Name resolution

[elcephus]

I'm hoping this is a really dumb question and someone can provide me with a nice short, sweet answer.

I have here an Exchange server that has the POP3 connector enabled and working for the most part. The internal address and external addresses are different. Lets say they are Exchange1.domain.local for the Internal and the External is mail.domain.com.

Joining our team are a couple of consultants who have other companies that they work with and would like to use the POP3 connector to receive their email. The problem is they would have to keep changing their SMTP and POP3 servers when from local to the external when depending on if they are in or out the office. Is there a way for me to associate mail.domain.com with Exchange1.domain.local?

Thanks.

 

[avilov]

why can't they just use mail.domain.com all the time?

 

[elcephus]

that is an external name and we are using internal DNS servers. I will try using External DNS' for those users in question and see how that works, but are there any other suggestions?

 

[avilov]

even tho you use internal name servers they should be able to resolve "external" addresses like mail.domain.com. and since POP3 coonections alowed from the outside it would work from inside as well. unless you block all attempts to connect to port 110 from inside

you can always create a zone domain.com on your "internal" DNS server, but I wouldn't do that as it can and probably will eventially break something in correct name resolution

 

[ShackDaddy]

I don't think creating the domain.com zone on the inside is likely to break anything, and it will solve your problem. Add a new forward-lookup zone for domain.com and create an A-record (name) for 'mail' that maps to the internal IP. If you have a company website (hosted either internally or externally), make sure that you create a

http://www name

record that points to it appropriately.

ShackDaddy

 

[elcephus]

Ok, well i tried your suggestion ShackDaddy and unless I am doing something wrong it does not work. I created a forward lookup zone for the domain in question. After I setup and a record to point to the Internet computer and it still does not work.

Let me explain the situation a little more.

lets say the name of the domain in question is test.dyndns.org Now I can ping test.dyndns.org and the name gets resolved. The problem happens when I enter the pop3 server as test.dyndns.org in outlook express I get the following message

The connection to the server has failed. Account: 'mtmtest.dyndns.org', Server: 'mtmtest.dyndns.org', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E

But if I enter the computer name of the pop3 server it works fine. Any ideas?

 

[ShackDaddy]

A couple of questions. Does your Exchange server have two network interfaces, one on the outside and one on the inside, or is there a single interface that your firewall forwards traffic to?

When you are on your LAN and you ping 'test.dyndns.org', it resolves to your internal address now, or does it resolve to the external?

When you ping Exchange1.domain.local it replies from the same address?

Make sure both names resolve to the same address. If you made the change to your DNS and then immediately switched the settings on your client, it may have used a cached address for the outside name instead of querying DNS again. Or, if you are testing on one of those consultant's laptops, it may have a hosts file set up for your external servername, in which case it will always continue to look for the external IP regardless of what you set up internally.

When both pings reply from the same address, you should be able to properly point your mail client at it. Mail servers don't screen for the server name you were pointed at, all they care about is what IP you were shooting for.

ShackDaddy

 

[elcephus]

The Exchange server uses only one Network Interface and the firewall forwards traffic to it. The server has an additional NIC card that I can setup if there is a better way for me to have this done.

When I am connected to the LAN and ping test.dyndns.org it resolves to the external IP address. I setup a new zone called test.dyndns.org and added the A record. When I created the A record I left the host name blank so it uses the parent domain. I have also tried adding in test.dyndns.org into the host name and it still does not work. When I ping the exchange server it gives me the Internal IP address of 10.10.10.X. When I created the A record for test.dyndns.org I put in the LAN address not the external address. Would you happen to know of a site that talks about this issue? If you have done this before and you have some sort of messenger service were we can talk that would be great. Just send me a private note. Thanks.

Any other suggestions?

 

[elgrandeperro]

I can't tell, are you running split DNS? That is, are internal and external forward zones separated? That is the only way it could work.

I have done split resolution before, but right now we put the mail stuff in a separate DMZ with routable IPs, and that way the resolution is the same whether in the external or internal DNS world.

Also, instead of using Express to test, just use "telnet host/ip 110" to see if the pop banner appears. It would be troubling if your test give different results for a name that you thought was mapped to an ip, since ShackDaddy is right, there is nothing in pop that verifies HOW you got the pop servers ip.

gene

 

[ShackDaddy]

Seems like the only thing left to resolve is getting the test.dyndns.org to resolve properly on the inside. Seems like it's cached or in the hosts file. Try doing a "ipconfig /flushdns" from the command-line and then a "ipconfig /displaydns". If you see the dns name there, then it means it's been set in your hosts file. If you don't see it there, then try opening your mail client again.

ShackDaddy