none
DNS Configuration for messaging

    Question

  • Greetings,

    I am in a proccess of restructuring messaging infrastructure in a production environment.

    I have the following setup

     

    hub-site:

    2 MBX (DAG) Servers

    2 CAS/HUB Servers (H/W Load Balanced on Citrix)

    2 Edge Servers in DMZ (DNS Round Robin Balanced)

    DR-site:

    1 MBX (DAG Member) Server

    1 CAS/HUB Server

    1 Edge Server

     

    the users require the following Client Access type:

    MAPI, IMAP, Webmail, Outlook Anywhere, POP

    my question is:

    what would be the required DNS Records (MX, A, CNAME, etc..) Internally and Externally -Internal DNS Server and External DNS Server for them

    and the other question, IMAP Clients are using their laptops internally and exernally, and dont want to change thier settings. how should the DNS records for the IMAP (Imap.mycompany.com) and (Imap.localdomain.com) be configured to allow user not to change thier settings each time the switch between internal Internet and External Internet.

     

    Thanks in Advance

    Tuesday, February 01, 2011 12:26 PM

Answers

  • MX records are created at ISP end to access exchange services from external domain i.e. internet & for internal domain host record, srv record & cname records are used for accessing exchange services.

    From your internal domain, you can access all the exchange services like MAPI,IMAP, OWA, POP, Active sync(if configured), but from outside, you require UCC/SAN certificate that's it.

    You can configure multiple mx records at the ISP end to locate the exchange related services hosted at your own network from outside & assing the priority in case failure happens at one MX record server, other can take over.

    The exact forum for Exchange related issue is below.

    http://social.technet.microsoft.com/Forums/en/exchange2010/threads

     

    Regards


    Awinish Vishwakarma

    Blog : http://awinish.wordpress.com

    Disclaimer : This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Bruce-Liu Friday, March 04, 2011 7:18 AM
    Tuesday, February 01, 2011 12:56 PM
    Moderator
  •  

    Please see Inline.....

     

    • my question is:
      what would be the required DNS Records (MX, A, CNAME, etc..) Internally and Externally -Internal DNS Server and External DNS Server for them

    There is no need for MX record, MX record is not required or necessary for internal mail routing all you need is simple "A" record which gets added already when you join your mail servers to your existing domain.

     

    I do not want to confuse you but in reality MX record is not even required for external mail flow as well based on RFC 2821, before the sender SMTP quits sending mail it looks for other records if they applicable ***ISP DNS server will perform  a second Query if there is no MX record found, which will be an A record***

     

    See below

    http://smtp25.blogspot.com/2007/07/can-you-run-mail-server-without-mx.html

     

    • and the other question, IMAP Clients are using their laptops internally and exernally, and dont want to change thier settings. how should the DNS records for the IMAP (Imap.mycompany.com) and (Imap.localdomain.com) be configured to allow user not to change thier settings each time the switch between internal Internet and External Internet.
       

    You need "A record" on public DNS servers and have it route to it to your internal mail server IP address while opening proper port from outside all the way back to your Exchange Server---------> as Imap.mycompany.com=PUBLIC IP Address=Exchange Internal IP

    Enable IMAP Exchange 2010

    http://technet.microsoft.com/en-us/library/bb124489.aspx 

    http://technet.microsoft.com/en-us/library/bb676481.aspx

    regards

    ocd

     


    Oz Casey, Dedeal, Microsoft MVP - Exchange Server, MCITP(EMA),MCITP(EA),MCITP (SA) MCSE 2003 M+; S+;,MCDST, Security+ ,Project+ ,Server, http://smtp25.blogspot.com, (Blog) http://telnet25.wordpress.com(Blog) This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    • Marked as answer by Bruce-Liu Friday, March 04, 2011 7:18 AM
    Tuesday, February 01, 2011 2:44 PM

All replies

  • MX records are created at ISP end to access exchange services from external domain i.e. internet & for internal domain host record, srv record & cname records are used for accessing exchange services.

    From your internal domain, you can access all the exchange services like MAPI,IMAP, OWA, POP, Active sync(if configured), but from outside, you require UCC/SAN certificate that's it.

    You can configure multiple mx records at the ISP end to locate the exchange related services hosted at your own network from outside & assing the priority in case failure happens at one MX record server, other can take over.

    The exact forum for Exchange related issue is below.

    http://social.technet.microsoft.com/Forums/en/exchange2010/threads

     

    Regards


    Awinish Vishwakarma

    Blog : http://awinish.wordpress.com

    Disclaimer : This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Bruce-Liu Friday, March 04, 2011 7:18 AM
    Tuesday, February 01, 2011 12:56 PM
    Moderator
  • Hello,

    this has not really something to do with Directory Services, the better forum is the Exchange server forum, as mentioned already from Awinish, or for Network related questions the following one:

    http://social.technet.microsoft.com/Forums/en/winserverNIS/threads


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, February 01, 2011 12:59 PM
  • Awinish,

    thank you for your post,

    for more clarifications, suppose my internal domain name is localdomain.com and my external is company.com

    if users of IMAP cleints are using (imap.mycompany.com) from outside, and want to use thier IMAP clients internally without changing the configurations of thier imap clients, what would be the settings? do i have to map IMAP.mycompany.com to any DNS locally?

    regards

     

    Tuesday, February 01, 2011 2:08 PM
  • Awinish, you need to configure E-mail adress policy here is the link showing how to do it

    http://technet.microsoft.com/en-us/library/bb232171.aspx

     

    ocd

     

     

     


    Oz Casey, Dedeal, Microsoft MVP - Exchange Server, MCITP(EMA),MCITP(EA),MCITP (SA) MCSE 2003 M+; S+;,MCDST, Security+ ,Project+ ,Server, http://smtp25.blogspot.com, (Blog) http://telnet25.wordpress.com(Blog) This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Tuesday, February 01, 2011 2:24 PM
  • Oz Casey

    my original question how to allow my IMAP clients to access messaging system (exchange server) internally and externally using the same IMAP configurations without changing them when they are in office or out office

    supposing my DNS record for IMAP is imap.mycompany.com

    it is not related to policies.

    Tuesday, February 01, 2011 2:37 PM
  •  

    Please see Inline.....

     

    • my question is:
      what would be the required DNS Records (MX, A, CNAME, etc..) Internally and Externally -Internal DNS Server and External DNS Server for them

    There is no need for MX record, MX record is not required or necessary for internal mail routing all you need is simple "A" record which gets added already when you join your mail servers to your existing domain.

     

    I do not want to confuse you but in reality MX record is not even required for external mail flow as well based on RFC 2821, before the sender SMTP quits sending mail it looks for other records if they applicable ***ISP DNS server will perform  a second Query if there is no MX record found, which will be an A record***

     

    See below

    http://smtp25.blogspot.com/2007/07/can-you-run-mail-server-without-mx.html

     

    • and the other question, IMAP Clients are using their laptops internally and exernally, and dont want to change thier settings. how should the DNS records for the IMAP (Imap.mycompany.com) and (Imap.localdomain.com) be configured to allow user not to change thier settings each time the switch between internal Internet and External Internet.
       

    You need "A record" on public DNS servers and have it route to it to your internal mail server IP address while opening proper port from outside all the way back to your Exchange Server---------> as Imap.mycompany.com=PUBLIC IP Address=Exchange Internal IP

    Enable IMAP Exchange 2010

    http://technet.microsoft.com/en-us/library/bb124489.aspx 

    http://technet.microsoft.com/en-us/library/bb676481.aspx

    regards

    ocd

     


    Oz Casey, Dedeal, Microsoft MVP - Exchange Server, MCITP(EMA),MCITP(EA),MCITP (SA) MCSE 2003 M+; S+;,MCDST, Security+ ,Project+ ,Server, http://smtp25.blogspot.com, (Blog) http://telnet25.wordpress.com(Blog) This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    • Marked as answer by Bruce-Liu Friday, March 04, 2011 7:18 AM
    Tuesday, February 01, 2011 2:44 PM
  • Oz,

    thanks for your post

    for the IMAP question it is clear.

    for the DNS Records required, I agree with you regarding MX internal record, but what about other DNS records required? (CAS/HUB, EDGE, DAG,.....etc)?

    thanks

     

    Tuesday, February 01, 2011 10:28 PM
  • Jamil,

    I agree with Oz, no internal MX records are required. WHen your HUB sends an email to an external recipient, the Hub will query DNS for the MX record of the recipient server's domain.

    As for using the same name as imap.whatever.com on the external side internally, as Oz stated, you'll need to port remap TCP 143 (IMAP) to your Hub (cluster IP or single machine) and create the necessary private IP record for those FQDN.

    Anotehr option to create the record other than an A record, I usually simply create a zone in DNS called "imap.whatever.com" and create a blank A record (leave the name part blank) and just give it the internal IP of your Hub cluster. I use this as a standard practice internally for zones such as mail.externaldomainName.com for OWA and ActiveSync, and legacy.externaldomainName.com for legacy ActiveSync in a mixed Exchange 2003/2007/2010 environment during a migration.

    As mentioned by others, this question's topic would have been better suited asked in the Exchange forums, however I hope our answers were helpful. We try to stay on topic in a specific forum with relevant questions to keep continuity. If you have any additional Exchange questions regarding configuration or design, please do post them in the Exchange forums.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, February 02, 2011 12:34 AM
  • Your ISP registers MX records to route external mail to your domain & when is reached to your network, it reaches to your firewall & then to edge transport server, where connectors are configured to receive as well as send email & from edge, its been forwarded to HUb server after message filtering & then to CAS.

    I think you are confused how it come to know which server will host the public IP, the public IP will be configured on firewall & natted, while the the mail reaches to the firewall, its been redirected to edge server through natted IP, as edge server is in DMZ.

    For DAG,CAS,HUB,MBX it will be located internally using host records once it can find edge or HUB server which contains natted public IP.

     

    Regards,


    Awinish Vishwakarma

    Blog : http://awinish.wordpress.com

    Disclaimer : This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, February 02, 2011 3:49 AM
    Moderator
  • What records are you referring to? Publicly, which should also be available internally, and are typically put into a UC/SAN cert, are:

    • autodiscover.domain.com (port mapped to the CAS)
    • mail.domain.com (port mapped to the Hub or Edge)
    • NetBIOS name of machine
    • exchangeCasInternalHostname.internalName.local (for Autodiscover and Outlook Anywhere)
    • And if needed, legacy.domain.com (port mapped to a legacy 2003 MBX)

    And I would create the public ones internally as zones, as I previously suggested, with the internal IP, so a laptop, for example, can connect internally as well as externally wtihout altering Outlook's config.

    As Awinish said, and I agree with, there may be some confusion going on regarding records for DAGs, MBX, Edge, etc, with are internal records, they are all internal records only in the private zone, not externally.

    This thread really belongs in the Exchange forum... http://social.technet.microsoft.com/Forums/en/exchange2010/threads

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, February 02, 2011 4:31 AM
  • Many Many thanks to all of you...

    and regaring posting in exchange forms, next topics I should post in them, but for this topic please bear with me as it is already posted and still active.

    ---

    what I understand is as follows

    anyhow, I will summarize it assuming my domain (smtp namespace) is (COMPANY.COM)  useralias@company.com

    External DNS records needed as follows:

    1- MX Reorcord of mail.company.com hosted @ ISP pointing to Edge Server, and for load balancing I will need 2 MX records

    2- A Record of autodiscover.company.com hosted @ ISP pointing to CAS server "natted on the CAS array"

    3- A Record of casarrayserver.localdomain.com hosted @ ISP  ?? <<<<< ???? >>>>>

    4- A Record of imap.company.com will be hoste @ ISP natted on Hub server

    Internal DNS

    1- A Record of autodiscover.company.com

    2- A Record of casarrayserver.localdomain.com

    3- A Record of imap.company.com pointing to hub server  IP

    4- MX record should not be hosted on local "internal" DNS

    please verify

    Thanking you

    Wednesday, February 02, 2011 9:10 AM
  • Maybe we can get a mod to move this thread to the Exchange forum.

     

    Many Many thanks to all of you...

    and regaring posting in exchange forms, next topics I should post in them, but for this topic please bear with me as it is already posted and still active.

    ---

    what I understand is as follows

    anyhow, I will summarize it assuming my domain (smtp namespace) is (COMPANY.COM)  useralias@company.com

    External DNS records needed as follows:

    1- MX Reorcord of mail.company.com hosted @ ISP pointing to Edge Server, and for load balancing I will need 2 MX records

    Load balancing for one Edge? Do you have more than one Edge server? To have two MX records means you have two servers that will receive mail from the internet.

    2- A Record of autodiscover.company.com hosted @ ISP pointing to CAS server "natted on the CAS array"

    Yes

    3- A Record of casarrayserver.localdomain.com hosted @ ISP  ?? <<<<< ???? >>>>>

    No. Usually an owa.externalDomain.com pointed to an IP that's port translated to the CAS servers. Make the same record internally as I mentioned twice before pointing to the internal IP.

    4- A Record of imap.company.com will be hoste @ ISP natted on Hub server

    Yes

     

    Internal DNS

    1- A Record of autodiscover.company.com

    2- A Record of casarrayserver.localdomain.com

    3- A Record of imap.company.com pointing to hub server  IP

    4- MX record should not be hosted on local "internal" DNS

    please verify

    Thanking you

    And add owa.company.com internally, too, pointing to the internal CAS IP. Reason why I suggest an owa.company.com to CAS is for client access for ActiveSync and OWA. A mail.company.com record would be for the MX record pointed to the Edge. An imap.company.com record would be for the Hub.


    Ace

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

     

     

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, February 02, 2011 6:50 PM
  • And add owa.company.com internally, too, pointing to the internal CAS IP. Reason why I suggest an owa.company.com to CAS is for client access for ActiveSync and OWA. A mail.company.com record would be for the MX record pointed to the Edge. An imap.company.com record would be for the Hub.


    Ace 

    Ace, Thanks,

    the MX record will be hosted in ISP DNS ... is it also in my internal DNS Servers? please clarify to clear the entire thread?

    thanks again

    Wednesday, February 02, 2011 7:58 PM
  • And add owa.company.com internally, too, pointing to the internal CAS IP. Reason why I suggest an owa.company.com to CAS is for client access for ActiveSync and OWA. A mail.company.com record would be for the MX record pointed to the Edge. An imap.company.com record would be for the Hub.


    Ace 

    Ace, Thanks,

    the MX record will be hosted in ISP DNS ... is it also in my internal DNS Servers? please clarify to clear the entire thread?

    thanks again


    The ISP's DNS is the EXTERNAL DNS, not the internal DNS. The ISP's DNS will have external public IPs pointing to your firewall whcih you have to port remap. The internal DNS is for AD and for internal use, where you ahve to create the same names but with internal IPs. I hope that clears it up.

    Have you considered hiring an Exchange expert to assist with your company's goals with this messaging restructuring project?

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, February 02, 2011 8:11 PM