DNS Records for an Exchange Server serving multiple domains

[jp]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

Sorry for crossing-posting. I really don't know which NG should I be
posting this question.

We are currently running an Exchange server, which is serving the users in
the head office under domain-A. We have a few sales offices which also have
users who requires email access. They want to use their own email domain
(i.e. domain-B, domain-C and so forth) due to the nature of our business.
Therefore, we want the same Exchange server to send and receive email for
multiple domains.

On the Exchange side, I can add other domain names in the ESM and set up
proxy email address under each user's account property. But I do not know
what would be the best practice on the DNS side. I am thinking of
requesting the ISP to add the MX records for domain-A, domain-B and domain-C
accordingly. They should all be pointing to the same IP address as the one
we use for domain-A. However, the technician from my ISP disagreed with
that. He said that it would upset reverse-DNS lookup if an IP address is
used by different domains.

I am not sure his point is valid. Could any experts please shed some
lights? Thanks in advance.

Cheers,

Joe

 

[Hal]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

On Thu, 8 Jul 2004 17:16:37 -0400, "JP"
<NO_SPAM_PLEASE_pangjo@netzero.com> wrote:

>Sorry for crossing-posting. I really don't know which NG should I be
>posting this question.
>
>We are currently running an Exchange server, which is serving the users in
>the head office under domain-A. We have a few sales offices which also have
>users who requires email access. They want to use their own email domain
>(i.e. domain-B, domain-C and so forth) due to the nature of our business.
>Therefore, we want the same Exchange server to send and receive email for
>multiple domains.
>
>On the Exchange side, I can add other domain names in the ESM and set up
>proxy email address under each user's account property. But I do not know
>what would be the best practice on the DNS side. I am thinking of
>requesting the ISP to add the MX records for domain-A, domain-B and domain-C
>accordingly. They should all be pointing to the same IP address as the one
>we use for domain-A.

Yes, that is correct.

> However, the technician from my ISP disagreed with
>that. He said that it would upset reverse-DNS lookup if an IP address is
>used by different domains.

He is not correct. Reverse DNS does not matter.

Hal

>
>I am not sure his point is valid. Could any experts please shed some
>lights? Thanks in advance.
>
>Cheers,
>
>Joe
>

 

[Guest]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

In news:5chre01pud2od6es3vq6r20sla1ltd0rqv@4ax.com,
hal@nospam.com <hal@nospam.com> asked for help and I offered my suggestions
below:
> On Thu, 8 Jul 2004 17:16:37 -0400, "JP"
> <NO_SPAM_PLEASE_pangjo@netzero.com> wrote:
>
>> Sorry for crossing-posting. I really don't know which NG should I be
>> posting this question.
>>
>> We are currently running an Exchange server, which is serving the
>> users in the head office under domain-A. We have a few sales
>> offices which also have users who requires email access. They want
>> to use their own email domain (i.e. domain-B, domain-C and so forth)
>> due to the nature of our business. Therefore, we want the same
>> Exchange server to send and receive email for multiple domains.
>>
>> On the Exchange side, I can add other domain names in the ESM and
>> set up proxy email address under each user's account property. But I
>> do not know what would be the best practice on the DNS side. I am
>> thinking of requesting the ISP to add the MX records for domain-A,
>> domain-B and domain-C accordingly. They should all be pointing to
>> the same IP address as the one we use for domain-A.
>
> Yes, that is correct.
>
>> However, the technician from my ISP disagreed with
>> that. He said that it would upset reverse-DNS lookup if an IP
>> address is used by different domains.
>
> He is not correct. Reverse DNS does not matter.
>
> Hal


Hi, just wanted to add that I host 25 customer domains and I do it this way.
But my reverse points to the main machine's name and IP, not all the
customer domains, so this way if any recipient domains are performing
Reverse DNS lookups, it will come back as valid. So for the original poster,
don't worry about what the tech says, just let the reverse point to your
machine's actual FQDN.

I think the tech thinks you wanted a reverse for each one so there will be
multiple PTRs for the same IP, which won't work anyway, besides, I've tried
that in the beginning and found that MS DNS winds up removing all but the
one. There is no Round Robin for the reverse.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[jp]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

Thanks for the clarification. I will probably add the MX records for the
new domains as planned. However, I still have some worries on the revserse
DNS lookup. If the recipient's email server requires a valid domain name
returned from reverse DNS lookup, chances are email messages using domain-B
as sender/reply address will not be accepted. Imagine the reverse DNS
lookup shows domain-A but the sender claims to be from domain-B.

We have had this problem for domain-A before. The ISP fixed it by putting
in the proper PTR address for domain-A on the DNS server. I am wondering if
the same problem will arise for the new domains in the future.

Joe







> Hi, just wanted to add that I host 25 customer domains and I do it this
way.
> But my reverse points to the main machine's name and IP, not all the
> customer domains, so this way if any recipient domains are performing
> Reverse DNS lookups, it will come back as valid. So for the original
poster,
> don't worry about what the tech says, just let the reverse point to your
> machine's actual FQDN.
>
> I think the tech thinks you wanted a reverse for each one so there will be
> multiple PTRs for the same IP, which won't work anyway, besides, I've
tried
> that in the beginning and found that MS DNS winds up removing all but the
> one. There is no Round Robin for the reverse.
>
> --
> Regards,
> Ace

 

[gwd]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

OK its a little tricky then. Try this:

MX record domain A = aaa.aaa.aaa.aaa
MX record domain B = bbb.bbb.bbb.bbb
MX record domain C = ccc.ccc.ccc.ccc
etc

Then at your firewall direct traffic on ports 25 110 etc from
aaa.aaa.aaa.aaa to the real internal address of your mail server. Do the
same for bbb, ccc, etc.

You will use one real address for each domain. And be able to use a real
reverse lookup for each address while forwarding the traffic to your
internal mail server.


"JP" <NO_SPAM_PLEASE_pangjo@netzero.com> wrote in message
news:OqlqBHfZEHA.644@tk2msftngp13.phx.gbl...
> Thanks for the clarification. I will probably add the MX records for the
> new domains as planned. However, I still have some worries on the
revserse
> DNS lookup. If the recipient's email server requires a valid domain name
> returned from reverse DNS lookup, chances are email messages using
domain-B
> as sender/reply address will not be accepted. Imagine the reverse DNS
> lookup shows domain-A but the sender claims to be from domain-B.
>
> We have had this problem for domain-A before. The ISP fixed it by putting
> in the proper PTR address for domain-A on the DNS server. I am wondering
if
> the same problem will arise for the new domains in the future.
>
> Joe
>
>
>
>
>
>
>
> > Hi, just wanted to add that I host 25 customer domains and I do it this
> way.
> > But my reverse points to the main machine's name and IP, not all the
> > customer domains, so this way if any recipient domains are performing
> > Reverse DNS lookups, it will come back as valid. So for the original
> poster,
> > don't worry about what the tech says, just let the reverse point to your
> > machine's actual FQDN.
> >
> > I think the tech thinks you wanted a reverse for each one so there will
be
> > multiple PTRs for the same IP, which won't work anyway, besides, I've
> tried
> > that in the beginning and found that MS DNS winds up removing all but
the
> > one. There is no Round Robin for the reverse.
> >
> > --
> > Regards,
> > Ace
>
>
>

 

[Guest]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

In news:e9PQl7fZEHA.2516@TK2MSFTNGP10.phx.gbl,
GwD <GDavis@nospam.hme.com> asked for help and I offered my suggestions
below:
> OK its a little tricky then. Try this:
>
> MX record domain A = aaa.aaa.aaa.aaa
> MX record domain B = bbb.bbb.bbb.bbb
> MX record domain C = ccc.ccc.ccc.ccc
> etc
>
> Then at your firewall direct traffic on ports 25 110 etc from
> aaa.aaa.aaa.aaa to the real internal address of your mail server. Do
> the same for bbb, ccc, etc.
>
> You will use one real address for each domain. And be able to use a
> real reverse lookup for each address while forwarding the traffic to
> your internal mail server.


That is a bit tricky but don't see why it wouldn't work as long as the ISP
enters all those IPs as a PTR, that is too, if the customer is allocated
those IPs to be able to do that with.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[jp]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

> > MX record domain A = aaa.aaa.aaa.aaa
> > MX record domain B = bbb.bbb.bbb.bbb
> > MX record domain C = ccc.ccc.ccc.ccc
> > etc

Maybe I have not made it clear. We are going to use just ONE external
address for all the different domains. Therefore, the entries would look
like:
MX record domain A = aaa.aaa.aaa.aaa
MX record domain B = aaa.aaa.aaa.aaa
MX record domain C = aaa.aaa.aaa.aaa

> That is a bit tricky but don't see why it wouldn't work as long as the ISP
> enters all those IPs as a PTR, that is too, if the customer is allocated
> those IPs to be able to do that with.

Someone mentioned to me that there can only be 1 PTR address for an IP,
while you can have many aliases pointing to one IP. If this is true, there
will be a problem when reverse-DNS lookup for other domains take place.

Joe

 

[Guest]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

In news:OyAKRyCaEHA.596@TK2MSFTNGP11.phx.gbl,
JP <NO_SPAM_PLEASE_pangjo@netzero.com> asked for help and I offered my
suggestions below:
>>> MX record domain A = aaa.aaa.aaa.aaa
>>> MX record domain B = bbb.bbb.bbb.bbb
>>> MX record domain C = ccc.ccc.ccc.ccc
>>> etc
>
> Maybe I have not made it clear. We are going to use just ONE external
> address for all the different domains. Therefore, the entries would
> look like:
> MX record domain A = aaa.aaa.aaa.aaa
> MX record domain B = aaa.aaa.aaa.aaa
> MX record domain C = aaa.aaa.aaa.aaa
>
>> That is a bit tricky but don't see why it wouldn't work as long as
>> the ISP enters all those IPs as a PTR, that is too, if the customer
>> is allocated those IPs to be able to do that with.
>
> Someone mentioned to me that there can only be 1 PTR address for an
> IP, while you can have many aliases pointing to one IP. If this is
> true, there will be a problem when reverse-DNS lookup for other
> domains take place.
>
> Joe

I knew what you meant, but GWD provided a suggestion for a workaround.

I was the one that mentioned that. If you tried to create multiple PTRs for
the same IP, you'll find that DNS will remove them other than the default. I
guess you can lock the records, but this will cause confusion since Round
Robin doesn't work with reverse besides, if it did, you never know which
record will reply. I was pulling out my hair way back because of this. I
host mutliple domains for clients and have the PTR for my main server listed
only by its default name and I haven't heard any complaints. Once set of
users email to their AOL email addresses and they go thru fine.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[jp]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

Thanks, Ace.

I think I am going to do exactly as discussed. It should not be a big issue
since a lot of ISP's acutally use one server to host many email domains for
different clients. It turns out that they can resolve the reverse DNS
lookup issue. Therefore, I am quite positive that we can do the same.

Cheers,

Joe





"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:O0FotlDaEHA.1656@TK2MSFTNGP09.phx.gbl...
> In news:OyAKRyCaEHA.596@TK2MSFTNGP11.phx.gbl,
> JP <NO_SPAM_PLEASE_pangjo@netzero.com> asked for help and I offered my
> suggestions below:
> >>> MX record domain A = aaa.aaa.aaa.aaa
> >>> MX record domain B = bbb.bbb.bbb.bbb
> >>> MX record domain C = ccc.ccc.ccc.ccc
> >>> etc
> >
> > Maybe I have not made it clear. We are going to use just ONE external
> > address for all the different domains. Therefore, the entries would
> > look like:
> > MX record domain A = aaa.aaa.aaa.aaa
> > MX record domain B = aaa.aaa.aaa.aaa
> > MX record domain C = aaa.aaa.aaa.aaa
> >
> >> That is a bit tricky but don't see why it wouldn't work as long as
> >> the ISP enters all those IPs as a PTR, that is too, if the customer
> >> is allocated those IPs to be able to do that with.
> >
> > Someone mentioned to me that there can only be 1 PTR address for an
> > IP, while you can have many aliases pointing to one IP. If this is
> > true, there will be a problem when reverse-DNS lookup for other
> > domains take place.
> >
> > Joe
>
> I knew what you meant, but GWD provided a suggestion for a workaround.
>
> I was the one that mentioned that. If you tried to create multiple PTRs
for
> the same IP, you'll find that DNS will remove them other than the default.
I
> guess you can lock the records, but this will cause confusion since Round
> Robin doesn't work with reverse besides, if it did, you never know which
> record will reply. I was pulling out my hair way back because of this. I
> host mutliple domains for clients and have the PTR for my main server
listed
> only by its default name and I haven't heard any complaints. Once set of
> users email to their AOL email addresses and they go thru fine.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>

 

[Guest]

Archived from groups: microsoft.public.exchange2000.admin,microsoft.public.exchange2000.general,microsoft.public.win2000.dns (More info?)

In news:%23hK6H3FaEHA.3420@TK2MSFTNGP12.phx.gbl,
JP <NO_SPAM_PLEASE_pangjo@netzero.com> asked for help and I offered my
suggestions below:
> Thanks, Ace.
>
> I think I am going to do exactly as discussed. It should not be a
> big issue since a lot of ISP's acutally use one server to host many
> email domains for different clients. It turns out that they can
> resolve the reverse DNS lookup issue. Therefore, I am quite positive
> that we can do the same.
>
> Cheers,
>
> Joe

Very good Joe and my pleasure. Post back if you have any other concerns!

Cheers!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================