Bounce messages from incorrect DNS resolve

[Silmarillion]

I am running Windows 2000 Server with Exchange 2000. Our server is set up with an internal DNS name of "company.company" (server name.domain name - names have been changed to protect the innocent :>). Our mail domain is "companygroup.com". What is happening is that some receiving mail servers are doing a reverse lookup, and then bouncing the mail, because the external DNS entry for our domain is "mail.companygroup.com" (and therefore does not resolve properly to the sending mail server, which is "company.company&quot. Is there a way to circumvent this without changing the domain name on the server?

Also, what is the general consensus when configuring a W2K server - should it be set up with the domain name you own / plan to use? What if you do not currently have a domain? From what I have read, it does not appear to be an easy process to change the domain name on a server. Sorry, I know that is more a question for a different forum, but it does tie in with the first issue.

 

[CCFAdmin]

Good question... I currently have company.local but now I host a website company.com. My friend think I should change from .local to .com. I say no, since exchange is configured properly and I'm actually hosting multiple sites. Besides I don't feel like spending a wekend redoing the entire network.

Have you found anything?

Charles

 

[Silmarillion]

Nope - I am still wracking my brain trying to think of who I can contact that would know how to resolve this. I will post if I find anything.

 

[Thepomosandman]

Hello
Do not change you domain!. This is tied directly to the Active Directory. You will really wish you have never touched windows 2000. As for reverse DNS this should not be an issue if DNS is correctly set up on the Internet. Do you have 2 DNS servers. One on the outside and one on the inside of your firewall. If so then, this should not be an issue as the world will only know you as the A record set up on the external DNS server. If you are using one server you will need to set up a new zone with the correct FQDN and assign an MX record to the Exchange server from the new domain. Next you will need to ensure that you have a correct email domain entry in the Email address policy of the Default poilices, within the recipient policies, of the recipients hive of the Exchange System Manager. I have numerous domains on my Exchange server and have no issue regarding RDNS failures.

 

[CCFAdmin]

In reply to Thepomosandman...

Is your local domain set up as abc.local ot abc.com? Yes I agree with not changing the domain, in essense it require rebuilding the network from sratch. Right now I have one server which runs DNS, exchange and hosts 5 sites. I've done as metioned above with DNS and exchange and works like a charm... So I'm thinking why change it, unless of course I come accross an issue with reverse DNS lookups.

Thanks for you input...

 

[Thepomosandman]

Its actually an entirley different domain name all together. local.domainA.ccc and my FDDN is correctdomain.com

note that my internal address is not even a .com

Under the SMTP protocal area of the exchange server. Ensure the following. Your Mascarade domain is that of the FQDN to the world and then the SMTP server MXrecords in the same area has that of the FQDN as well. By default the Active directory domain is used.

That should be all thats required

 

[CCFAdmin]

Ok, thanks... That's what I'm running and it works fine.

Charles

 

[Silmarillion]

Thepomosandman - thanks for the help. I did as you stated in the second message, and it has changed the outbound mail server name to the one that resolves correctly for external DNS.

I am using only one DNS server, and the public DNS entry for our mail server is in our ISP's DNS server entries (A and MX). I have not created a second zone - is this still necessary? One thing I have noticed is that the message ID for outbound e-mail still contains the "company.company" entry instead of the "mail.companygroup.com" entry. I don't know if this is a problem, as I am still testing, but I did have a user do a test e-mail that bounced with the following message:

#5.5.0 smtp;550 relaying prohibited by administrator (failed to find host name from IP address)

Do the reverse lookups usually look to the message ID for the sending server, or just the "received from" information in the mail header?

 

[jpm121]

Some do more intelligent matching of the IP address to at least part of the domain; others just make sure that they do indeed get a reverse DNS response when querying the IP address.

 

[PScottC]

I've had an issue with Road Runner refusing mail recently. The do a reverse lookup on the IP (not domain) of the sending server. If they find that the IP is on a "residential" network (aka DSL, Cable, Dial-up), the connection is refused. Since my customer had an SBC DSL line, the IP I had showed as residential. I contacted SBC and had them delegate the reverse lookup of my domain to my DNS provider, then requested that Pointer (PTR) records be configured.

With this change completed, the reverse lookups of my IP, now show mydomain.com.

PSC

 

[Silmarillion]

I have also had that problem with Road Runner. We are on Telus (the incumbent phone company for BC and Alberta, Canada) for our internet service. The problem has just been recent - the previous errors I had from Road Runner were always RDNS failures.