none
How to keep SBS 2011 from changing MX record

    Question

  • Hi there,

    I have just set up a new SBS 2011 box, so I am pretty new at this. The domain is hosted at godaddy, our internet is with verizon business, but with dynamic IP address. Everything works like a charm, except that I'd prefer a little less spam in my emails. So I looked for cheap or free spam protection and picked mxguarddog.com for a test. Set up an account there, configured everything and finally changed my MX record to the mxguarddog servers. They should trash the spam and send the good emails to my exchange server. So far so good.

    Waited for the MX record changes to show some effects. After a while I realized it didn't work. Double checked the configuration and found the MX records changed back to remote.mydomain.com. Changed it again to the mxguarddog servers, but again it lasted just minutes. Now I suspect my SBS box not to just update our dynamic IP address every couple of minutes, but also to change the MX records back to itself.

    Can anyone confirm that behavior? If so, is there a way to teach SBS to leave the MX records unchanged? Or maybe have it enter the mxguarddog servers instead? Unfortunately I can't simply cut it off from godaddy, since it has to update the IP address... If this is not possible, I probably have to get a static IP...

    Any help is appreciated ;-)


    • Edited by Thomas Renn Monday, December 10, 2012 2:24 AM
    Sunday, December 09, 2012 8:48 PM

Answers

  • Ok so looking at the way this seems to work- it queries for your external IP, then based on that takes your 'rwa prefix' ie. remote. and just creates all of the required records.

    A, MX, SRV etc all of which point to remote.domain.com - so i dont think there is any way to selectivley say - do not create an MX record - however i have asked the SBS Dev team.

    On another note, what you could do is change the receive connector in Exchange to only accept email from your third party anti spam - so even if the MX pointed at your server was showing in public DNS, people would not be able to bypass your anti spam.


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    • Marked as answer by Thomas Renn Tuesday, December 11, 2012 2:32 PM
    Tuesday, December 11, 2012 11:14 AM
    Moderator
  • Just an FYI, i believe this is the correct solution.

    http://technet.microsoft.com/en-us/library/dd727993%28v=WS.10%29.aspx


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Thursday, December 13, 2012 10:44 AM
    Moderator

All replies

  • Is your SBS managing your DNS?

    I would turn that off and manage your DNS manually.


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Monday, December 10, 2012 9:26 AM
    Moderator
  • Yes, it is managing the DNS, because it has to update the A record for remote.domainname.com with the new (dynamic) IP address. Of course, I could buy a static IP or go with dyndns and then manage the DNS manually. But I am still hoping that there is a way to turn off the MX updates.

    Monday, December 10, 2012 11:06 AM
  • If you add additional MX records, are they being deleted?

    What priority is the MX the SBS is creating?


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Monday, December 10, 2012 1:18 PM
    Moderator
  • Thanks for that idea! Your time and input is much appreciated! And it seems to work.. As soon as the remote.mydomain.com is deleted, SBS removes all other entries and puts it right back in with priority 10. But if you leave this line untouched, you can add more records with higher and lower priority. At least they are now unchanged for 2 hours.

    It's a good start and it might protect me from amateur spammers. A decent spammer will likely know the mxguarddog hostnames and simply read through the MX records till he finds my unprotected SBS box, so I still would prefer to remove this entry completely.

    So the question is still open - anyone out there who knows how to control the DNS update behavior?

    Monday, December 10, 2012 3:57 PM
  • Just setting up my lab server to work with the auto config service.

    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Tuesday, December 11, 2012 10:18 AM
    Moderator
  • Ok so looking at the way this seems to work- it queries for your external IP, then based on that takes your 'rwa prefix' ie. remote. and just creates all of the required records.

    A, MX, SRV etc all of which point to remote.domain.com - so i dont think there is any way to selectivley say - do not create an MX record - however i have asked the SBS Dev team.

    On another note, what you could do is change the receive connector in Exchange to only accept email from your third party anti spam - so even if the MX pointed at your server was showing in public DNS, people would not be able to bypass your anti spam.


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    • Marked as answer by Thomas Renn Tuesday, December 11, 2012 2:32 PM
    Tuesday, December 11, 2012 11:14 AM
    Moderator
  • Can't thank you enough for the time you are putting into that! Great suggestions! That really should do it!

    If not - well, I am considering a static IP anyway, since I need reliable remote access.

    Tuesday, December 11, 2012 2:32 PM
  • Just an FYI, i believe this is the correct solution.

    http://technet.microsoft.com/en-us/library/dd727993%28v=WS.10%29.aspx


    Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk

    Thursday, December 13, 2012 10:44 AM
    Moderator