We're running Active Directory on Windows 2003 Servers. 99% of the time, all is well. Occassionally we seem to be pulling erroneous MX information. When I do an nslookup type=MX from the Imail server, I get the correct information... most of the time. The erroneous server is always another server that's located at the provider for the company in question. I check their DNS server and can find no problems...
The MS DNS cache could be getting poisoned, esp if you have recursion and access from Internet enabled, which you very probably have. You can't turn recursion off since IMail needs it. You can't restrict recursion to your subnets, only on or off.
I always recommend that mail servers not use MS DNS (AD or not), but BIND on *nix or Windows. Especially recommend for high-volume mail systems that generate high-volumes of queries. BIND has more security features, eg anti-poisoning and finer access controls. BIND is free so you don't have to pay another $1000 to Win server version.
Making your AD/DNS box accessible from Internet is really bad practice. If you set up BIND on a separate machine, have the AD/DNS box forward to it, and block access from Internet to the AD/DNS box.
Len
_____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
