Win2K,Exhange 2K and Sonicwall

[Marq]

Hi All,

I'm no stranger to DNS but I can't seem to make this monkey dance!

One Win2K PDC/WINS/DNS/IIS server

One Win2K Echange 2K server

One SonicWall firewall w/NAT (with most services enabled for testing).

All servers have 1 to 1 NAT enabled for Internal/External IPs

I only have 2 Zones: mydomain.net and ns1.mydomain.net

Our registrar has our name servers forwarding correctly, when I do an NS
lookup (SOA and MX) I get pointed to the right boxes.

However, I am not recieving external mail and DNS cannot find my default
webpage.

Do I use my external or internal IP address for externally accesible boxes?
That is to say, in my 'ns1.mydomain.net' do I list my mail exchanger as
'mailserver, mailserver.mydomain.net, 192.168.1.x or 65.176.56.x (external
I.P.)?

Should my NSlookup be returning an internal IP? Does the incremental
assignment matter?

Sometimes when I do NSLookup I get a timeout and a non-authoritive answer.

Thanks for any suggestions in advance!

Marq

 

[Kevin Goodknecht]

In

Hi All,

I'm no stranger to DNS but I can't seem to make this monkey dance!

One Win2K PDC/WINS/DNS/IIS server

One Win2K Echange 2K server

One SonicWall firewall w/NAT (with most services enabled for testing).

All servers have 1 to 1 NAT enabled for Internal/External IPs

I only have 2 Zones: mydomain.net and ns1.mydomain.net

Our registrar has our name servers forwarding correctly, when I do an
NS lookup (SOA and MX) I get pointed to the right boxes.

I'm confused by this statement, are you saying that you are using your own
DNS servers for public clients?

If that is the case then your public DNS servers must be seperated from your
internal DNS servers, public client cannot be allowed to see the internal
DNS and internal clients cannot be allowed to see your public DNS servers.
If you have public websites hosted locally behind NAT you must access these
sites by the private address.

However, I am not recieving external mail and DNS cannot find my
default webpage.

The mail problem may be caused by not having a reverse lookup on the public
IP that points to your mail server.(You may have to get your ISP to do this
one) Make sure you router is forwarding connections from the public IP on
port 25 TCP to the private IP that your mail server is listening on.

If you are hosting your on website you need a record in your internal DNS
zone for its hostname pointing to the private address of the website.

Do I use my external or internal IP address for externally accesible
boxes? That is to say, in my 'ns1.mydomain.net' do I list my mail
exchanger as 'mailserver, mailserver.mydomain.net, 192.168.1.x or
65.176.56.x (external I.P.)?

Your external DNS needs an MX record pointing to the hostname of your mail
server. Externally this record must resolve to a public address, internally
the record must resolve to a private address if you mail server is local
behind NAT.

Should my NSlookup be returning an internal IP? Does the incremental
assignment matter?

Sometimes when I do NSLookup I get a timeout and a non-authoritive
answer.

If you are getting a non-authoritative answer, then the DNS server you are
pointing to does not have a zone for the domain you are asking it to
resolve.

All in all, what I am trying to convey to you is you need an internal DNS
server for ALL internal clients to point to. This DNS server must have zones
for domains hosted locally, and you will have to manually create all records
you need to access any servers servicing sites in these domains.

If you are hosting your own public DNS, this means you need at least two DNS
servers, one public, one private.

 

[Marq]

I'm still confused.

Could someone do an NSLookup on 'trinitymc.net' and see if there are any
glasring errors?

I actually had the mail working for a short time, then I made some change
when adding CNAME records for the web server and everything fell apart.

Thank you!

Marq

 

[Kevin Goodknecht]

In

I'm still confused.

Could someone do an NSLookup on 'trinitymc.net' and see if there are
any glasring errors?

I actually had the mail working for a short time, then I made some
change when adding CNAME records for the web server and everything
fell apart.

Thank you!

Marq

trinitymc.net

Server: kjweb.lsaol.com
Address: 192.168.0.2

trinitymc.net internet address = 192.168.1.7
trinitymc.net nameserver = tmcpoint.trinitymc.net
trinitymc.net
primary name server = tmcpoint.trinitymc.net
responsible mail addr = admin
serial = 121
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
trinitymc.net MX preference = 1, mail exchanger = 66.7.246.169
trinitymc.net
WINS lookup
flags = 0 ( )
lookup timeout = 2
cache TTL = 900
server count = 1
WINS server = (192.168.1.7)
tmcpoint.trinitymc.net internet address = 192.168.1.7

This is not going to work your nameserver is publishing a private address
for its address and your MX record points to an IP address. MX records need
to point to an "A" host record that resolves to a public IP address.

And your PTR record does not point back to your mail server host name.

set type=ptr
66.7.246.169

Server: kjweb.lsaol.com
Address: 192.168.0.2

Non-authoritative answer:
169.246.7.66.in-addr.arpa name = 66-7-246-169.cust.telepacific.net