Mail Flow issues During Migration

Published on
8,429 Points
Last Modified:
I came across this issue when setting up a two way forest level trust. so here's the scenario:

A company wildcards acquired another company, bizworks ( both Fictitious).

Wild cards: windows 2003 Domain & forest functional levels - Ad domain name:Wildcards.com
Exchange server 2007 - Mail domain: wildcards.com

Bizworks:  windows 2000 domain & forest functional levels AD domain:bizworks.local
Linux based Mail server - Mail domain: Bizworks.com

Both have Mx records on service providers DNS. both domains connected over VPN/ MPLS/ PTP or any other form.

Since one of the domains was a windows 2000 we decided to create a two way forest trust and for DNS resolution we created secondary zones, altough with 2003 we could have used conditional forwarders. when this happened. All the emails from Bizworks to wildcards started getting queued up.

The reason we found was:since Bizworks has the same AD and Mail domains. and since we had enabled secondary zones and enabled zone transfers the secondary zone for wildcards.com on the Bizworks DNS was acting as an authoritative zone and none of the queries were going to the external Mx. Now Exchange does not need an Mx on the internal DNS for its own domain, it relies on Host records and Active directory.

since we cannot create records on the secondary zones, we created an Mx records on the Primary. now this gets interesting, we pointed this Mx to the public IP. If we create Mx pointing to internal IP of the exchange server, it would definitely worked.

Reasons for not doing the above are, if the connectivity between these two domains is broken the mail will be delivered using the internet. Does Exchange use the Public MX records on internal DNS. We found it did not, else there was a possibility that the internal mails would be routed through the internet.
  • 2
LVL 13

Author Comment

by:Kini pradeep
That would be true, I wonder how that could be addressed using a Linux based messaging server.
understand that only wildcards has this issue as its AD and mail domain names are same, where as the bizworks domain does not have this issue as its mail/ AD domain names are different.

further more if we setup and smtp connector in the Linux messaging server to an internal Ip of Exchange server, it would start using the VPN / point to point connectivity which means that if the tunnel gets busted the mail from bizworks.com to wildcards.com would be affected.

let me know your thoughts on this.

Expert Comment

by:Dhaval Pandya
As i can understand is you want to make dual entry pointing to same server through different IP's for the link fail over.

In such case i guess you have to set 2 mx records with different priorities. i.e. direct connectivity IP you can set high priorities and for internet link IP you can set very low priorities.

I hoping this will help.
LVL 13

Author Comment

by:Kini pradeep
That would be a good strategy if you have multiple IP (public) what happens if your DNS server does not query the public DNS at all as it finds an authoritative zone on the Internal DNS server ?

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Join & Write a Comment

Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month