locked
Split DNS Question? RRS feed

  • Question

  • Hi everyone,

    I apologize in advance for the stupid question....BUT....

    Having an issue with our configuration in our production Exchange enviroment which was setup before I joined the company. Currently, we utilize two Edge/TMG servers sitting behind an NLB and firewall with two CAS/HUB servers and then three Mail servers behind that.

    Our problem is our internal domain is abc.com but we use xyz.com for email because we are not authoritative on abc.com. We are having issues with DNS since our domain is abc.com but the email addresses are @xyz.com. So, to the outside would it appears as though we are spoofing abc.com even though we are only using xyz.com...this has caused us to be blacklisted a few times.

    I went to my Hub servers and looked at my send connectors and none of them have anything entered in the field "Specify the FQDN this connector will provide...". Is this where my problem is coming from since a FQDN isnt specified its defaulting to the Hub transports actual name (which is non authoritative domain to the outside world?

    Also - my recieve connectos are listed as follows:

    Client - exch1.abc.com

    Default - exch1.abc.com

    Relay - exch1.abc.com

    Same applies for my second Hub server....should all of these be actually set to the authoritative domain (xyz.com) or am I missing something here?



    • Edited by Der Hai Friday, July 29, 2011 7:09 PM
    Friday, July 29, 2011 12:06 PM

All replies

    1. What issue have you had and what where the reason too?  ie. did you get NDR;s? I fyes what were they?
    2. For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.

    Sukh
    Friday, July 29, 2011 1:35 PM
    1. What issue have you had and what where the reason too?  ie. did you get NDR;s? I fyes what were they?
    2. For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.

    Sukh


    To be honest, I'm not sure exactly what happened because the previous Exchange Admin left unexpectedly.

    All I was told is we were blacklisted by several customer email servers and sometimes we recieved NDR's and sometimes we didnt.

    Currently, both the internal and external domains are both set to authoritative in Exchange under Accepted Domains. Should the internal be changed to "Internal Relay Domain" only? Will this effect any current things or going forward?


    Friday, July 29, 2011 2:35 PM
    1. What issue have you had and what where the reason too?  ie. did you get NDR;s? I fyes what were they?
    2. For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.

    Sukh


    To be honest, I'm not sure exactly what happened because the previous Exchange Admin left unexpectedly.

    All I was told is we were blacklisted by several customer email servers and sometimes we recieved NDR's and sometimes we didnt.

    Currently, both the internal and external domains are both set to authoritative in Exchange under Accepted Domains. Should the internal be changed to "Internal Relay Domain" only? Will this effect any current things or going forward?



    1. No need to change the internal domain as a relay domain.  I would do what I mentioned in point 2 on my post.

    2. Also make sure your PTR records are up to date.


    Sukh
    Friday, July 29, 2011 2:39 PM
    1. What issue have you had and what where the reason too?  ie. did you get NDR;s? I fyes what were they?
    2. For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1.

    Sukh


    To be honest, I'm not sure exactly what happened because the previous Exchange Admin left unexpectedly.

    All I was told is we were blacklisted by several customer email servers and sometimes we recieved NDR's and sometimes we didnt.

    Currently, both the internal and external domains are both set to authoritative in Exchange under Accepted Domains. Should the internal be changed to "Internal Relay Domain" only? Will this effect any current things or going forward?



    1. No need to change the internal domain as a relay domain.  I would do what I mentioned in point 2 on my post.

    2. Also make sure your PTR records are up to date.


    Sukh


    Yes, all PTR records are matched and up-to-date on our DNS server.

    I guess I'm not sure I follow what your siggesting: under Accepted Domains in Exchange, both abc.com and xyz.com are listed as Authoritative.  You stated: "For you acccepted domain I would make your xyx to be authorative and not your internal domain. I suspect this is the most likely the cause without knowing the issue in detail as in point 1."

    But then what do I do with the internal domain thats listed as authoritative? Remove it?

    Sorry if I'm missing the simply point here...

    Friday, July 29, 2011 2:49 PM
    1. Sorry my mistake, was thinking it about not writing it!  What I was suggesting was to make the xyx to be the default. Is it the default?

    Sukh
    Friday, July 29, 2011 2:59 PM
    1. Sorry my mistake, was thinking it about not writing it!  What I was suggesting was to make the xyx to be the default. Is it the default?

    Sukh

    Ah ok. Yes, the xyz.com external domain is already set as the default.
    Friday, July 29, 2011 3:02 PM
    1. Then it's kind of hard to know what's going n and why it was rejected?
    2. The NDR would have helped and if you had any logging enabled?
    3. Not sure if you have an old NDR somewhere or logs backed up that you can restore to get the info.
    4. Or you may decide to wait until the next occurence so we can troubleshoot further with more details.
    5. That's all I can offer for now, but there may be others who might pick up this post.
    6. Also, make sure your have setup SPF records for you domain too.

    Sukh
    Friday, July 29, 2011 3:05 PM
    1. Then it's kind of hard to know what's going n and why it was rejected?
    2. The NDR would have helped and if you had any logging enabled?
    3. Not sure if you have an old NDR somewhere or logs backed up that you can restore to get the info.
    4. Or you may decide to wait until the next occurence so we can troubleshoot further with more details.
    5. That's all I can offer for now, but there may be others who might pick up this post.
    6. Also, make sure your have setup SPF records for you domain too.

    Sukh


    Well I have logs...I just don't know when the event occurred so that doesn't help much. I'm trying to find someone who recieved an NDR but I'm not hopeful.

    Thanks for your help!

    Friday, July 29, 2011 3:22 PM
  •  

    Hi,

     

    You mentioned that your exchange is blocked because the outside mail server thought you are spoofing abc.com, have you confirmed this with the administrators of the outside mail servers?

     

    The two Authoritative domains should not be the cause. Please specify your external FQDN for the internet send connector:

     

    1. Open EMC, expand to Organization Configuration, in send connector tab, right click your internet send connector and choose properties.

     

    2. In ""Specify the FQDN this connector will provide", type in the external FQND name such outgoing.xyz.com which your specified in the SFP record.

     

     

    Gen Lin

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com 


    Monday, August 1, 2011 10:10 AM