Solved

Proper DNS setup for Exchange 2003

Posted on 2007-11-28
12
2,624 Views
Last Modified: 2010-04-21
Ok here is the setup. I have a Windows 2003 Server (Standard Edition Service Pack 2) that I'd like to set up for external company mail. Its hosted at a dedicated hosting company on a 100mbit connection with an external IP. We have our company domain name at godaddy.com.

I've gone through a little train signal course about installing exchange (including the DNS and Active directory prereqs) but the course wanted me to name everything like companyname.local instead of company name.com. This seemed to work.. sorta but certain email providers kick back our emails when they do whatever sort of verification they do. Kicks back a message like so:

did not reach the following recipient(s):

adam@someothercompany.com on Mon, 19 Nov 2007 03:58:57 -0000
   There was a SMTP communication problem with the recipient's email
server.  Please contact your system administrator.
   <wdc211.mycompany.local #5.5.0 smtp;550-Verification failed for
<jeff@mycompany.com>>

So I want to start from scratch and do this right. Before I even bother setting up Active directory how do I properly configure DNS for companyname.com rather than companyname.local. Step by step as if I just installed a fresh copy of win2k3 would be prefered. For now Im just asking for the steps up through the DNS portion, not the active directory install or the exchange install. I know 500 points isnt enough to cover all of that.

 For those wishing to rack up a lot of points helping a single person Im going to be posting questions each step of the way till this thing is fully set up with working pop3 support and maybe even RCP over HTTPS so if your my guy to walk me through the whole thing let me know :)

BTW we will be using Exchange 2003 Enterprise and installing Exchange's Service Pack 2
0
Comment
Question by:dimorphios
  • 6
  • 5
12 Comments
 
LVL 20

Expert Comment

by:brwwiggins
ID: 20369293
typically your hosting service owns the IP block and is responsible for NS records for that IP range. You may have to ask godaddy if they can either add records pointing the IP to your hostname so that reverse lookups do not fail (which is what you are seeing above)

This is true regardless of what e-mail system you use.
0
 
LVL 3

Author Comment

by:dimorphios
ID: 20369309
don't have to ask go daddy they allow everything from total DNS control panel. Im not talking about the domain DNS setup Im talking about the DNS role I install on exchange server. Guess I should have specified that. Active directory and exchange require you have the DNS role installed. I want to know how to set that up properly.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20369347
You don't need to do any of that.  All you need to do is change the name of your Exchange email domain.  The Active Directory domain name does NOT have to be the same as the Exchange email domain name.  The ".local" setup is used often for company's that are hosting a server behind a firewall with a private DNS setup.  That ensures that the local DNS server doesn't interfere in any way with the public one that is hosting the ".com" domain.  That said, all you need to do is go into your Exchange System Manager, open up to the Recipient Policy and edit your recipient policy.  Once you get there, you'll see that there is a policy for the SMTP address space, and it probably has "@yourdomain.local" as the defined namespace.  Just edit that entry and change it to "@yourdomain.com" (i.e., whatever your public domain name is that you want to use for everyone's email address).  You'll get a prompt asking if you want all of your existing email addresses to be updated and you want to answer "yes" to that.

Once that's done, all of your outgoing email will be sent with your registered public domain name and should not be rejected any more provided that you have a public MX record pointed to your host name and public IP address for that server.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20369394
Hmmm - re-reading your posts and responses, maybe I have it backwards for you.  Perhaps what is missing is the public MX record pointing to your Exchange host machine.  That public MX record has to resolve to your public domain name - i.e., yourdomain.com - not yourdomain.local.  You need to do two things:

1.  In the properties of the SMTP virtual server in the ESM, Delivery tab, Advanced button, set the FQDN to be whatever your public email host name should be - i.e., mymxserver.mydomain.com.  This will make your server advertise itself with the correct domain name.

2.  At your ISP, make sure they have a host record for that server name pointing to your public IP address, and make sure that they also have an MX record pointing to that host name.  It's also good, although not ABSOLUTELY required, for you to have a PTR record and an SPF record on that public DNS server.

NOW, IF the server your working on is going to be your public DNS server, then that's another story. But I don't think that's what you're talking about.
0
 
LVL 3

Author Comment

by:dimorphios
ID: 20369404
unfortunately we had already done that. If you look closer at the error message its saying that the email is coming from jeff@mycompany.com but is getting fowled up when thier server tries to verify where its coming from and my server identifies itself as mycompanyname.local. As I said Most of the places we send email dont seem to do this check. I imagine its some sort of security feature to make sure that the email is coming from where it says its coming from and isnt being spoofed. Either way... i'd like my active directory domain to be my actual .com domain name... anyone know the proper way to go about doing that?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20369422
Look at my second post, which describes how you can do that without having to change AD.  In order to change your AD domain, you'd basically have to wipe and completely reinstall Windows and Exchange.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 3

Author Comment

by:dimorphios
ID: 20369479
hypercat: looking at your ammended response I like that.. that looks sexy :). Unfortunately I really did set up the server to start from scratch so In addition to that how would you recommend the configure for DNS before I install active directory. Even if its .local since you seemed to have covered that problem.
0
 
LVL 3

Author Comment

by:dimorphios
ID: 20369497
and to clarify my server does not need to be my public DNS and I do have SPF record :)
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 20369552
You can't configure DNS before active directory; AD has to exist somewhere on the domain in order for DNS to function.  The order of events in the process of creating a domain is:

1.  Install Windows 2003 Server.
2.  Run dcpromo to create the domain, which creates AD and also configures DNS with the correct zone info and records for the domain.

When you run dcpromo, of course, you have to specify your domain name at that time. This domain name then gets used for the AD and DNS configuration.  Later, when you install Exchange, you can either use the same domain name (which is what happens by default when you install Exchange), or you can install Exchange and then change the recipient policy to use a different public domain name.

Is that what you're asking?  
0
 
LVL 3

Author Comment

by:dimorphios
ID: 20369571
ok so let AD handle the DNS role setup rather than doing it manually before hand correct? Btw looks like you are my guy if you want to follow around the rest of the string of questions going through this setup you stand to make quite a few points. Here's your first 500. Let me know if you are game to make points each step of the way :)
0
 
LVL 3

Author Closing Comment

by:dimorphios
ID: 31411538
YAY!
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20373936
Thanks for the points!  I'm always game for points if I have the time to answer the questions. Unfortunately I do have a regular job ;-)  I'll try to catch as many of your questions and help as much as I can.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now