Split DNS Question?
Hi everyone,
I apologize in advance for the stupid question....BUT....
Having an issue with our configuration in our production Exchange enviroment which was setup before I joined the company. Currently, we utilize two Edge/TMG servers sitting behind an NLB and firewall with two CAS/HUB servers and then three Mail servers
behind that.
Our problem is our internal domain is abc.com but we use xyz.com for email because we are not authoritative on abc.com. We are having issues with DNS since our domain is abc.com but the email addresses are @xyz.com. So, to the outside would it appears as
though we are spoofing abc.com even though we are only using xyz.com...this has caused us to be blacklisted a few times.
I went to my Hub servers and looked at my send connectors and none of them have anything entered in the field "Specify the FQDN this connector will provide...". Is this where my problem is coming from since a FQDN isnt specified its defaulting to the Hub
transports actual name (which is non authoritative domain to the outside world?
Also - my recieve connectos are listed as follows:
Client - exch1.abc.com
Default - exch1.abc.com
Relay - exch1.abc.com
Same applies for my second Hub server....should all of these be actually set to the authoritative domain (xyz.com) or am I missing something here?
August 13th, 2011 8:22am
What issue have you had and what where the reason too? ie. did you get NDR;s? I fyes what were they?
For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.
Sukh
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2011 9:51am
What issue have you had and what where the reason too? ie. did you get NDR;s? I fyes what were they?
For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.
Sukh
To be honest, I'm not sure exactly what happened because the previous Exchange Admin left unexpectedly.
All I was told is we were blacklisted by several customer email servers and sometimes we recieved NDR's and sometimes we didnt.
Currently, both the internal and external domains are both set to authoritative in Exchange under Accepted Domains. Should the internal be changed to "Internal Relay Domain" only? Will this effect any current things or going forward?
August 13th, 2011 10:51am
What issue have you had and what where the reason too? ie. did you get NDR;s? I fyes what were they?
For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.
Sukh
To be honest, I'm not sure exactly what happened because the previous Exchange Admin left unexpectedly.
All I was told is we were blacklisted by several customer email servers and sometimes we recieved NDR's and sometimes we didnt.
Currently, both the internal and external domains are both set to authoritative in Exchange under Accepted Domains. Should the internal be changed to "Internal Relay Domain" only? Will this effect any current things or going forward?
1. No need to change the internal domain as a relay domain. I would do what I mentioned in point 2 on my post.
2. Also make sure your PTR records are up to date.Sukh
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2011 10:55am
What issue have you had and what where the reason too? ie. did you get NDR;s? I fyes what were they?
For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.
Sukh
To be honest, I'm not sure exactly what happened because the previous Exchange Admin left unexpectedly.
All I was told is we were blacklisted by several customer email servers and sometimes we recieved NDR's and sometimes we didnt.
Currently, both the internal and external domains are both set to authoritative in Exchange under Accepted Domains. Should the internal be changed to "Internal Relay Domain" only? Will this effect any current things or going forward?
1. No need to change the internal domain as a relay domain. I would do what I mentioned in point 2 on my post.
2. Also make sure your PTR records are up to date.
Sukh
Yes, all PTR records are matched and up-to-date on our DNS server.
I guess I'm not sure I follow what your siggesting: under Accepted Domains in Exchange, both abc.com and xyz.com are listed as Authoritative. You stated: "For you acccepted domain I would make your xyx to be authorative and not your internal domain.
I suspect this is the most likely the cause without knowing the issue in detail as in point 1."
But then what do I do with the internal domain thats listed as authoritative? Remove it?
Sorry if I'm missing the simply point here...
August 13th, 2011 11:05am
Sorry my mistake, was thinking it about not writing it! What I was suggesting was to make the xyx to be the default. Is it the default?
Sukh
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2011 11:16am
Sorry my mistake, was thinking it about not writing it! What I was suggesting was to make the xyx to be the default. Is it the default?
Sukh
Ah ok. Yes, the xyz.com external domain is already set as the default.
August 13th, 2011 11:18am
Then it's kind of hard to know what's going n and why it was rejected? The NDR would have helped and if you had any logging enabled? Not sure if you have an old NDR somewhere or logs backed up that you can restore to get the info.
Or you may decide to wait until the next occurence so we can troubleshoot further with more details.
That's all I can offer for now, but there may be others who might pick up this post.
Also, make sure your have setup SPF records for you domain too. Sukh
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2011 11:22am
Then it's kind of hard to know what's going n and why it was rejected? The NDR would have helped and if you had any logging enabled? Not sure if you have an old NDR somewhere or logs backed up that you can restore to get the info.
Or you may decide to wait until the next occurence so we can troubleshoot further with more details.
That's all I can offer for now, but there may be others who might pick up this post.
Also, make sure your have setup SPF records for you domain too.
Sukh
Well I have logs...I just don't know when the event occurred so that doesn't help much. I'm trying to find someone who recieved an NDR but I'm not hopeful.
Thanks for your help!
August 13th, 2011 11:38am
Hi,
You mentioned that your exchange is blocked because the outside mail server thought you are spoofing abc.com, have you confirmed this with the administrators of the
outside mail servers?
The two Authoritative domains should not be the cause. Please specify your external FQDN for the internet send connector:
1. Open EMC, expand to Organization Configuration, in send connector tab, right click your internet send connector and choose properties.
2. In ""Specify the FQDN this connector will provide", type in the external FQND name such outgoing.xyz.com which your specified in the SFP record.
Gen Lin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2011 6:20am