none
DNS question

    Question

  • We recently moved to Exchange 2013 from 2007, and we're in Hybrid mode right now as we can't fully divorce from 2007 yet.

    I was going over our DNS records and I found that for some reason our 2013 MB server has the same external dns record/IP as the old 2007 hub transport.  I'm not sure if this is a mistake or done on purpose and I just forgot during the migration madness.

    Our new 2013 CAS server has it's own external ip.

    My question is, do both my 2013 CAS and 2013 MB server need IP's in external DNS?  I'm still a little fuzzy on which server sends out the mail since the roles have changed (or do they both?).  To be safe I was just going to give them both IP's so we don't get caught up in external spam problems.

    Thanks,

    Tuesday, December 8, 2015 6:04 PM

Answers

All replies

  • Hi,

    It was probably done expecting that email would be delivered to the back end server as your Exchange 2007 infrastructure may have been. 

    Only your CAS needs a public IP and ports open on the firewall. Note that this assumes that your send connector is configured to proxy through the client access server. See here for more information on how to set this: https://technet.microsoft.com/en-us/library/mt484155%28v=exchg.160%29.aspx. The CAS should be receiving email and either the CAS or the MBX can send email depending on whether your send connector is configured to proxy through the CAS server. If so then the CAS is the one that will send email to the internet. 

    To prevent spam issues, your sending server needs to have a reverse DNS record (see here: http://markgossa.blogspot.com/2015/09/exchange-2007-2013-reverse-dns.html) and a valid SPF record (see here: http://markgossa.blogspot.com/2015/08/understanding-spf-records-part-1.html). Also make sure that your IP is not listed on any blacklists - use the Outbound Email test here: http://exrca.com.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Tuesday, December 8, 2015 8:19 PM
  • We recently moved to Exchange 2013 from 2007, and we're in Hybrid mode right now as we can't fully divorce from 2007 yet.

    I was going over our DNS records and I found that for some reason our 2013 MB server has the same external dns record/IP as the old 2007 hub transport.  I'm not sure if this is a mistake or done on purpose and I just forgot during the migration madness.

    Our new 2013 CAS server has it's own external ip.

    My question is, do both my 2013 CAS and 2013 MB server need IP's in external DNS?  I'm still a little fuzzy on which server sends out the mail since the roles have changed (or do they both?).  To be safe I was just going to give them both IP's so we don't get caught up in external spam problems.

    Thanks,

    That depends. Is the MBX sending out directly to the Internet? Then it needs an external routable IP address with a valid PTR. Also be sure that the send connectors FQDN matches.

    P.S. Why do you have seperate CAS and MBX roles?


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.


    Tuesday, December 8, 2015 10:39 PM