puzzling DNS problems could not receive external emails

[Dan]

an Exchange Server 2000 on Windows 2000 Server (Primary
Domain), there is also a secondary domain. all servers are
behind a router (Linksys), router's ip is:209.121.79.149,
i used the router to forward port 53, 25 to the primary
domain (nova-server.novagenetics.ca), ip is 192.168.1.2

primary domain: nova-server.novagenetics.ca (192.168.1.2)
secondary domain: backupserver.novagenetics.ca
(192.168.1.3)

when the ex-admin created the primary domain, he
used "nova-server.novagenetics.local"

under the DNS "Forward Lookup Zones" of the PDC, it has
two sub-folders, one is "novagenetics.ca", next
is "novagenetics.local"

Exchange server can send and receive emails internally and
also can send emails to outside, but could not receive
emails from outside. When I use hotmail, yahoo send
testing emails to ***@novagenetics.ca, nothing happened,
even no bounce-back

checked www.dnsreport.com, it says MX record for
novagenetics.ca could not be found. but from the registra
(where hosts the novagenetics.ca)'s account, the MX record
is pointing to ns1.novagenetics.ca with ip 209.121.79.149,
and I have a MX record under the "novagenetics.ca" sub-
folder, and also created a ns1.novagenetics.ca record.

help please............... appreciate it

 

[Kevin D. Goodknecht Sr. [MVP]]

In

an Exchange Server 2000 on Windows 2000 Server (Primary
Domain), there is also a secondary domain. all servers are
behind a router (Linksys), router's ip is:209.121.79.149,
i used the router to forward port 53, 25 to the primary
domain (nova-server.novagenetics.ca), ip is 192.168.1.2

primary domain: nova-server.novagenetics.ca (192.168.1.2)
secondary domain: backupserver.novagenetics.ca
(192.168.1.3)

when the ex-admin created the primary domain, he
used "nova-server.novagenetics.local"

under the DNS "Forward Lookup Zones" of the PDC, it has
two sub-folders, one is "novagenetics.ca", next
is "novagenetics.local"

Exchange server can send and receive emails internally and
also can send emails to outside, but could not receive
emails from outside. When I use hotmail, yahoo send
testing emails to ***@novagenetics.ca, nothing happened,
even no bounce-back

checked www.dnsreport.com, it says MX record for
novagenetics.ca could not be found. but from the registra
(where hosts the novagenetics.ca)'s account, the MX record
is pointing to ns1.novagenetics.ca with ip 209.121.79.149,
and I have a MX record under the "novagenetics.ca" sub-
folder, and also created a ns1.novagenetics.ca record.

help please............... appreciate it

Your zone has a couple of problems, the problem with the MX record is when
you created the MX record you filled in the host or domain field with "mail"
so your MX record is at mail.novagenetics.ca., create a new MX record leave
the "host or domain" field blank.

Problem two, your DNS server is using NS records with private addresses.
QUESTION SECTION:
novagenetics.ca. IN NS

ANSWER SECTION:
novagenetics.ca. 3600 IN NS
nova-server.novagenetics.local.
novagenetics.ca. 3600 IN NS novagenetics.ca.
novagenetics.ca. 3600 IN NS
backupserver.novagenetics.local.

ADDITIONAL SECTION:
nova-server.novagenetics.local. 3600 IN A 192.168.1.2
novagenetics.ca. 3600 IN A 209.121.79.149
backupserver.novagenetics.local. 3600 IN A 192.168.1.3

Query time: 130 ms
Server : 209.121.79.149:53 udp (209.121.79.149)
When : 8/30/2004 12:42:56 PM
Size rcvd : 166

 

[Guest]

thank you so much for your help!

i recreated a new MX record under "novagenetics.ca" sub-
folder under the "Forward Lookup Zones" of DNS server of
PDC. and leave the "host or domain" field blank.

but I don't know how to fix the second problem, I tried to
not use the private IPs, but no luck yet.

could you give me some clue? many thanks.

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
wrote their comments
Then Kevin replied below:

thank you so much for your help!

i recreated a new MX record under "novagenetics.ca" sub-
folder under the "Forward Lookup Zones" of DNS server of
PDC. and leave the "host or domain" field blank.

but I don't know how to fix the second problem, I tried to
not use the private IPs, but no luck yet.

could you give me some clue? many thanks.

Is the zone a standard Primary zone and is it stored in Active Directory?
If it is stored in Active directory select the properties of the zone and
deselect the option to store it in Active Directory, AD zones will always
create NS records for the machine name. You don't want these records in your
public zone.

Once the zone is taken out of Active Directory, go to the Name Servers tab,
remove the NS records for the two DCs.
novagenetics.ca. IN NS

ANSWER SECTION:
novagenetics.ca. 3600 IN NS
backupserver.novagenetics.local.
novagenetics.ca. 3600 IN NS
nova-server.novagenetics.local.

Then add these two name servers NS records:
DNS1: ns1.novagenetics.ca 209.121.79.149
DNS2: bnbyps07.telus.net 207.194.28.230

You also need to create a new record named ns1 with IP 209.121.79.149 this
is your glue record, which you do not have glue right now. So right now your
DNS server can't even resolve its own NS record.

On the SOA tab change the primary name server to ns1.novagenetics.com.

 

[Lanwench [MVP - Exchange]]

Don't host your domain's public DNS in house unless you have a separate
server for it. Have your ISP or webhosting company do this. Do not mix
public and private.

 

[danielj]

i did all you told me, but still didn't work. Must be
something I still missed. But I would thank you so much
for your info and help.

Problem seems still the MX record. when I use
www.dnsreport.com to test the "novagenetics.ca"'s email
test, it says:

Getting MX record for novagenetics.ca... There is no MX
record for novagenetics.ca! That's bad.
Checking for an A record... There is no A record for
novagenetics.ca either!

*********************************

anyway, I trying to figure this out.

-----Original Message-----
In (e-mail address removed)

 

[Kevin D. Goodknecht Sr. [MVP]]

In comments
Then Kevin replied below:

i did all you told me, but still didn't work. Must be
something I still missed. But I would thank you so much
for your info and help.

Problem seems still the MX record. when I use
www.dnsreport.com to test the "novagenetics.ca"'s email
test, it says:

Getting MX record for novagenetics.ca... There is no MX
record for novagenetics.ca! That's bad.
Checking for an A record... There is no A record for
novagenetics.ca either!

*********************************

anyway, I trying to figure this out.

That isn't what I got,
Getting MX record for novagenetics.ca... Got it!


Host Preference IP(s) [Country]
ns1.novagenetics.ca. 10 209.121.79.149 [CA]




----------------------------------------------------------------------------
----




Step 1: Try connecting to the following mailserver:
ns1.novagenetics.ca. - 209.121.79.149

But, I also got this:
ERROR: I could not complete a connection to any of your mailservers!

ns1.novagenetics.ca: Connection closed before I received all my data (state
4). Your mailserver disconnected before it was done! This may be the result
of a non-RFC-compliant mailserver or anti-spam program.

 

[Ace Fekay [MVP]]

In

That isn't what I got,
Getting MX record for novagenetics.ca... Got it!


Host Preference IP(s) [Country]
ns1.novagenetics.ca. 10 209.121.79.149 [CA]

--------------------------------------------------------------------------

--

----

Step 1: Try connecting to the following mailserver:
ns1.novagenetics.ca. - 209.121.79.149

But, I also got this:
ERROR: I could not complete a connection to any of your mailservers!

ns1.novagenetics.ca: Connection closed before I received all my data
(state 4). Your mailserver disconnected before it was done! This may
be the result of a non-RFC-compliant mailserver or anti-spam program.







--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
================================================

Using nslookup I also got the MX record as:
ns1.novagenetics.ca
209.121.79.149

Then I tested with telnetting to that address on 25 and it connected for me.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[danielj]

yes, this time the MX record is working properly. I just
found this

Now I think the DNS server is correctly setup and working
fine. (with all your help and patience, I here say Thank
You, and it's from the bottom of my heart

Seems like the current problem is the exchange server,
just as what you found:

The mail server could not complete a connection, but I
don't have an anti-spam program running, so I think I
need to face the "non-RFC-compliant" thing, although I
don't know what this is now.

Appreiciate your help.

 

[dnaielj]

i think at this point, the problem still be the DNS, in my
DNS server's "Forward Lookup Zones", i have two
subfolders, the first "novagenetics.ca", which I worked on
it yesterday, is working correctly, but the second
one "novagenetics.local", i don't think it's working fine.

our primary domain is: novagenetics.local, which might be
having some conflicts here with novagenetics.ca's DNS

when emails arrived the ns1.novagenetics.ca, which is the
primary domain controller, who has exchange server 2k, it
probably could not find the properly address to go with
novagenetics.local confusing it.

am i right? thanks

 

[Ace Fekay [MVP]]

In

i think at this point, the problem still be the DNS, in my
DNS server's "Forward Lookup Zones", i have two
subfolders, the first "novagenetics.ca", which I worked on
it yesterday, is working correctly, but the second
one "novagenetics.local", i don't think it's working fine.

our primary domain is: novagenetics.local, which might be
having some conflicts here with novagenetics.ca's DNS

when emails arrived the ns1.novagenetics.ca, which is the
primary domain controller, who has exchange server 2k, it
probably could not find the properly address to go with
novagenetics.local confusing it.

am i right? thanks

Not sure what you are referring to, but the connection and MX records seem
fine. What exactly is happening?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Kevin D. Goodknecht Sr. [MVP]]

In comments
Then Kevin replied below:

i think at this point, the problem still be the DNS, in my
DNS server's "Forward Lookup Zones", i have two
subfolders, the first "novagenetics.ca", which I worked on
it yesterday, is working correctly, but the second
one "novagenetics.local", i don't think it's working fine.

our primary domain is: novagenetics.local, which might be
having some conflicts here with novagenetics.ca's DNS

when emails arrived the ns1.novagenetics.ca, which is the
primary domain controller, who has exchange server 2k, it
probably could not find the properly address to go with
novagenetics.local confusing it.

am i right? thanks

I'm not sure what you are saying, but all you need to do is add
novagenetics.ca to the recipient policy then create an MX record in the
novagenetics.ca zone. (See below)
I think your biggest problem is that you are using the same DNS server for
both internal and external resolution. You can't do that if you are behind
NAT.


You had your MX record right, now you've changed it. You _MUST_ leave the
"Host or Domain" field blank. Then put the mail server host name in the mail
server field. You cannot point it to an IP address either. Here is the MX
record now, which is fine as long as you use (e-mail address removed) for
the email address. You had this right why did you change it?

opcode: Query, status: NOERROR, id: 42
flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

QUESTION SECTION:
ns1.novagenetics.ca. IN MX

ANSWER SECTION:
ns1.novagenetics.ca. 3600 IN MX 10 209.121.79.149.
ns1.novagenetics.ca. 3600 IN MX 10 ns1.novagenetics.ca.

ADDITIONAL SECTION:
ns1.novagenetics.ca. 3600 IN A 209.121.79.149