DNS Records for an Exchange Server serving multiple domains

[JP]

Sorry for crossing-posting. I really don't know which NG should I be
posting this question.

We are currently running an Exchange server, which is serving the users in
the head office under domain-A. We have a few sales offices which also have
users who requires email access. They want to use their own email domain
(i.e. domain-B, domain-C and so forth) due to the nature of our business.
Therefore, we want the same Exchange server to send and receive email for
multiple domains.

On the Exchange side, I can add other domain names in the ESM and set up
proxy email address under each user's account property. But I do not know
what would be the best practice on the DNS side. I am thinking of
requesting the ISP to add the MX records for domain-A, domain-B and domain-C
accordingly. They should all be pointing to the same IP address as the one
we use for domain-A. However, the technician from my ISP disagreed with
that. He said that it would upset reverse-DNS lookup if an IP address is
used by different domains.

I am not sure his point is valid. Could any experts please shed some
lights? Thanks in advance.

Cheers,

Joe

 

[hal]

Sorry for crossing-posting. I really don't know which NG should I be
posting this question.

We are currently running an Exchange server, which is serving the users in
the head office under domain-A. We have a few sales offices which also have
users who requires email access. They want to use their own email domain
(i.e. domain-B, domain-C and so forth) due to the nature of our business.
Therefore, we want the same Exchange server to send and receive email for
multiple domains.

On the Exchange side, I can add other domain names in the ESM and set up
proxy email address under each user's account property. But I do not know
what would be the best practice on the DNS side. I am thinking of
requesting the ISP to add the MX records for domain-A, domain-B and domain-C
accordingly. They should all be pointing to the same IP address as the one
we use for domain-A.

Yes, that is correct.

However, the technician from my ISP disagreed with
that. He said that it would upset reverse-DNS lookup if an IP address is
used by different domains.

He is not correct. Reverse DNS does not matter.

Hal

 

[Ace Fekay [MVP]]

In

Yes, that is correct.


He is not correct. Reverse DNS does not matter.

Hal

Hi, just wanted to add that I host 25 customer domains and I do it this way.
But my reverse points to the main machine's name and IP, not all the
customer domains, so this way if any recipient domains are performing
Reverse DNS lookups, it will come back as valid. So for the original poster,
don't worry about what the tech says, just let the reverse point to your
machine's actual FQDN.

I think the tech thinks you wanted a reverse for each one so there will be
multiple PTRs for the same IP, which won't work anyway, besides, I've tried
that in the beginning and found that MS DNS winds up removing all but the
one. There is no Round Robin for the reverse.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[JP]

Thanks for the clarification. I will probably add the MX records for the
new domains as planned. However, I still have some worries on the revserse
DNS lookup. If the recipient's email server requires a valid domain name
returned from reverse DNS lookup, chances are email messages using domain-B
as sender/reply address will not be accepted. Imagine the reverse DNS
lookup shows domain-A but the sender claims to be from domain-B.

We have had this problem for domain-A before. The ISP fixed it by putting
in the proper PTR address for domain-A on the DNS server. I am wondering if
the same problem will arise for the new domains in the future.

Joe

 

[GwD]

OK its a little tricky then. Try this:

MX record domain A = aaa.aaa.aaa.aaa
MX record domain B = bbb.bbb.bbb.bbb
MX record domain C = ccc.ccc.ccc.ccc
etc

Then at your firewall direct traffic on ports 25 110 etc from
aaa.aaa.aaa.aaa to the real internal address of your mail server. Do the
same for bbb, ccc, etc.

You will use one real address for each domain. And be able to use a real
reverse lookup for each address while forwarding the traffic to your
internal mail server.

Thanks for the clarification. I will probably add the MX records for the
new domains as planned. However, I still have some worries on the revserse
DNS lookup. If the recipient's email server requires a valid domain name
returned from reverse DNS lookup, chances are email messages using domain-B
as sender/reply address will not be accepted. Imagine the reverse DNS
lookup shows domain-A but the sender claims to be from domain-B.

We have had this problem for domain-A before. The ISP fixed it by putting
in the proper PTR address for domain-A on the DNS server. I am wondering if
the same problem will arise for the new domains in the future.

Joe

 

[Ace Fekay [MVP]]

In

OK its a little tricky then. Try this:

MX record domain A = aaa.aaa.aaa.aaa
MX record domain B = bbb.bbb.bbb.bbb
MX record domain C = ccc.ccc.ccc.ccc
etc

Then at your firewall direct traffic on ports 25 110 etc from
aaa.aaa.aaa.aaa to the real internal address of your mail server. Do
the same for bbb, ccc, etc.

You will use one real address for each domain. And be able to use a
real reverse lookup for each address while forwarding the traffic to
your internal mail server.

That is a bit tricky but don't see why it wouldn't work as long as the ISP
enters all those IPs as a PTR, that is too, if the customer is allocated
those IPs to be able to do that with.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[JP]

MX record domain A = aaa.aaa.aaa.aaa
Maybe I have not made it clear. We are going to use just ONE external
address for all the different domains. Therefore, the entries would look
like:
MX record domain A = aaa.aaa.aaa.aaa
MX record domain B = aaa.aaa.aaa.aaa
MX record domain C = aaa.aaa.aaa.aaa

That is a bit tricky but don't see why it wouldn't work as long as the ISP
enters all those IPs as a PTR, that is too, if the customer is allocated
those IPs to be able to do that with.

Someone mentioned to me that there can only be 1 PTR address for an IP,
while you can have many aliases pointing to one IP. If this is true, there
will be a problem when reverse-DNS lookup for other domains take place.

Joe

 

[Ace Fekay [MVP]]

In

Maybe I have not made it clear. We are going to use just ONE external
address for all the different domains. Therefore, the entries would
look like:
MX record domain A = aaa.aaa.aaa.aaa
MX record domain B = aaa.aaa.aaa.aaa
MX record domain C = aaa.aaa.aaa.aaa


Someone mentioned to me that there can only be 1 PTR address for an
IP, while you can have many aliases pointing to one IP. If this is
true, there will be a problem when reverse-DNS lookup for other
domains take place.

Joe

I knew what you meant, but GWD provided a suggestion for a workaround.

I was the one that mentioned that. If you tried to create multiple PTRs for
the same IP, you'll find that DNS will remove them other than the default. I
guess you can lock the records, but this will cause confusion since Round
Robin doesn't work with reverse besides, if it did, you never know which
record will reply. I was pulling out my hair way back because of this. I
host mutliple domains for clients and have the PTR for my main server listed
only by its default name and I haven't heard any complaints. Once set of
users email to their AOL email addresses and they go thru fine.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[JP]

Thanks, Ace.

I think I am going to do exactly as discussed. It should not be a big issue
since a lot of ISP's acutally use one server to host many email domains for
different clients. It turns out that they can resolve the reverse DNS
lookup issue. Therefore, I am quite positive that we can do the same.

Cheers,

Joe





"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Thanks, Ace.

I think I am going to do exactly as discussed. It should not be a
big issue since a lot of ISP's acutally use one server to host many
email domains for different clients. It turns out that they can
resolve the reverse DNS lookup issue. Therefore, I am quite positive
that we can do the same.

Cheers,

Joe

Very good Joe and my pleasure. Post back if you have any other concerns!

Cheers!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.