Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

Setting Exchange External DNS

Hi,

I've been given an Exchange 2013 server to use in a separate forest, but on the same IP network as another forest.  On my forest I have Exchange 2013 with a DC/DNS installed on it.

Exchange itself works fine, but I'm trying to set it up to use external DNS in the forwards on the WAN interface, but when I changed it, all of my inbound e-mail stopped.  The queue viewer showed the following error: #554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain ##

I've attached screenshots of my current settings.  The forward screenshot points to a server in the other forest.  What can I change up to get external dns going?
localdns.PNG
dnsforwarder.PNG
dnsexchange.PNG
0
ts11
Asked:
ts11
  • 3
  • 3
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
WAN interface? Are you dual homing Exchange? If so, that isn't a supported configuration.
Exchange should have a single network interface and anything that needs to connect to a WAN should be done with a router. Windows is a very poor router and should not be used for that task. That is probably the root of the problems.
DNS Forwarding to another server shouldn't be a problem, it is almost certainly routing that is the issue.

Simon.
0
 
ts11Author Commented:
It's running on a virtual machine with 2 NICs.  One is internal, one is for the public IP.  I'm using outlook anywhere and people outside connect direct to this.

Edit: also I don't want to forwards to the other private ip as it's outside my forest.  I want this server to completely independent.
0
 
Simon Butler (Sembee)ConsultantCommented:
That isn't a supported configuration.
You are not supported to have Exchange in any kind of DMZ or internet zone, so you will see problems with email delivery.
You need to go back to a single NIC and have a router in front of Exchange to handle the internet connection.

Having Exchange on a domain controller is also not recommended, and should be avoided where possible. With the Windows 2012 1+2 virtualisation rights, it is very easy to avoid having a DC in place and if you went virtualised you could use a virtual router such as Monowall to be the link between Windows and the internet.

Simon.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ts11Author Commented:
There is a Cisco router in front of the exchange server, all traffic passes through this to get to the exchange server.  It has the public ip for Outlook Anywhere connections.
0
 
Simon Butler (Sembee)ConsultantCommented:
Don't multi-home the Exchange server. Configure the Cisco router to do NAT and have the server on a single NIC. Then configure the DNS settings to use the server itself only. If you have a problem with using root hints, configure DNS forwarders on the DNS server applet on the server itself.

Simon.
0
 
ts11Author Commented:
ok, well the router isn't owned by me, but the people that own it told me that it isn't setup to allow public ip nat'ing to a private address.  All public IPs are assigned on an interface (i think they're using multiple secondary addresses).  So it would be a pretty big reconfiguration for the NAT'ing.  Anyway, I don't think much else can be said on this for now, so I will look to close the thread.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now