Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting Exchange External DNS

Posted on 2014-02-13
6
Medium Priority
?
316 Views
Last Modified: 2014-02-19
Hi,

I've been given an Exchange 2013 server to use in a separate forest, but on the same IP network as another forest.  On my forest I have Exchange 2013 with a DC/DNS installed on it.

Exchange itself works fine, but I'm trying to set it up to use external DNS in the forwards on the WAN interface, but when I changed it, all of my inbound e-mail stopped.  The queue viewer showed the following error: #554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain ##

I've attached screenshots of my current settings.  The forward screenshot points to a server in the other forest.  What can I change up to get external dns going?
localdns.PNG
dnsforwarder.PNG
dnsexchange.PNG
0
Comment
Question by:ts11
  • 3
  • 3
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39857596
WAN interface? Are you dual homing Exchange? If so, that isn't a supported configuration.
Exchange should have a single network interface and anything that needs to connect to a WAN should be done with a router. Windows is a very poor router and should not be used for that task. That is probably the root of the problems.
DNS Forwarding to another server shouldn't be a problem, it is almost certainly routing that is the issue.

Simon.
0
 

Author Comment

by:ts11
ID: 39857619
It's running on a virtual machine with 2 NICs.  One is internal, one is for the public IP.  I'm using outlook anywhere and people outside connect direct to this.

Edit: also I don't want to forwards to the other private ip as it's outside my forest.  I want this server to completely independent.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39862889
That isn't a supported configuration.
You are not supported to have Exchange in any kind of DMZ or internet zone, so you will see problems with email delivery.
You need to go back to a single NIC and have a router in front of Exchange to handle the internet connection.

Having Exchange on a domain controller is also not recommended, and should be avoided where possible. With the Windows 2012 1+2 virtualisation rights, it is very easy to avoid having a DC in place and if you went virtualised you could use a virtual router such as Monowall to be the link between Windows and the internet.

Simon.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:ts11
ID: 39863324
There is a Cisco router in front of the exchange server, all traffic passes through this to get to the exchange server.  It has the public ip for Outlook Anywhere connections.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39864075
Don't multi-home the Exchange server. Configure the Cisco router to do NAT and have the server on a single NIC. Then configure the DNS settings to use the server itself only. If you have a problem with using root hints, configure DNS forwarders on the DNS server applet on the server itself.

Simon.
0
 

Author Comment

by:ts11
ID: 39866110
ok, well the router isn't owned by me, but the people that own it told me that it isn't setup to allow public ip nat'ing to a private address.  All public IPs are assigned on an interface (i think they're using multiple secondary addresses).  So it would be a pretty big reconfiguration for the NAT'ing.  Anyway, I don't think much else can be said on this for now, so I will look to close the thread.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question