Solved

Setting Exchange External DNS

Posted on 2014-02-13
6
314 Views
Last Modified: 2014-02-19
Hi,

I've been given an Exchange 2013 server to use in a separate forest, but on the same IP network as another forest.  On my forest I have Exchange 2013 with a DC/DNS installed on it.

Exchange itself works fine, but I'm trying to set it up to use external DNS in the forwards on the WAN interface, but when I changed it, all of my inbound e-mail stopped.  The queue viewer showed the following error: #554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain ##

I've attached screenshots of my current settings.  The forward screenshot points to a server in the other forest.  What can I change up to get external dns going?
localdns.PNG
dnsforwarder.PNG
dnsexchange.PNG
0
Comment
Question by:ts11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39857596
WAN interface? Are you dual homing Exchange? If so, that isn't a supported configuration.
Exchange should have a single network interface and anything that needs to connect to a WAN should be done with a router. Windows is a very poor router and should not be used for that task. That is probably the root of the problems.
DNS Forwarding to another server shouldn't be a problem, it is almost certainly routing that is the issue.

Simon.
0
 

Author Comment

by:ts11
ID: 39857619
It's running on a virtual machine with 2 NICs.  One is internal, one is for the public IP.  I'm using outlook anywhere and people outside connect direct to this.

Edit: also I don't want to forwards to the other private ip as it's outside my forest.  I want this server to completely independent.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39862889
That isn't a supported configuration.
You are not supported to have Exchange in any kind of DMZ or internet zone, so you will see problems with email delivery.
You need to go back to a single NIC and have a router in front of Exchange to handle the internet connection.

Having Exchange on a domain controller is also not recommended, and should be avoided where possible. With the Windows 2012 1+2 virtualisation rights, it is very easy to avoid having a DC in place and if you went virtualised you could use a virtual router such as Monowall to be the link between Windows and the internet.

Simon.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:ts11
ID: 39863324
There is a Cisco router in front of the exchange server, all traffic passes through this to get to the exchange server.  It has the public ip for Outlook Anywhere connections.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39864075
Don't multi-home the Exchange server. Configure the Cisco router to do NAT and have the server on a single NIC. Then configure the DNS settings to use the server itself only. If you have a problem with using root hints, configure DNS forwarders on the DNS server applet on the server itself.

Simon.
0
 

Author Comment

by:ts11
ID: 39866110
ok, well the router isn't owned by me, but the people that own it told me that it isn't setup to allow public ip nat'ing to a private address.  All public IPs are assigned on an interface (i think they're using multiple secondary addresses).  So it would be a pretty big reconfiguration for the NAT'ing.  Anyway, I don't think much else can be said on this for now, so I will look to close the thread.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question