Solved

Configuring DNS and MX Records for exchange server 2003

Posted on 2006-10-27
20
383 Views
Last Modified: 2010-03-06
Let me first start off with my current configuration. I am running 2 servers. One is running Windows 2003 Standard X64 Edition. The other is running Windows 2003 Enterprise Edition. I have a Watchguard X15 Edge as my internal firewall. It is sitting in front of both servers. I also have a static IP address from my ISP. The X64 server is running as my PDC. It is running DHCP, AD, IIS, and DNS. I am running the Enterprise server as my backup domain controller which also has echange server 2003 on it.

I have registered a domain (moermond.com) with godaddy.com.  I have changed the name servers entries from godaddy to my static WAN ip address. I have configured my Primary Domain Controller to host the moermond.com dns records, and I have made my Exchange Server to receive the forward's from the pdc.

I have opened up incoming requests for DNS, HTTP, NNTP, POP3, and SMTP on the watchguard firewall that points to the exchange box.

I am able to send email for the web client of any domain user. I cannot receive ANY email from any external source. I went to http://www.dnsreport.com/tools/dnsreport.ch?domain=moermond.com to help resolve my issue. I see that I have several failures and several warnings. The problem is I have tried everything to correct the issue to no avail.

I was hoping to receive some help on how to resolve my issues.

Thanks in advance.
0
Comment
Question by:nitrousgtstang
  • 10
  • 5
  • 2
  • +2
20 Comments
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
OK first

I have changed the name servers entries from godaddy to my static WAN ip address.

Don't host your own dns, use godaddys service, it makes it a lot easier.

Use godaddys interface and configure the following entries for dns

MX Record for mail will be

MX pointing to mail.moremond.com

Then create a A (host) record for the following

mail.moermond.com pointing to your wan ip.

ON your firewall remove DNS, NNTP.

Only thing you need for exchagne to run is SMTP.

If you are using pop3 then turn it on, otherwise turn it off for security.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
I have configured my Primary Domain Controller to host the moermond.com dns records, and I have made my Exchange Server to receive the forward's from the pdc.


I would remove this also,

Exchange should be pointing to your dns for name resolution.

DNS should be pointing to your isp's dns servers as forwarders.

remove the moermond.com zone from your dns server.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
This explains it a little further

http://www.dnsmadeeasy.com/s0306/res/recs.html#top
0
 
LVL 1

Expert Comment

by:Mohd-Anwaruddin
Comment Utility
Well i guess he wants to host his own dns server.

If yes then i would suggest you to have windows server with dns services installed rather than pointing it to domain controller as it is not suggested by microsoft. Then create the forward look up zone for what ever site you are hosting and then create a MX record pointing to your internal exchange server. You can even create A record so that you can name your MX record.

The MX record should be pointed to your internal exchange server well yes the ports what you have opened are fair enough for your tasks.

I guess you have already changed the Authorative server address on Godaddy.com to your registered IP's which host the DNS and which is authorative server for your domain.

Regards

0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Just in case you haven't got the message yet - hosting your own DNS is a very bad idea. It is not recommended by Microsoft and with a single IP address you cannot achieve the best practise of two DNS servers.

Furthermore your AD DNS should not be exposed to the internet in this way. That is a security risk.

Therefore I would suggest that you change your DNS servers back to GoDaddy's DNS servers, and close the DNS port on your firewall.

You will find things work much better if you follow the advice given and use your domain name registrar's DNS servers instead of trying to host your own. While I am a fan of hosting as many services yourself as possible - DNS is not one of them.

Everything else as already outlined above.

Simon.
0
 
LVL 8

Expert Comment

by:nitadmin
Comment Utility
Here is what you should do.

1. Login to Godady.com and change your NS server back to Godady's DNS server.
2. Close the DNS port on Watchguard Firebox firewall.
3. Create both MX and A records for your exchange server with Godaddy.com
      MX 10 mail.moremond.com
      A  mail.moremond.com  public ip address.
4. Configure forwarders on your DNS server on your Windows 2003
      with ip addresses of your ISPs DNS server or your could use 4.2.2.2
5. Open Exchange System Manager and configure your Default SMTP virtual Server to use DNS to forward e-amils.

My advice, you don't want to host your own public DNS server. Don't use your internal DNS server as public DNS server. If you make your DNS server the authoritive DNS server for your domain, then every DNS server in world will protentially need to contact your server to find out the ip addresses of hosts within your domain. You do not want DNS servers all over the world to know the names and ip addresses of your desktop computers, printers, and servers.

Cheers,
NITADMIN
0
 
LVL 8

Expert Comment

by:nitadmin
Comment Utility
Another point I should make you definately don't want other people to have access to your Domain controllers. Immediately change the NS servers back to Godaddy.com DNS server.

Cheers,
NITADMIN
0
 

Author Comment

by:nitrousgtstang
Comment Utility
Sorry for the late response here. As soon as I posted the message I went to bed and I just now got off from working a 12 hour shift. I have read all the replies and I thank each of you. I will definetly change the NS back to godaddy and close dns on my firewall. As soon as I have accomplished this I will reply back and award the points accordingly.

Thanks Again
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
NP
0
 

Author Comment

by:nitrousgtstang
Comment Utility
I have made the changes, I am awaiting the nameservers to populate back to the default godaddy nameservers ip.
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 15

Expert Comment

by:plimpias
Comment Utility
nice, they say 48 hours but you can usually see the change in 24. It should fully replicate in 48 though
0
 

Author Comment

by:nitrousgtstang
Comment Utility
I have created the A and MX records on my godaddy account. Do I need to delete the entries that they had already created? Thanks for the help.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
On your server yes.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
Oh you mean the ones on go daddy, yes i would. if you don't need them delete them.
0
 

Author Comment

by:nitrousgtstang
Comment Utility
I have tried all the above to no avail. Let me start the process from scratch to make sure I clarify as to what I want to accomplish.

I have started a new business as a networking/server support person. I am wanting to place one of my 2 servers in a DMZ zone. The one in the DMZ zone will have windows 2003 standard x64 edition installed along with exchange server. The second one will be on my internal LAN. I eventually want to be able to host emails for several different organizations, thus the original suggestion of hosting my own dns server. If I need another server, please inform so I can make a purchase.I know I have veered off the original topic, but this was what I was originally trying to do.

Thanks for all your continued support.

I will increase the points for step by step directions.
0
 
LVL 15

Accepted Solution

by:
plimpias earned 125 total points
Comment Utility
Hi,

First thing, i would not place the exchange server in a DMZ. DMZ zones are made for public servers like ftp or web servers. Since exchange is going to be part of your ad, then i would put it in with your internal lan.


Second, again you don't want to host your own dns, this is not something you want to manage. As someone mention it is a security risk. Keep it simple, there are thousands of companies that have redundant dns server solutions like godaddy.

Third, Have godaddy host your dns, set the MX record and the A record point to you. The only thing you need open on your firewall is port 25. If you want to host another domain, its not a problem. You don' t need another server.

Use http://www.dnsstuff.com/ to test your settings.

Make sure you deleted the original dns zone that you created because that may be conflicting.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
If it is supposed to be going to 64.202.X.X then you need to modify your firewall to port forward port 25 to your exchange. Because i can't telnet to your exchange server, take it out of the dmz.
0
 

Author Comment

by:nitrousgtstang
Comment Utility
OK, I have made several changes, with the most changes being with godaddy. I used www.dnsreports.com and www.dnsstuff.com. I only am showing 1 failure. That is an MX error. It is pointing to my WAN address and it does not like that.

Here is what I have fordns records on my exchange server:

A-mail.moermond.com-66.161.246.138
MX-ns1.moermond.com
A-ns1.moermond.com-LAN IP
NS-ns1.moermond.com
A-LAN IP

On Godaddy I have the following records:

A-Records

A-mail.moermond.com points to 66.161.246.138
A-moermond.com points to 66.161.246.138

CNAMES

email points to email.moermond.com
www points to moermond.com

MX

10
Host=@
points to 6.161.246.138

Should this setup be working?

My server is now sitting in my LAN. You can not telnet to my server because that service is not allowed through my firewall. The only thing I have opened on my firewall is SMTP and it is pointing to my exchange box.

Thanks again
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
An MX record cannot be an IP address.
Remove that and replace it with mail.moermond.com

Simon.
0
 
LVL 15

Expert Comment

by:plimpias
Comment Utility
please look at the examples on

http://www.dnsmadeeasy.com/s0306/res/recs.html

MX should be pointing to mail.moermond.com
and a record (mail.moeromond.com) should be pointing to your ip.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now