Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FQDN and "A" Record

Posted on 2010-11-09
22
Medium Priority
?
696 Views
Last Modified: 2012-06-27
I have a Windows 2003 Exchange Server with a fully qualified domain name of ServerName.domain1.com.  We use an external company that looks after our domains and firewall services.  

Should I have an “A” record set up against the fully qualified domain name of the server?  We have an “A” record for the domain and against the OWA address of mail.domain1.com but not the FQDN of the Exchange Server.  

I’m trying to understand best practice in terms of setting up DNS entries for Exchange Servers.    
0
Comment
Question by:DHPBilcare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
22 Comments
 
LVL 7

Expert Comment

by:Anglo
ID: 34091981
You would normally only need an mx record for smtp traffic.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092013
Let's asume you have a domain called MYDOMAIN.COM

Typically, you would have the following DNS records: -

MYDOMAIN.COM - A RECORD - {IP address of your web server}
WWW.MYDOMAIN.COM - A RECORD or CNAME - {IP address of your web server or or CNAME entry for the server providiing service}
SMTP.MYDOMAIN.COM - A RECORD - {IP address of your inbound e-mail server}
MYDOMAIN.COM - MX RECORD - {MYDOMAIN.COM}
OWA.MYDOMAIN.COM - A RECORD or CNAME - {IP address of your OWA server or CNAME entry for the server providiing service}

You can also have SPF records which are sometimes required for sending/receiving e-mail.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092017
typo...

MYDOMAIN.COM - MX RECORD - {SMTP.MYDOMAIN.COM}

sorry
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 34092019
An MX record (mail.domain.com) for mail is needed.
You might want to have owa.domain.com so you can use a different IP address for the users accessing OWA and route it differently.
You DO NOT want to put the internal name of the server in a public DNS - it might change and telling the world the name of your server is not a good idea.

You will need the name of the server in the certificate for encryptign your OWA.
0
 

Author Comment

by:DHPBilcare
ID: 34092023
We have an "MX" record against the FQDN of the server.

We have a requirement to email out from a secondary domain which is hosted in a sister company of ours.  

Am I corerect in thinking that all we need to do is update the SPF record of the sister company with the FQDN of our server?  

I want to ensure that the DNS is correct.  The plan is that I add the second domain to our Exchange receipient policy and the SMTP address to the applicable user but want to double check the DNS to do this.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092034
This website will help you with understanding SPF records.

http://old.openspf.org/wizard.html

0
 

Author Comment

by:DHPBilcare
ID: 34092193
OK.

So we curently have listed with the company that provids our hosting services.

"A" of Mail
"A" of Domain.com
"MX" of ServerName.Domain.com (matching the FQDN of the Server)

To email outbound from our Exchange Server with an SMTP address hosted by our sister company, from a DNS point of view, I would only need to have their SPF record updated to include our Exchange Server?  I want to ensure I don't get spammed when running this.  

0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092209
Your last comment looks spot on - good luck :)
0
 

Author Comment

by:DHPBilcare
ID: 34092238
Just testing another point of logic.

I'm thinking that the company that provides our hosting services does not need to have any record of the sister company foreign SMTP address as the Exchange Server is in itself already known?
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092253
only if the second company is going to relay through your server.
0
 

Author Comment

by:DHPBilcare
ID: 34092293
Thanks for that.

Does any receipient mailserver check incoming email and try to match the sender SMTP address againt the Originating Exchange Server's FQDN?  

In my scenario they would be different.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092335
some receiving e-mail servers do checks.  the typical ones are: -

does the reverse DNS lookup for the IP address match the sending servers FQDN
is the sending server allowed to send for this domain

We've got SPF covered off and I'm sure that youre reverse DNS entry is correct for your live e-mail server

so...you should be good to go.
0
 

Author Comment

by:DHPBilcare
ID: 34092379
Thanks for the comments.

Last questions.

I'm assuing that if an SPF record for the secondary domain had not been created my emails could not be bounced?

The IP to FQDN check in my case would check the MX record?  As I don thave an "A" record against the FQDN of the server.
0
 
LVL 23

Accepted Solution

by:
jakethecatuk earned 2000 total points
ID: 34092395
lets asume that you have sent an e-mail to bill@yahoo.com from fred@company2.com and the sending server is smtp.company1.com.

when yahoo.com receives the message, it will check the MX record for company2.com and see that the receiving server is smtp.company2.com.  It will then look to see if the sending server is the same - if it isn't it will check the SPF record.  If smtp.company1.com doesn't exist in the SPF record, Yahoo COULD treat the message as SPAM and putting in to a junk mail folder.

0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 34092404
Hi
I agree with @jakethecatuk.
0
 

Author Comment

by:DHPBilcare
ID: 34092420
I gues what I'm asking is what if @company2.com does not yet have an SPF record?
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092425
if company2.com doesn't have an SPF record for your e-mail server and you start sending on their behalf, there is a very big risk that messages could get treated as SPAM.

are you going to be receiving mail for them as well?
0
 

Author Comment

by:DHPBilcare
ID: 34092457
No.

Basically we have a team spread over two seperate companies that is commercially going to use the same SMTP address for emails.  The new adress is registered and hosted wihin the second company.  Emails sent to my users at the new SMTP address is simply being forwarded to us at our noromal email address.  I then want to add the new SMTP address to my Exchange server so the selected users can "send as" the new identity.  

I just need to understand DNS/Spamming probelms with this proposed set up.  Company 2 does not yet have an SPF record for their domain.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092500
ah......................now I've got you.

OK then - company2's DNS records must include the IP address/hostname of your sending server in their SPF records.  If they don't - any message sent by the team members that are based at your offices will probably get treated as SPAM.

what you are doing may introduce other problems at an exchange level which will manifest themself as soon as you try it.
0
 

Author Comment

by:DHPBilcare
ID: 34092611
I will get them to set up an SPF record before we go with this.

what other problems do you see at the Exchange level?
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092636
well, setting a 'reply to' address for a domain that isn't hosted locally MAY cause Exchange to get a bit twitchy.  

It's not something I've tried to be honest with you but I seem to recall reading about someone have a problem when they tried it.  Can't recall the details though as it was back in Exchange 2000 days.  I'm not saying ou will have problems though - just making you aware that you may have problems.
0
 

Author Comment

by:DHPBilcare
ID: 34093066
I would add the Domain2 SMTP address as the primary address againt the applicable local AD accounts.  

Each user would only ever email outbound as one domain (Either 1 or 2).  It should work as long as the DNS is correct.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Learn about cloud computing and its benefits for small business owners.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question