We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Configuring DNS and MX Records for exchange server 2003

Medium Priority
Last Modified: 2010-03-06
Let me first start off with my current configuration. I am running 2 servers. One is running Windows 2003 Standard X64 Edition. The other is running Windows 2003 Enterprise Edition. I have a Watchguard X15 Edge as my internal firewall. It is sitting in front of both servers. I also have a static IP address from my ISP. The X64 server is running as my PDC. It is running DHCP, AD, IIS, and DNS. I am running the Enterprise server as my backup domain controller which also has echange server 2003 on it.

I have registered a domain (moermond.com) with godaddy.com.  I have changed the name servers entries from godaddy to my static WAN ip address. I have configured my Primary Domain Controller to host the moermond.com dns records, and I have made my Exchange Server to receive the forward's from the pdc.

I have opened up incoming requests for DNS, HTTP, NNTP, POP3, and SMTP on the watchguard firewall that points to the exchange box.

I am able to send email for the web client of any domain user. I cannot receive ANY email from any external source. I went to http://www.dnsreport.com/tools/dnsreport.ch?domain=moermond.com to help resolve my issue. I see that I have several failures and several warnings. The problem is I have tried everything to correct the issue to no avail.

I was hoping to receive some help on how to resolve my issues.

Thanks in advance.
Watch Question

OK first

I have changed the name servers entries from godaddy to my static WAN ip address.

Don't host your own dns, use godaddys service, it makes it a lot easier.

Use godaddys interface and configure the following entries for dns

MX Record for mail will be

MX pointing to mail.moremond.com

Then create a A (host) record for the following

mail.moermond.com pointing to your wan ip.

ON your firewall remove DNS, NNTP.

Only thing you need for exchagne to run is SMTP.

If you are using pop3 then turn it on, otherwise turn it off for security.

I have configured my Primary Domain Controller to host the moermond.com dns records, and I have made my Exchange Server to receive the forward's from the pdc.

I would remove this also,

Exchange should be pointing to your dns for name resolution.

DNS should be pointing to your isp's dns servers as forwarders.

remove the moermond.com zone from your dns server.

This explains it a little further

Well i guess he wants to host his own dns server.

If yes then i would suggest you to have windows server with dns services installed rather than pointing it to domain controller as it is not suggested by microsoft. Then create the forward look up zone for what ever site you are hosting and then create a MX record pointing to your internal exchange server. You can even create A record so that you can name your MX record.

The MX record should be pointed to your internal exchange server well yes the ports what you have opened are fair enough for your tasks.

I guess you have already changed the Authorative server address on Godaddy.com to your registered IP's which host the DNS and which is authorative server for your domain.


Expert of the Year 2007
Expert of the Year 2006

Just in case you haven't got the message yet - hosting your own DNS is a very bad idea. It is not recommended by Microsoft and with a single IP address you cannot achieve the best practise of two DNS servers.

Furthermore your AD DNS should not be exposed to the internet in this way. That is a security risk.

Therefore I would suggest that you change your DNS servers back to GoDaddy's DNS servers, and close the DNS port on your firewall.

You will find things work much better if you follow the advice given and use your domain name registrar's DNS servers instead of trying to host your own. While I am a fan of hosting as many services yourself as possible - DNS is not one of them.

Everything else as already outlined above.


Here is what you should do.

1. Login to Godady.com and change your NS server back to Godady's DNS server.
2. Close the DNS port on Watchguard Firebox firewall.
3. Create both MX and A records for your exchange server with Godaddy.com
      MX 10 mail.moremond.com
      A  mail.moremond.com  public ip address.
4. Configure forwarders on your DNS server on your Windows 2003
      with ip addresses of your ISPs DNS server or your could use
5. Open Exchange System Manager and configure your Default SMTP virtual Server to use DNS to forward e-amils.

My advice, you don't want to host your own public DNS server. Don't use your internal DNS server as public DNS server. If you make your DNS server the authoritive DNS server for your domain, then every DNS server in world will protentially need to contact your server to find out the ip addresses of hosts within your domain. You do not want DNS servers all over the world to know the names and ip addresses of your desktop computers, printers, and servers.


Another point I should make you definately don't want other people to have access to your Domain controllers. Immediately change the NS servers back to Godaddy.com DNS server.



Sorry for the late response here. As soon as I posted the message I went to bed and I just now got off from working a 12 hour shift. I have read all the replies and I thank each of you. I will definetly change the NS back to godaddy and close dns on my firewall. As soon as I have accomplished this I will reply back and award the points accordingly.

Thanks Again



I have made the changes, I am awaiting the nameservers to populate back to the default godaddy nameservers ip.

nice, they say 48 hours but you can usually see the change in 24. It should fully replicate in 48 though


I have created the A and MX records on my godaddy account. Do I need to delete the entries that they had already created? Thanks for the help.

On your server yes.

Oh you mean the ones on go daddy, yes i would. if you don't need them delete them.


I have tried all the above to no avail. Let me start the process from scratch to make sure I clarify as to what I want to accomplish.

I have started a new business as a networking/server support person. I am wanting to place one of my 2 servers in a DMZ zone. The one in the DMZ zone will have windows 2003 standard x64 edition installed along with exchange server. The second one will be on my internal LAN. I eventually want to be able to host emails for several different organizations, thus the original suggestion of hosting my own dns server. If I need another server, please inform so I can make a purchase.I know I have veered off the original topic, but this was what I was originally trying to do.

Thanks for all your continued support.

I will increase the points for step by step directions.

First thing, i would not place the exchange server in a DMZ. DMZ zones are made for public servers like ftp or web servers. Since exchange is going to be part of your ad, then i would put it in with your internal lan.

Second, again you don't want to host your own dns, this is not something you want to manage. As someone mention it is a security risk. Keep it simple, there are thousands of companies that have redundant dns server solutions like godaddy.

Third, Have godaddy host your dns, set the MX record and the A record point to you. The only thing you need open on your firewall is port 25. If you want to host another domain, its not a problem. You don' t need another server.

Use http://www.dnsstuff.com/ to test your settings.

Make sure you deleted the original dns zone that you created because that may be conflicting.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

If it is supposed to be going to 64.202.X.X then you need to modify your firewall to port forward port 25 to your exchange. Because i can't telnet to your exchange server, take it out of the dmz.


OK, I have made several changes, with the most changes being with godaddy. I used www.dnsreports.com and www.dnsstuff.com. I only am showing 1 failure. That is an MX error. It is pointing to my WAN address and it does not like that.

Here is what I have fordns records on my exchange server:

A-ns1.moermond.com-LAN IP

On Godaddy I have the following records:


A-mail.moermond.com points to
A-moermond.com points to


email points to email.moermond.com
www points to moermond.com


points to

Should this setup be working?

My server is now sitting in my LAN. You can not telnet to my server because that service is not allowed through my firewall. The only thing I have opened on my firewall is SMTP and it is pointing to my exchange box.

Thanks again
Expert of the Year 2007
Expert of the Year 2006

An MX record cannot be an IP address.
Remove that and replace it with mail.moermond.com


please look at the examples on


MX should be pointing to mail.moermond.com
and a record (mail.moeromond.com) should be pointing to your ip.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.