Solved

FQDN and "A" Record

Posted on 2010-11-09
22
679 Views
Last Modified: 2012-06-27
I have a Windows 2003 Exchange Server with a fully qualified domain name of ServerName.domain1.com.  We use an external company that looks after our domains and firewall services.  

Should I have an “A” record set up against the fully qualified domain name of the server?  We have an “A” record for the domain and against the OWA address of mail.domain1.com but not the FQDN of the Exchange Server.  

I’m trying to understand best practice in terms of setting up DNS entries for Exchange Servers.    
0
Comment
Question by:DHPBilcare
22 Comments
 
LVL 7

Expert Comment

by:Anglo
ID: 34091981
You would normally only need an mx record for smtp traffic.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092013
Let's asume you have a domain called MYDOMAIN.COM

Typically, you would have the following DNS records: -

MYDOMAIN.COM - A RECORD - {IP address of your web server}
WWW.MYDOMAIN.COM - A RECORD or CNAME - {IP address of your web server or or CNAME entry for the server providiing service}
SMTP.MYDOMAIN.COM - A RECORD - {IP address of your inbound e-mail server}
MYDOMAIN.COM - MX RECORD - {MYDOMAIN.COM}
OWA.MYDOMAIN.COM - A RECORD or CNAME - {IP address of your OWA server or CNAME entry for the server providiing service}

You can also have SPF records which are sometimes required for sending/receiving e-mail.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092017
typo...

MYDOMAIN.COM - MX RECORD - {SMTP.MYDOMAIN.COM}

sorry
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 34092019
An MX record (mail.domain.com) for mail is needed.
You might want to have owa.domain.com so you can use a different IP address for the users accessing OWA and route it differently.
You DO NOT want to put the internal name of the server in a public DNS - it might change and telling the world the name of your server is not a good idea.

You will need the name of the server in the certificate for encryptign your OWA.
0
 

Author Comment

by:DHPBilcare
ID: 34092023
We have an "MX" record against the FQDN of the server.

We have a requirement to email out from a secondary domain which is hosted in a sister company of ours.  

Am I corerect in thinking that all we need to do is update the SPF record of the sister company with the FQDN of our server?  

I want to ensure that the DNS is correct.  The plan is that I add the second domain to our Exchange receipient policy and the SMTP address to the applicable user but want to double check the DNS to do this.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092034
This website will help you with understanding SPF records.

http://old.openspf.org/wizard.html

0
 

Author Comment

by:DHPBilcare
ID: 34092193
OK.

So we curently have listed with the company that provids our hosting services.

"A" of Mail
"A" of Domain.com
"MX" of ServerName.Domain.com (matching the FQDN of the Server)

To email outbound from our Exchange Server with an SMTP address hosted by our sister company, from a DNS point of view, I would only need to have their SPF record updated to include our Exchange Server?  I want to ensure I don't get spammed when running this.  

0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092209
Your last comment looks spot on - good luck :)
0
 

Author Comment

by:DHPBilcare
ID: 34092238
Just testing another point of logic.

I'm thinking that the company that provides our hosting services does not need to have any record of the sister company foreign SMTP address as the Exchange Server is in itself already known?
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092253
only if the second company is going to relay through your server.
0
 

Author Comment

by:DHPBilcare
ID: 34092293
Thanks for that.

Does any receipient mailserver check incoming email and try to match the sender SMTP address againt the Originating Exchange Server's FQDN?  

In my scenario they would be different.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092335
some receiving e-mail servers do checks.  the typical ones are: -

does the reverse DNS lookup for the IP address match the sending servers FQDN
is the sending server allowed to send for this domain

We've got SPF covered off and I'm sure that youre reverse DNS entry is correct for your live e-mail server

so...you should be good to go.
0
 

Author Comment

by:DHPBilcare
ID: 34092379
Thanks for the comments.

Last questions.

I'm assuing that if an SPF record for the secondary domain had not been created my emails could not be bounced?

The IP to FQDN check in my case would check the MX record?  As I don thave an "A" record against the FQDN of the server.
0
 
LVL 23

Accepted Solution

by:
jakethecatuk earned 500 total points
ID: 34092395
lets asume that you have sent an e-mail to bill@yahoo.com from fred@company2.com and the sending server is smtp.company1.com.

when yahoo.com receives the message, it will check the MX record for company2.com and see that the receiving server is smtp.company2.com.  It will then look to see if the sending server is the same - if it isn't it will check the SPF record.  If smtp.company1.com doesn't exist in the SPF record, Yahoo COULD treat the message as SPAM and putting in to a junk mail folder.

0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 34092404
Hi
I agree with @jakethecatuk.
0
 

Author Comment

by:DHPBilcare
ID: 34092420
I gues what I'm asking is what if @company2.com does not yet have an SPF record?
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092425
if company2.com doesn't have an SPF record for your e-mail server and you start sending on their behalf, there is a very big risk that messages could get treated as SPAM.

are you going to be receiving mail for them as well?
0
 

Author Comment

by:DHPBilcare
ID: 34092457
No.

Basically we have a team spread over two seperate companies that is commercially going to use the same SMTP address for emails.  The new adress is registered and hosted wihin the second company.  Emails sent to my users at the new SMTP address is simply being forwarded to us at our noromal email address.  I then want to add the new SMTP address to my Exchange server so the selected users can "send as" the new identity.  

I just need to understand DNS/Spamming probelms with this proposed set up.  Company 2 does not yet have an SPF record for their domain.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092500
ah......................now I've got you.

OK then - company2's DNS records must include the IP address/hostname of your sending server in their SPF records.  If they don't - any message sent by the team members that are based at your offices will probably get treated as SPAM.

what you are doing may introduce other problems at an exchange level which will manifest themself as soon as you try it.
0
 

Author Comment

by:DHPBilcare
ID: 34092611
I will get them to set up an SPF record before we go with this.

what other problems do you see at the Exchange level?
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34092636
well, setting a 'reply to' address for a domain that isn't hosted locally MAY cause Exchange to get a bit twitchy.  

It's not something I've tried to be honest with you but I seem to recall reading about someone have a problem when they tried it.  Can't recall the details though as it was back in Exchange 2000 days.  I'm not saying ou will have problems though - just making you aware that you may have problems.
0
 

Author Comment

by:DHPBilcare
ID: 34093066
I would add the Domain2 SMTP address as the primary address againt the applicable local AD accounts.  

Each user would only ever email outbound as one domain (Either 1 or 2).  It should work as long as the DNS is correct.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now