Setting Exchange External DNS

Posted on 2014-02-13
Last Modified: 2014-02-19

I've been given an Exchange 2013 server to use in a separate forest, but on the same IP network as another forest.  On my forest I have Exchange 2013 with a DC/DNS installed on it.

Exchange itself works fine, but I'm trying to set it up to use external DNS in the forwards on the WAN interface, but when I changed it, all of my inbound e-mail stopped.  The queue viewer showed the following error: #554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain ##

I've attached screenshots of my current settings.  The forward screenshot points to a server in the other forest.  What can I change up to get external dns going?
Question by:ts11
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39857596
WAN interface? Are you dual homing Exchange? If so, that isn't a supported configuration.
Exchange should have a single network interface and anything that needs to connect to a WAN should be done with a router. Windows is a very poor router and should not be used for that task. That is probably the root of the problems.
DNS Forwarding to another server shouldn't be a problem, it is almost certainly routing that is the issue.


Author Comment

ID: 39857619
It's running on a virtual machine with 2 NICs.  One is internal, one is for the public IP.  I'm using outlook anywhere and people outside connect direct to this.

Edit: also I don't want to forwards to the other private ip as it's outside my forest.  I want this server to completely independent.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39862889
That isn't a supported configuration.
You are not supported to have Exchange in any kind of DMZ or internet zone, so you will see problems with email delivery.
You need to go back to a single NIC and have a router in front of Exchange to handle the internet connection.

Having Exchange on a domain controller is also not recommended, and should be avoided where possible. With the Windows 2012 1+2 virtualisation rights, it is very easy to avoid having a DC in place and if you went virtualised you could use a virtual router such as Monowall to be the link between Windows and the internet.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 39863324
There is a Cisco router in front of the exchange server, all traffic passes through this to get to the exchange server.  It has the public ip for Outlook Anywhere connections.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 39864075
Don't multi-home the Exchange server. Configure the Cisco router to do NAT and have the server on a single NIC. Then configure the DNS settings to use the server itself only. If you have a problem with using root hints, configure DNS forwarders on the DNS server applet on the server itself.


Author Comment

ID: 39866110
ok, well the router isn't owned by me, but the people that own it told me that it isn't setup to allow public ip nat'ing to a private address.  All public IPs are assigned on an interface (i think they're using multiple secondary addresses).  So it would be a pretty big reconfiguration for the NAT'ing.  Anyway, I don't think much else can be said on this for now, so I will look to close the thread.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question