internal DNS for outside POP mail with same name (company.org)

[Jason]

i have a client who's network I set up with a domain name such as
company.org. this is the same as their registered domain outside ( web
and mail are hosted externally)
I set up a host record for www, and the web site works fine

the problem is mail. I can't seem to get the MX records to work
correctly. I temporarily setup a MAIL host record, which works for a
while. Then it stops when the internet record for mail changes. I need
to be able to set up MX records internally, so that they point to
whichever external mail server is operable at the time. I've tried it
several different ways, to no avail ( MX records with the external IPs,
MX records pointing to duplicate 'mail' A recordsm with different
priorities)

right now I have the temporary host record solution which is not
working so well

any help would be greatly appreciated

Thanks in advance

-Jason

 

[Kevin D. Goodknecht Sr. [MVP]]

In

i have a client who's network I set up with a domain name
such as company.org. this is the same as their registered
domain outside ( web and mail are hosted externally)
I set up a host record for www, and the web site works
fine

the problem is mail. I can't seem to get the MX records
to work correctly. I temporarily setup a MAIL host
record, which works for a while. Then it stops when the
internet record for mail changes. I need to be able to
set up MX records internally, so that they point to
whichever external mail server is operable at the time.
I've tried it several different ways, to no avail ( MX
records with the external IPs, MX records pointing to
duplicate 'mail' A recordsm with different priorities)

right now I have the temporary host record solution which
is not working so well

any help would be greatly appreciated

Resolving the MX record won't help you anyway, clients don't look for the MX
record.
Your mail provider may have a dynamic IP on the SMTP server, but usually
have static records on POP servers. If the POP server is dynamic, you can
delegate the internal record to the public DNS server that is authoritative
for the public domain.

How do you access the external POP server or external SMTP server? (By what
name?)

 

[Jason]

the pop and smtp are both the same: mail.company.org

 

[Kevin D. Goodknecht Sr. [MVP]]

In

the pop and smtp are both the same: mail.company.org

Then you should delegate the name mail to the authoritative DNS servers for
the public domain. Some ISP's use dynamic IP addresses for SMTP server to
try to stay ahead of the spammers.
You could also create a new host named mail with the IP of the mail server,
if the ISP changes the mail server IP you will have to correct the record.
The only time a delegation may not work is if the mail.company.org is a
CNAME record and the CNAME record points to a name in your domain too. If
that is the case you'll have to create the host record the CNAME points to
or create the A record and hope the IP doesn't change.
Whatever the case mail clients do not and will not query for an MX record.

 

[Jason]

how do i delegate the mail record to look at external DNS servers for
resolution? i looked, but could not see how this is done. my internal
machine is set for the clients DNS, with forwarders set up for the ISPs
DNS

 

[Kevin D. Goodknecht Sr. [MVP]]

In

how do i delegate the mail record to look at external DNS
servers for resolution? i looked, but could not see how
this is done. my internal machine is set for the clients
DNS, with forwarders set up for the ISPs DNS

Open the forward lookup zone, right click in the zone, select new
delegation, name the delegation 'mail', click next and put in the name and
IPs of the public authoritative DNS servers for the domain name. Note- This
may or may not be your ISP's DNS, you must use the Authoritative DNS listed
on the public record at your registrar.

The only time a delegation does not work is when the public DNS uses a CNAME
record named 'mail' and that record points to a FQDN that your local DNS
can't resolve, such as a name within the same domain name.
To verify this,
nslookup
set type=any
server <yourISPsDNSserverIP>
mail.yourdomain.com

If it returns an canonical name, what is the canonical name? Someting
outside your domain name or something inside your domain name?
If it just returns the IP address and no canonical name, the delegation will
work fine. IF it returns a canonical name that is outside your domain name,
create an new Alias (Cname) in your zone named 'mail', then point that to
the FQDN that the public record points to.

 

[Jason]

it returned this: (i obviously doctored the actual IPs, etc.)

mail.organization.org

Server: server.organization.org
Address: 10.0.59.10

mail.organization.org internet address = x.x.x.126
mail.organization.org internet address = x.x.x.127
mail.organization.org internet address = x.x.x.125
mail.organization.org internet address = x.x.x.124

it seems to be working now. the ISP said they were having issues on
their end. This configuration is with those for records set up as A
records...

 

[Kevin D. Goodknecht Sr. [MVP]]

In

it returned this: (i obviously doctored the actual IPs,
etc.)

Server: server.organization.org
Address: 10.0.59.10

mail.organization.org internet address = x.x.x.126
mail.organization.org internet address = x.x.x.127
mail.organization.org internet address = x.x.x.125
mail.organization.org internet address = x.x.x.124

it seems to be working now. the ISP said they were having
issues on their end. This configuration is with those for
records set up as A records...

You should use a delegation in this case, you would obviously have at least
four records to keep in sync. If there is a change of IP address on one
record you may not be able to retrieve your mail.
Open your forward lookup zone, right click select New delegation from the
list, name it mail, then in the next screeen put in the Authoritative DNS
server names and addresses for the public zone.

 

[Jason]

I did this (fingers crossed). I added the name servers of the web host
that does the external domain. how do you get rid of a delegation once
you add it? I I can't seem to find this anywhere...

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I did this (fingers crossed). I added the name servers of
the web host that does the external domain. how do you
get rid of a delegation once you add it? I I can't seem
to find this anywhere...

Delete. But you should need to delete unless you don't need it to resolve
the name.

 

[Pride]

In

Delete. But you should need to delete unless you don't need it
to resolve
the name.

I’m a newbie here, but wanted to give my input.

We have the EXACT same situation at our firm.

We use companyname.com for our internal domain.


This is our setup:

We have our Website hosted by our ISP, and have them handling our
extnernal DNS. So they do the following:

www -> 24.137.xxx.xxx (Their Web Server)
mail - > 68.xxx.xxx.xxx (Our Firewall/Outside Static IP Address)
webmail -> 68.xxx.xxx.xxx (same as mail)
ftp -> 68.xxx.xxx.xxx (same as mail)

Internal DNS Server has the following configured:

www -> 24.137.xxx.xxx (In order for your internal clients to see your
company website hosted by your ISP, you need to include this)
mail -> 192.168.1.9 (Email SMTP Server)
webmail -> 192.168.1.9 (IIS on email server)
ftp -> 192.168.1.17 (our FTP server)

Hopefully that helps!