microsoft Networking Support


This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
I have a NAT table translating the Public IP address into a Private IP
address. Yes the server is a DC. Do I still need to employ "Split Horizon"
DNS?
 
Patriot said:
I have a NAT table translating the Public IP address into a Private IP
address. Yes the server is a DC. Do I still need to employ "Split Horizon"
DNS?
Click to expand...

Not unless you have a name resolution issue.

Separate the problem into to components, can
we route on the right address/port?

Can we resolve the name TO that address?
 
In
Patriot said:
I have a NAT table translating the Public IP address into a Private IP
address. Yes the server is a DC. Do I still need to employ "Split
Horizon" DNS?
Click to expand...

Yes. You can't host records with mixed private and public addresses for
obvious reasons. You would need one DNS server for public IPs, and one DNS
server for you internal private IP addresses.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top