Re: Internal/External DNS

In news:13B11A0B-1992-4B60-A9D0-9743ABF71D5A@xxxxxxxxxxxxx,
Milton F. Lopez <MiltonFLopez@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
(I posted this separately and later found this. Sorry for the
duplication but this looks like the only related thread).

We have two Windows 2003 (SP2) domain controllers on our private LAN,
wihch is NAT'ed behind a firewall. DNS on these servers is configured
to forward to a third DNS server on our DMZ, which resolves public
names for our domain. We use
this "split DNS" so that an Exchange server on the LAN has both a
public and a private IP address. The firewall takes care if the
necessary SMTP
routing, and this works just fine.

Under this conditions I expect systems on the private LAN to get
the Exchange server's private IP address from the domain controllers
when they issue a DNS query. This is indeed what happens when I test
them using nslookup.

We recently placed a new Sophos ES1000 email appliance on the LAN as a
smarthost for Exchange. The appliance is set to use the two domain
controllers as primary and secondary DNS servers. When receiving
messages from Exchange, the appliance (which uses Postfix) looks up
the IP address for the server name in the HELO command, and checks to
see if it matches the connection. Most of the time it does, i.e. the
appliance get the private IP address for the Exchange server from
DNS, and accepts the messages.

The problem is that once in a while the appliance seems to get the
public IP address of the Exchange server and refuses to relay as it
should. This, of course, creates problems with our email routing.

Sophos tells me the problem is with the DNS servers and therefore
cannot help us with this.

Could something be causing the Windows DNS service to forward the
query for the Exchange server's IP address, rather than getting it
from its own zone for some reason, and thereby returning the Exchange
server's public IP address? If so, how could I prevent this?

Thanks in advance.

DNS will NOT forward queries for zones it hosts. DNS will answer for any
zones it hosts, and if there is no match for a host query under the zone, it
simply returns a NULL and will NOT forward on.

Is the external DNS server's IP listed under the Nameservers tab under the
zone's properties on the internal DNS servers?

How did you configure the Forwarder? Is it a Conditional Forwarder or to
'All Other Domains?'


Ace




.

Relevant Pages

  • Re: Exchange 2003 installation
    ... Configured on the NIC of the server. ... "Meinolf Weber" wrote: ... Is the ISP's DNS ... Old exchange removed - I don't know the ...
    (microsoft.public.win2000.active_directory)
  • RE: Exchange Fails to start after a reboot.
    ... this problem appears to be caused by DNS ... please try the steps below on Exchange server. ... Microsoft Online Partner Support ...
    (microsoft.public.exchange.admin)
  • Exchange 2003 SP2 - able to send but not receive email
    ... OWA already setup and running - My whole goal is to setup this server to ... DNS has example.org setup in Forward lookup zone along with MX record / A ... Now onto Exchange System Manager ... SMTP - Started - Settings below ...
    (microsoft.public.exchange.admin)
  • Re: Backup domain controller?
    ... Microsoft MVP - Windows Server - Directory Services ... > with DNS and DHCP installed, and is the primary file sharing box. ... > second machine is the mail and Internet gateway server, running Exchange ... Also install DNS. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Strange Issues with Read Receipts Bouncing (Need expert help)
    ... If Dns was an issue, why is it when I reply to the same email that asks for a ... Regarding second error I do not administer the Linux Relay server so cant ... If an external user sends the new user an email requesting a read receipt it ... upgrade from Exchange 5.5 to Exchange 2003. ...
    (microsoft.public.exchange.admin)