Solved

Configuring DNS and MX Records for exchange server 2003

Posted on 2006-10-27
20
385 Views
Last Modified: 2010-03-06
Let me first start off with my current configuration. I am running 2 servers. One is running Windows 2003 Standard X64 Edition. The other is running Windows 2003 Enterprise Edition. I have a Watchguard X15 Edge as my internal firewall. It is sitting in front of both servers. I also have a static IP address from my ISP. The X64 server is running as my PDC. It is running DHCP, AD, IIS, and DNS. I am running the Enterprise server as my backup domain controller which also has echange server 2003 on it.

I have registered a domain (moermond.com) with godaddy.com.  I have changed the name servers entries from godaddy to my static WAN ip address. I have configured my Primary Domain Controller to host the moermond.com dns records, and I have made my Exchange Server to receive the forward's from the pdc.

I have opened up incoming requests for DNS, HTTP, NNTP, POP3, and SMTP on the watchguard firewall that points to the exchange box.

I am able to send email for the web client of any domain user. I cannot receive ANY email from any external source. I went to http://www.dnsreport.com/tools/dnsreport.ch?domain=moermond.com to help resolve my issue. I see that I have several failures and several warnings. The problem is I have tried everything to correct the issue to no avail.

I was hoping to receive some help on how to resolve my issues.

Thanks in advance.
0
Comment
Question by:nitrousgtstang
  • 10
  • 5
  • 2
  • +2
20 Comments
 
LVL 15

Expert Comment

by:plimpias
ID: 17824105
OK first

I have changed the name servers entries from godaddy to my static WAN ip address.

Don't host your own dns, use godaddys service, it makes it a lot easier.

Use godaddys interface and configure the following entries for dns

MX Record for mail will be

MX pointing to mail.moremond.com

Then create a A (host) record for the following

mail.moermond.com pointing to your wan ip.

ON your firewall remove DNS, NNTP.

Only thing you need for exchagne to run is SMTP.

If you are using pop3 then turn it on, otherwise turn it off for security.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17824109
I have configured my Primary Domain Controller to host the moermond.com dns records, and I have made my Exchange Server to receive the forward's from the pdc.


I would remove this also,

Exchange should be pointing to your dns for name resolution.

DNS should be pointing to your isp's dns servers as forwarders.

remove the moermond.com zone from your dns server.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17824114
This explains it a little further

http://www.dnsmadeeasy.com/s0306/res/recs.html#top
0
 
LVL 1

Expert Comment

by:Mohd-Anwaruddin
ID: 17825261
Well i guess he wants to host his own dns server.

If yes then i would suggest you to have windows server with dns services installed rather than pointing it to domain controller as it is not suggested by microsoft. Then create the forward look up zone for what ever site you are hosting and then create a MX record pointing to your internal exchange server. You can even create A record so that you can name your MX record.

The MX record should be pointed to your internal exchange server well yes the ports what you have opened are fair enough for your tasks.

I guess you have already changed the Authorative server address on Godaddy.com to your registered IP's which host the DNS and which is authorative server for your domain.

Regards

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17825359
Just in case you haven't got the message yet - hosting your own DNS is a very bad idea. It is not recommended by Microsoft and with a single IP address you cannot achieve the best practise of two DNS servers.

Furthermore your AD DNS should not be exposed to the internet in this way. That is a security risk.

Therefore I would suggest that you change your DNS servers back to GoDaddy's DNS servers, and close the DNS port on your firewall.

You will find things work much better if you follow the advice given and use your domain name registrar's DNS servers instead of trying to host your own. While I am a fan of hosting as many services yourself as possible - DNS is not one of them.

Everything else as already outlined above.

Simon.
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17825943
Here is what you should do.

1. Login to Godady.com and change your NS server back to Godady's DNS server.
2. Close the DNS port on Watchguard Firebox firewall.
3. Create both MX and A records for your exchange server with Godaddy.com
      MX 10 mail.moremond.com
      A  mail.moremond.com  public ip address.
4. Configure forwarders on your DNS server on your Windows 2003
      with ip addresses of your ISPs DNS server or your could use 4.2.2.2
5. Open Exchange System Manager and configure your Default SMTP virtual Server to use DNS to forward e-amils.

My advice, you don't want to host your own public DNS server. Don't use your internal DNS server as public DNS server. If you make your DNS server the authoritive DNS server for your domain, then every DNS server in world will protentially need to contact your server to find out the ip addresses of hosts within your domain. You do not want DNS servers all over the world to know the names and ip addresses of your desktop computers, printers, and servers.

Cheers,
NITADMIN
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17825952
Another point I should make you definately don't want other people to have access to your Domain controllers. Immediately change the NS servers back to Godaddy.com DNS server.

Cheers,
NITADMIN
0
 

Author Comment

by:nitrousgtstang
ID: 17827501
Sorry for the late response here. As soon as I posted the message I went to bed and I just now got off from working a 12 hour shift. I have read all the replies and I thank each of you. I will definetly change the NS back to godaddy and close dns on my firewall. As soon as I have accomplished this I will reply back and award the points accordingly.

Thanks Again
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17827624
NP
0
 

Author Comment

by:nitrousgtstang
ID: 17839355
I have made the changes, I am awaiting the nameservers to populate back to the default godaddy nameservers ip.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:plimpias
ID: 17839880
nice, they say 48 hours but you can usually see the change in 24. It should fully replicate in 48 though
0
 

Author Comment

by:nitrousgtstang
ID: 17871669
I have created the A and MX records on my godaddy account. Do I need to delete the entries that they had already created? Thanks for the help.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17871899
On your server yes.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17871900
Oh you mean the ones on go daddy, yes i would. if you don't need them delete them.
0
 

Author Comment

by:nitrousgtstang
ID: 17875084
I have tried all the above to no avail. Let me start the process from scratch to make sure I clarify as to what I want to accomplish.

I have started a new business as a networking/server support person. I am wanting to place one of my 2 servers in a DMZ zone. The one in the DMZ zone will have windows 2003 standard x64 edition installed along with exchange server. The second one will be on my internal LAN. I eventually want to be able to host emails for several different organizations, thus the original suggestion of hosting my own dns server. If I need another server, please inform so I can make a purchase.I know I have veered off the original topic, but this was what I was originally trying to do.

Thanks for all your continued support.

I will increase the points for step by step directions.
0
 
LVL 15

Accepted Solution

by:
plimpias earned 125 total points
ID: 17875479
Hi,

First thing, i would not place the exchange server in a DMZ. DMZ zones are made for public servers like ftp or web servers. Since exchange is going to be part of your ad, then i would put it in with your internal lan.


Second, again you don't want to host your own dns, this is not something you want to manage. As someone mention it is a security risk. Keep it simple, there are thousands of companies that have redundant dns server solutions like godaddy.

Third, Have godaddy host your dns, set the MX record and the A record point to you. The only thing you need open on your firewall is port 25. If you want to host another domain, its not a problem. You don' t need another server.

Use http://www.dnsstuff.com/ to test your settings.

Make sure you deleted the original dns zone that you created because that may be conflicting.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17875483
If it is supposed to be going to 64.202.X.X then you need to modify your firewall to port forward port 25 to your exchange. Because i can't telnet to your exchange server, take it out of the dmz.
0
 

Author Comment

by:nitrousgtstang
ID: 17886509
OK, I have made several changes, with the most changes being with godaddy. I used www.dnsreports.com and www.dnsstuff.com. I only am showing 1 failure. That is an MX error. It is pointing to my WAN address and it does not like that.

Here is what I have fordns records on my exchange server:

A-mail.moermond.com-66.161.246.138
MX-ns1.moermond.com
A-ns1.moermond.com-LAN IP
NS-ns1.moermond.com
A-LAN IP

On Godaddy I have the following records:

A-Records

A-mail.moermond.com points to 66.161.246.138
A-moermond.com points to 66.161.246.138

CNAMES

email points to email.moermond.com
www points to moermond.com

MX

10
Host=@
points to 6.161.246.138

Should this setup be working?

My server is now sitting in my LAN. You can not telnet to my server because that service is not allowed through my firewall. The only thing I have opened on my firewall is SMTP and it is pointing to my exchange box.

Thanks again
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17888395
An MX record cannot be an IP address.
Remove that and replace it with mail.moermond.com

Simon.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 17890193
please look at the examples on

http://www.dnsmadeeasy.com/s0306/res/recs.html

MX should be pointing to mail.moermond.com
and a record (mail.moeromond.com) should be pointing to your ip.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now