Reverse-DNS on Exchange 2003 using multiple public IP addresses
Hi Experts,
I have a single Exchange (2003) server in my network. This sits behind a Watchguard Firebox x700 firewall running Fireware 10.0.2.
I have two DSL connections, one ADSL and one SDSL, both connected directly to the firewall.
For resilience I have a static NAT forward of all traffic on port 25 for either DSL connection to the Exchange servers internal IP address.
I have also created two DNS MX record, one for each DSL connection, and named them mail1.mydomain.com and mail2.mydomain.com.
My firewall routes all outgoing SMTP traffic down my SDSL connection. The DNS MX record associated with my SDSL public IP address has a lower cost than the one associated with my ADSL connection in order to force mail down this route if the connection is available.
The problem I'm having is, my Exchange server is announcing itself to other mail servers as mail.mydomain.com, a 'kick-back' from the days when we only had an ADSL line and therefore one DNS MX record. If the receiving mail server performs an RDNS lookup then it is coming back with a different MX record to the one my Exchange server is advertising and therefore denying the connection.
I can't think of a way my Exchange server would know which outgoing connection it was being routed down in order for it to announce the correct MX record but am positive much larger organisations must have similar resilience in place.
Can anyone shed some light on what I should be doing here?
Many thanks for all help offered
Andrew
I have a single Exchange (2003) server in my network. This sits behind a Watchguard Firebox x700 firewall running Fireware 10.0.2.
I have two DSL connections, one ADSL and one SDSL, both connected directly to the firewall.
For resilience I have a static NAT forward of all traffic on port 25 for either DSL connection to the Exchange servers internal IP address.
I have also created two DNS MX record, one for each DSL connection, and named them mail1.mydomain.com and mail2.mydomain.com.
My firewall routes all outgoing SMTP traffic down my SDSL connection. The DNS MX record associated with my SDSL public IP address has a lower cost than the one associated with my ADSL connection in order to force mail down this route if the connection is available.
The problem I'm having is, my Exchange server is announcing itself to other mail servers as mail.mydomain.com, a 'kick-back' from the days when we only had an ADSL line and therefore one DNS MX record. If the receiving mail server performs an RDNS lookup then it is coming back with a different MX record to the one my Exchange server is advertising and therefore denying the connection.
I can't think of a way my Exchange server would know which outgoing connection it was being routed down in order for it to announce the correct MX record but am positive much larger organisations must have similar resilience in place.
Can anyone shed some light on what I should be doing here?
Many thanks for all help offered
Andrew
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sure. if you have to set the default route on your mail server to the ADSL, you can also set the host name to mail1 at the same time :)
ASKER
Ok.
I've done this and will see how it copes.
Thanks for your advice Dave
Andrew
I've done this and will see how it copes.
Thanks for your advice Dave
Andrew
ASKER
thanks for the detailed reply. Given the ADSL line will only be used when the SDSL line is not available (which will hopefully be minimal) I may as well change the SDSL lines MX record back to mail.mydomain.com and set the ADSL to mail1.mydomain.com.
If we have an SDSL outage hopefully it'll be so short that any email which gets out in this period will not hit a server which does r-DNS. If it does then its probably just one of those things.
Does this sound like it might solve my problem?
Many thanks
Andrew