Simple test environment Single subnet - 10.0.0.0/24 Organisation 1 is contoso.com. Organisation 2 is acme.com. I want to send an email from ACME to CONTOSO. DC/DNS server = dc1.contoso.com = 10.0.0.4 Mail server = ms1.contoso.com = 10.0.0.33 To practice concepts such as Accepted Domains and Email Address Policy, a second domain was created: contoso.net So: contoso.com = internal domain (Active Directory based) contoso.net = external or public domain - and the one you send email too. There is no routing involved here. I simply configure conditional DNS forwarders. So, if you want to send something to someone@contoso.net, those packets are forwarded to: 10.0.0.4 – that’s the IP address of the contoso.com zone, hosting the contoso.net zone as well. I then created a contoso.net zone. In real life, this zone would be hosted by an ISP or on DMZ servers. But my setup is just for practice. So I configured a number of CNAME and MX records in both the contoso.com and contoso.net zones. That resulted in this error: http://umxm8g.blu.livefilestore.com/y1p6cYKP8smORV4bfJHjQHPmXLlzXAVkWpyF7rIlTEU_A0aXOBGRv9LVAbM9pUOKAN2QoehZCqjStXwIh_RyY_7-Ky6dUHRyaWU/DNSLoopback-3.JPG I've deleted all the DNS records that I added and now I'm working backwards Here I have simply an A record for the domain controller/DNS server, so it can respond to test pings, and an MX record pointing to the mailserver whose A record, in fact, located in the contoso.com zone. http://umxm8g.blu.livefilestore.com/y1pR3BSvPWSHnDebtufoariKQbOk7x_2osfg6vZ2ZCuQ9WTYJqOyjOc0vbuPD1Urw_bRYTX-1sW2YGrBONtfxU5dHnOi1HVgEZt/DNSLoopback-4.JPG NSLOOKUP provides this information: > contoso.net [...] contoso.net nameserver = dc1.contoso.com contoso.net primary name server = dc1.contoso.com responsible mail addr = hostmaster.contoso.com [...] contoso.net MX preference = 10, mail exchanger = ms1.contoso.com dc1.contoso.com internet address = 10.0.0.4 ms1.contoso.com internet address = 10.0.0.33 But the message just stays in the queue: http://umxm8g.blu.livefilestore.com/y1p0_NgSLdqw1QZRchcYJOUNXKlD9Xt96AuNSBnJOSTdTVo4yrNPPklMewxX_yTD3tPjtpM7EbBYsoWPIIFSL7ZJcNGNMd7yRZv/DNSLoopback-5.JPG Please note the DNS query failure on the right of the image. So, does anybody know how I should configure my DNS records for such an experiment?

Maybe if you told us what you want to achieve rather than what you've done we could give you better advice. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Le Pivert" wrote in message news:869cbf0c-ad01-4aa4-92b0-2ebff588da83... Simple test environment Single subnet - 10.0.0.0/24 Organisation 1 is contoso.com. Organisation 2 is acme.com. I want to send an email from ACME to CONTOSO. DC/DNS server = dc1.contoso.com = 10.0.0.4 Mail server = ms1.contoso.com = 10.0.0.33 To practice concepts such as Accepted Domains and Email Address Policy, a second domain was created: contoso.net So: contoso.com = internal domain (Active Directory based) contoso.net = external or public domain - and the one you send email too. There is no routing involved here. I simply configure conditional DNS forwarders. So, if you want to send something to someone@contoso.net, those packets are forwarded to: 10.0.0.4 thats the IP address of the contoso.com zone, hosting the contoso.net zone as well. I then created a contoso.net zone. In real life, this zone would be hosted by an ISP or on DMZ servers. But my setup is just for practice. So I configured a number of CNAME and MX records in both the contoso.com and contoso.net zones. That resulted in this error: http://umxm8g.blu.livefilestore.com/y1p6cYKP8smORV4bfJHjQHPmXLlzXAVkWpyF7rIlTEU_A0aXOBGRv9LVAbM9pUOKAN2QoehZCqjStXwIh_RyY_7-Ky6dUHRyaWU/DNSLoopback-3.JPG I've deleted all the DNS records that I added and now I'm working backwards Here I have simply an A record for the domain controller/DNS server, so it can respond to test pings, and an MX record pointing to the mailserver whose A record, in fact, located in the contoso.com zone. http://umxm8g.blu.livefilestore.com/y1pR3BSvPWSHnDebtufoariKQbOk7x_2osfg6vZ2ZCuQ9WTYJqOyjOc0vbuPD1Urw_bRYTX-1sW2YGrBONtfxU5dHnOi1HVgEZt/DNSLoopback-4.JPG NSLOOKUP provides this information: > contoso.net [...] contoso.net nameserver = dc1.contoso.com contoso.net primary name server = dc1.contoso.com responsible mail addr = hostmaster.contoso.com [...] contoso.net MX preference = 10, mail exchanger = ms1.contoso.com dc1.contoso.com internet address = 10.0.0.4 ms1.contoso.com internet address = 10.0.0.33 But the message just stays in the queue: http://umxm8g.blu.livefilestore.com/y1p0_NgSLdqw1QZRchcYJOUNXKlD9Xt96AuNSBnJOSTdTVo4yrNPPklMewxX_yTD3tPjtpM7EbBYsoWPIIFSL7ZJcNGNMd7yRZv/DNSLoopback-5.JPG Please note the DNS query failure on the right of the image. So, does anybody know how I should configure my DNS records for such an experiment? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Maybe if you told us what you want to achieve rather than what you've done we could give you better advice. I want to send an email to someone@contoso.net from another company: let's says acme.com. All servers (including the mail server) are members of the contoso.com domain. So, since this is strictly internal (for practice) I want to configure another zone on the DNS server of contoso.com so mail sent to someone@contoso.net will be accepted. I have created such a zone: contoso.net How should the DNS records for this zone be configured? Having tried again this morning, it looks like it should be like this - for CONTOSO.NET: http://umxm8g.blu.livefilestore.com/y1pNdbHOz_EeOuK96A8rmldmrWUew3dPymRh6OTZKq_w4DLBAFuKICBrVhkj_GRSdXU7Tv_HCNIDgZTzqUj2529AoRT1rf-IPtD/DNSLoopback-6-OK.JPG And this is what I have for CONTOSO.COM - necessary or not: http://umxm8g.blu.livefilestore.com/y1pb6AWVbkn6yoRYloaC2piR-OKL5uhaOizPKqS0QST81i030T-PPN5M148HoBd7EKsDWVrHPlpYDH03WyInVegPFhsolmCXElX/DNSLoopback-7-OK.JPG After trial and error, the above seems to work (well, mail reaches destination mailbox so what more could you ask?)

For some reason: 1) Font got small on me. 2) When I try to edit above post I get this: http://umxm8g.blu.livefilestore.com/y1pggpsfL9wplzvyND5AEhJjUFbOfPYPc0Zq3C4PwHOl2LkJCpmwdbVx1f0GcCEhLnlhgm-AOVARVreH7AlaUsNrLLD19ipyCUY/Strange.JPG Anyway, besides the fact that my DNS seems to be working, I wanted to specify that: The CONTOSO server is a member of the contoso.com domain even though it should be able to receive mail for CONTOSO.NET. The acme.com mail server is (obviously) not a member of the contoso.com domain.

Sorry, but I'm not clicking on those links. But I think I have enough information now, more or less, to answer your question. You did leave out what version of Exchange you're running, though. Please understand that the Active Directory domain really has nothing to do with Exchange addressing or mail routing except that when you first install Exchange it defaults everything to your AD domain. It's perfectly legal and supported to have an active directory domain of contoso.com and an e-mail domain of blueyonderairlines.net. The MX record for contoso.net should point to your Exchange server just like your MX record for contoso.com does, or it should be similarly configured, and all SMTP mail routing appliances you have must be configured to properly forward contoso.net mail. The Exchange organization (what version?) needs to be configured to receive mail for that domain. In Exchange 2003, add that domain to your default recipient policy. In Exchange 2007, use New-AcceptedDomain. Optionally create a new e-mail address policy or modify an existing one if you want to automatically add contoso.net addresses to recipients. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Le Pivert" wrote in message news:58c30650-85b8-476f-9326-2cb4c0ceb6b0... Maybe if you told us what you want to achieve rather than what you've done we could give you better advice. I want to send an email to someone@contoso.net from another company: let's says acme.com. All servers (including the mail server) are members of the contoso.com domain. So, since this is strictly internal (for practice) I want to configure another zone on the DNS server of contoso.com so mail sent to someone@contoso.net will be accepted. I have created such a zone: contoso.net How should the DNS records for this zone be configured? Having tried again this morning, it looks like it should be like this - for CONTOSO.NET: http://umxm8g.blu.livefilestore.com/y1pNdbHOz_EeOuK96A8rmldmrWUew3dPymRh6OTZKq_w4DLBAFuKICBrVhkj_GRSdXU7Tv_HCNIDgZTzqUj2529AoRT1rf-IPtD/DNSLoopback-6-OK.JPG And this is what I have for CONTOSO.COM - necessary or not: http://umxm8g.blu.livefilestore.com/y1pb6AWVbkn6yoRYloaC2piR-OKL5uhaOizPKqS0QST81i030T-PPN5M148HoBd7EKsDWVrHPlpYDH03WyInVegPFhsolmCXElX/DNSLoopback-7-OK.JPG After trial and error, the above seems to work (well, mail reaches destination mailbox so what more could you ask?) Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Thanks Ed. My version is Exchange 2007 and I had proceeded as you recommend here: In Exchange 2007, use New-AcceptedDomain. Optionally create a new e-mail address policy or modify an existing one if you want to automatically add contoso.net addresses to recipients. Also, you said: Sorry, but I'm not clicking on those links. They're links to photos posted on Windows Live. I'm not sure if you don't want to click for safety or because it's a hassle? Either way, I understand. But is there a way, then, to insert photos on this forum? You can in other forums - not saying that if you can elsewhere it should automatically be like that here - it would be helpful though.