Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

E-mail and DNS issue

Status
Not open for further replies.
MuddledMind

MuddledMind

IS-IT--Management
May 27, 2008
5
US
I am running two internal DNS/Active Directory servers internally. Unfortunately our internal domain was named the same as our web domain and our hosting company manages our external DNS.

My question is would it cause any problems if I had our web hosts create an DNS record for one of my internal servers without creating a static route for it on our firewall? This is an Exchange server by the way.

I can go into more detail if need be but that is the gist of things.

 
Sort by date Sort by votes
Are you saying that you want your external DNS provider to create a DNS host that points to an internal IP address?
If this is what you are asking, can I ask why you would want to do such a thing? You really don't want your internal IP addresses to be visible to the outside world do you?

Instead of doing that, why don't you recreate your external DNS zone on your internal DNS servers, and then adjust the host records internally to point to your internal IP addresses? That way you can prevent routing over the internet from within your network when people are accessing your internal servers.

Hope that helps. Good luck,
 
Upvote 0 Downvote
No - I don't want them pointing to an internal address at all.
I suppose it would help to explain the whole scenario after all.
The problem I am attempting to solve is that we get this bounce message back from an domain in Russia when attempting to respond to International customers using mail.ru:
-----------------
There was a SMTP communication problem with the
recipient's email server. Please contact your system administrator.
Srv1.mycompany.com #5.5.0 smtp;550 Unrouteable address
-----------------

Since Srv1.mycompany.com doesn't have an public address associated with it I'm guessing it is the reason the messages are coming back as unroutable. I thought creating the proper SPF record would take care of it but alas it isn't to be.

The reason it goes out through the main IP is that we have a Barracuda spam firewall taking all the incoming e-mail and forwarding on the good e-mail on to Exchange. We don't have Exchange sending mail back out through the Barracuda thus it just goes out through the main ip.

So I was wondering if I had our hosting company create an DNS record for Srv1.mycompany.com pointing to the IP from which it looks like Exchange is sending from if that would take care of the problem or if it would cause other problems being that I don't want to make an inside,outside static route on the firewall - I would rather have Exchange completely behind the firewall hidden.

 
Upvote 0 Downvote
I believe it is looking for an MX record back to srv1.mycompany.com to check if a bounce can be returned.
 
Upvote 0 Downvote
so could I create a second MX record for our domain pointing back to that IP without creating a static mapping via the firewall? Here is an example of what I currently have for an MX record:

mycompany.com
Preference Host Name IP Address TTL
10 mail.mycompany.com 6x.1xx.2xx.1xx 14400

could I have a second one created as:
Preference Host Name IP Address TTL
20 srv1.mycompany.com 6.x.1xx.2xx.99 14400

 
Upvote 0 Downvote
An MX typically does not point to an IP address (points to a name, that has an ip address), but perhaps your tool figures that out? I would check that out with dig or nslookup.

And yes, I would add that MX record and perhaps configure the mail to server to accept that mail.
 
Upvote 0 Downvote
The msExchange server must have a route to the internet otherwise the outside world would never even see an attempt to deliver. Send an email to a private account of yours and see what IP address is listed in the Received headers and try adding that (actually the name corresponding to the ip address) to your MX list.
If still doesn't work, use the internet router's address.
 
Upvote 0 Downvote
The IP listed in received is the same as the router - however I don't want e-mail coming to that IP - that is what we bought the Barracuda for.
 
Upvote 0 Downvote
Then talk to the provider that is not allowing your email to go through.
 
Upvote 0 Downvote
I have tried this - I've both called them and e-mailed (from my gmail account) and they (Mail.ru) never respond.
I included in each e-mail the scenario, the ip addresses, the names of the servers, copies of the mx and spf records etc - no response at all.

The three phone calls I've made has gotten me no where other than the alternate e-mail addresses to try. They would only tell me that they have another company contracted that handles the e-mail side and they would not provide any phone numbers.

Last but not least I even managed to figure out enough Russian to sign up for my own mail.ru account - hoping I could get some help if I was also a user of theirs - again nothing.
Kinda at my wits end..
 
Upvote 0 Downvote
I would actually point you to post your problem on the Exchange forum instead of this forum.

Good luck,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
11K
Nick Ellson
Nick Ellson
dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
11K
dl12345
dl12345

Part and Inventory Search

Sponsor

Back
Top