Exchange - DNS and SMTP relay agents

   I am a little lost on my conceptual understanding of what role the DNS and SMTP relay agents play in delivering the mail in exchange.  Can anybody give me an explanation perhaps with an example so even I can understand it.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
DNS resolve mapping between domain name to IP address, for example, resolve the name to

SMTP realy agent acts like a router, send the message from its client to the next step to the destination, you may check your Internet mail header to help you understant this.
jimmyrAuthor Commented:
But what is a DNS relay agent? does that not exist?
> I am a little lost on my conceptual
> understanding of what role the DNS and
> SMTP relay agents play in delivering the
> mail in exchange. Can anybody give
> me an explanation perhaps with an
> example so even I can understand it.

After you write a letter, you stuff it
into an envelope.
On the envelope, you write
and then you drop the envelope into
a Postal Service Mail Drop-Off Box,
and you've completing "relaying" your mail.
You rely on some Postal Service worker
to remove your letter from the Box,
and take it to a "processing centre",
where the routing of your message
will be determined.

An SMTP-server is the electronic-equivalent
of the worker and the processing centre.

At the processing-centre,
there are several steps.
First, a worker puts on his/her 'SMTP' hat,
and shouts "who's the top-guru
for addressing in the '.GOV' domain?".
When that top-guru answers,
the same worker asks that top-guru
"which of your assistant-gurus handles
addresses in the 'WHITEHOUSE.GOV' domain?".
When that top-guru answers the question,
then the assistant-guru is asked
"which host in your domain is designated
to receive E-mail for 'WHITEHOUSE.GOV'?".
When the answer is received,
then the assistant-guru is asked
"what's the IP-address for that host?".

Now, the worker opens a TCP/IP connection
to that IP-address, and says "hello".
When an answer ("OK") is received,
the worker says I have mail from "jimmyr".
When an answer ("OK") is received,
the worker says I have mail for 'PRESIDENT@WHITEHOUSE.GOV'.
When an answer ("OK") is received,
the worker says "here is the message",
and sends it.
When an answer ("OK") is received,
the worker says "quit".
When an answer ("OK") is received,
the worker hangs-up the connection.

This process of asking questions is the
DNS (Domain Name Server) service, i.e.,
asking for 'NS' (name-server) and 'MX'
(mail-exchanger) records.

When the IP-address is determined,
then the SMTP (Simple Mail Transport Protocol)
is used to relay the message.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

bbaoIT ConsultantCommented:
Jimmyr, if one DNS request can not be resolved at one DNS server, the server would forward the request to its upstream DNS server, util the request answered or no such domain name found. Such a server is a DNS relay agent.

Otta, you are good at to explain concepts from a basic step. :-))
jimmyrAuthor Commented:
I truly enjoyed your answer so I happily gave you all the points. But I have to admit bbao was the one who answered my last question.
unfortunately, BBAO's answer is not correct.

If a DNS-server can give an "authoritative"
answer to a DNS-request, it gives it.
For example, if your computer is a member
of the '' domain, and you ask
the DNS-server in that domain for the IP-address of another host in that domain,
then it gives the answer, and no other
DNS-server is consulted.

However, if you ask the DNS-server for the
IP-address of a host "outside" of the domain,
then it does not go "upstream" to find
the answer.  Instead, it goes to the "top"
of the Internet, and asks the "root" servers
for assistance, and works "downstream".

For example, if you ask for the IP-address
then the "root" servers are asked for a
"referral" to the "authoritative" servers
for the '.COM' domain.  One of those DNS-servers
is then asked for a "referral" to the
"authoritative" DNS-servers for the 'DIGITAL.COM' domain.
Then, that DNS-server is asked the "original" question.
The reply may either be the IP-address,
or the message "don't ask me, ask the
authoritative DNS-servers for the 'ALTAVISTA.DIGITAL.COM' domain".

So, it's a "downstream" approach,
not an "upstream" approach.
jimmyrAuthor Commented:
Fair enough
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.