id="info"

Question

Locked

Problem with MX Records for Test Domain.

By Kjell_Andorsen ·
Hi,

Our company recently let us create a test domain to let us test certain configurations outside a production environment.

We created the test domain as a totally separate Active directory forest, our production environment consists of a single-domain forest as well. All our servers run W2k3.

We've set the Test domain up on a different subnet and our routers are set to route anything to that subnet over an internal connection.

Currently our DNS is active directory integrated on both the production and test domains. We set up a Forwarder in our Company's production DNS to forward DNS queries for the test domain to the test domain dns server. We can ping hosts on the test domain by Hostname and ip address, but for some reason we are unable to get the MX records to work. Trying to send mail to the exchange server on the test domain fails, we're unable to ping the mx record. We are able to ping the Echange server just by host name, but mail won't flow.

Does anyone have any idea which step we're missing here?

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

First....

by Zen37 In reply to Problem with MX Records f ...

I'm having trouble following your setup, but i will give it a try. I figure you are trying to get mail from the internet to your test environment. From the internet, if you do a MX query on your domain name, are you getting the correct answer? Is your firewall getting the mail connection (port 25)? Is your firewall receiving the mail? Can you firewall resolve your internal MX record of your test environment? Can you firewall connect to your mail server on port 25?

Collapse -

Well...

by Kjell_Andorsen In reply to First....

We're trying to keep it off the internet. Basically we only want the test domain to be reacheable from our main domain. We have excellent connectivity between the two domains and are able to resolve any DNS record except the MX records. The ports between the two domains are open and passing traffic.

Collapse -

did you test Exchange using telnet?

by CG IT In reply to Well...

if your using SMTP the first thing to do is test exchange using telnet. here's a KB on it. http://support.microsoft.com/kb/153119/en-us

once you verify that Exchange will answer properly meaning traffic over SMTP works, then its a DNS problem. Whois queries must be resolved by authoritative DNS servers for the domain. If your trying to send mail from one domain to another via dedicated line, the send from will query DNS and if it can't be resolved, will forward the query out to the internet [or in this case dedicated line] to the send to domain which must respond to the query. Otherwise the DNS query goes unanswered [no one knows whois that domain] and an NDR is generated.

Make sure unresolved queries are forwarded to the right servers.

Bottom line, some DNS server has to respond to the whois query. If not mail won't flow.

Collapse -

Connectivity is fine

by Kjell_Andorsen In reply to did you test Exchange usi ...

There is no problem with connectivity we can communicate with the server itself, even rdc into it, the issue is definitely with DNS, for some reason normal host (A) records resolve fine, but not the MX record. We have the DNS servers in our main domain set to forward any queries for the test domain to the test domain DNS server which is authoritative for the test domain. We just can't figure out why the test domain DNS server will resolve host records, but not MX records

Collapse -

telnet to exchange not the box

by CG IT In reply to Connectivity is fine

telnet to exchange is not communicating with the server box, it's communicating with Exchange itself. It's a simple test and the first one to run if there are problems with SMTP service. Exchange must return the test for the SMTP connector message or it's not functioning properly.

If the send to domain will resolve A, HOST, CNAME records but not MX records, try deleting the old record, flush DNS, recreate the MX record and try again.

After that, go see msexhange.org it's probably the best and most comprehensive site for MS Exchange.

Collapse -

DNS issues

by Zen37 In reply to Connectivity is fine

First thing i would do is see if your DNS server is resolving the MX record from itself. From the DNS server, open a DOS window and do an NSLOOKUP. Then do a SET TYPE=MX. Then type the test domain's name. If you don't get a response, then your DNS itself has an issue.
Make sure you have an "A" record that corresponds to your "MX" record. Have your tried reloading the DNS server service?
What error message are you getting when you query your "MX" record? Can you show me your domainname.dns file?

Collapse -

Befuddled

by Kjell_Andorsen In reply to DNS issues

I telneted into the Exchange service on port 25 and smtp seems fine. I get the following:

220 ddnpdc1.ddntest.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 rea
dy at Tue, 14 Nov 2006 11:24:36 -0700


I've also managed to do nslookup on the MX record for the test domain from the production domain. From what I can see it SHOULD be working, but it's still not. The bounce reply I get is "The destination server for this recipient could not be found in Domain Name Service (DNS)."

When I do the NSlookup on the MX record I get the following:

C:\Documents and Settings\Kjella>nslookup -querytype=MX ddntest.com
Server: ddnpdc1.drawnet.com
Address: 10.0.0.24

Non-authoritative answer:
ddntest.com MX preference = 10, mail exchanger = ddnpdc1.ddntest.com

ddnpdc1.ddntest.com internet address = 10.0.2.20

I am able to send email from the Exchange server on the test domain to clients on the production domain.

Collapse -

good telnet test

by CG IT In reply to Befuddled

ok then exchange STMP connector is running properly.

then the problem is DNS and having an authoritative DNS server resolving the name to an IP address.

if the send from can not resolve the send to address, you'll get the NDR report at the send from source. That means that DNS at the send from can not get the send to DNS server to answer the whois query. DNS is over UDP/TCP port 53 so the firewall between the source and the destination needs to allow traffic over these ports.

If a query isn't resolved, DNS will try a recursive. There are DNS tests you can run to test queries in DNS. to run a simple query or recursive query here's a technet article. http://technet2.microsoft.com/WindowsServer/en/library/bd028d6e-bc2f-40f8-b1e6-d3582214eb961033.mspx?mfr=true

If you use non routable addressing on the WAN, that also might be your problem.


here's a technet article on how DNS works.

http://technet2.microsoft.com/WindowsServer/en/library/bd028d6e-bc2f-40f8-b1e6-d3582214eb961033.mspx?mfr=true

Collapse -

Figured it out

by Kjell_Andorsen In reply to Problem with MX Records f ...

Gosh, now I feel like an idiot. The answer was in the one piece of information I had overlooked. Our production domain uses to DCs/DNS servers all our workstations and onsite servers use DC1 for DNS, but the Servers at our Datacenter co-location use DC2. We had loaded the secondary Zone for the test domain on DC1 and so everything was resolving fine when we tested it from our workstations, but the zone was not loaded on DC2 which is what our exchange server was using. Once we loaded the secondary zone on DC2 it worked beautifully. Figures it would be a stupid little oversight like that.....

Thank you guys so much for your help, I really appreciate the time you took to attempt to help me, you gave me some helpful suggestions that I will employ in futrue troubleshooting

Collapse -

Ping MX record??

by junior In reply to Figured it out

I'm curious...you do konw that its not possible to ping MX records right? after all... an MX record is basically a rule which directs mail traffic to a *real* record like A or CNAME, an MX record can not be resolved cuz its not real... its only a type of rule and since you said you WERE able to ping A records you should have no problem unless you somehow didn't create the MX record properly. In which case... your solution shouldn't work but since its working i assume you have manipulated your DNS structure to to make something wrong work.

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums