Your AD zone/internal dns servers should "ideally" not be serving public recursive lookups. Big security issues there.
Setup your public zones (redundant) on a separate machine(s) outside the firewall somewhere, or have your isp host them. Have your internal name servers forward lookups to your external DNS server(s), but don't disable recursion (my opinion). Have exch point to the internal name servers. Un"fix" smtp on your pix. byron -----Original Message----- From: Jonathan [mailto:jwright@;spectore.com] Sent: Tuesday, November 12, 2002 10:25 AM To: Exchange Discussions Subject: RE: Incoming Mail not working Yes I do have recipient policies and the are applied. They appear on the accounts of the user in U & C. Didn't turn off fixup on the firewall yet...that's next. Another question. Do I necessarily need an external DNS on my network for this to work? I only have two internal DNS servers (behind the firewall). What would be a ideal solution for a network that has the following: 1 firewall 2 Domain Controllers AD Intergrated Zone 1 Exchange Server 1 IIS server (on same server as Exchange 2000) Shouldn't I point my public domain name (Primary & Secondary DNS setup) to my two internal DNS servers so they may resolve the correct service? > Jonathan you don't mention it, but I assume you have set up the > appropriate recipient policies in Exchange System Manager i.e. added > the public domains which the Exchange server is hosting? =20 > > If the "public" email domains are different to the Exchange Server's > domain, it needs to know about it. If the domains were different and > you didn't insert the desired domains into the recipient policies, > internal mail would be OK but you'd get the error you advertise when > external sources try and send to you. > > If you have the recipient policies in place, make sure they're > applied, and make sure that the user objects are picking them up in AD > Users&Computers. > > Oh and turn off fixup smtp in the pix [no fixup protocol smtp] whilst > setting up, just as a matter of course. You can turn it back on later > when you have a more stable environment - then you'll better > appreciate the subtelty of the problems it can cause. > > All the best, > > Andy > > > > -----Original Message----- > From: Jonathan [mailto:jwright@;spectore.com]=20 > Sent: 12. november 2002 16:55 > To: Exchange Discussions > Subject: Incoming Mail not working > > > I have setup exchange2k in AD domain environment behind a pix firewall > . > > I am able to send email using my exchange server but for some reason I > am not able to receive anything. Here is the criteria of my setup. > > 2 DNS server with AD Intergrated Zones. =20 > 2 primary zones created domain.com and domain.org. > Exchange 2k with default settings. > domain.org is registered with internic as having a primary dns that > points to my 2 internal DNS servers using public IP addresses. > domain.com is registered with internic as having a primary dns that > points > to an external dns servers hosted by a consulting company. > > I've double checked all possibilities. I can send email using > Exchange2K to myself and receive the message. When I use an outside > email account to > send to the excange server I get an undelivered mail message: "unknown > host: [EMAIL PROTECTED]". When I check my transaction logs I don't > get any messages pertaining to incoming mail. > > How else can I troubleshoot my incoming mails. Is there any step that > I'm missing between registering my dns servers with internic to > setting up my > pixfirewall? Please list some other variables that may resolve my > incoming mail. > > Thanks, > > J > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
