No announcement yet.

Exchange 2003 reverse lookup

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 reverse lookup

    In my environment I have a windows 2003 standard server (fully patched) and an exchange 2003 server (fully patched). Both are DC's. I have my win2k3 server as my primary DNS/File server. We also have a pop3 account set up in everyone's outlook to be able receive email. Eventually we will be moving away from the pop3 and have justt exchange to send and receive email.

    We also have 3 VLAN's set up on our network.
    192.168.1.x - servers/cisco equipment live on this subnet
    192.168.2.x - desktops
    192.168.3.x - desktops

    we have a cisco asa 5510 and a cisco 2811 router

    I have created a reverse lookup zone for the 1.x network.
    When we move the mx record and bring email in house, would i need to have reverse lookup zones for the 2.x and 3.x networks?

  • #2
    Re: Exchange 2003 reverse lookup

    Your local reverse lookup zone is completely immaterial to Exchange. Exchange doesn't care, nor does the internet. There are plenty of AD domains that are setup without them.
    For the record I would have a reverse DNS zone for all IP subnets, and have it AD integrated.

    The reverse DNS needs to be set on your public IP address by your ISP.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: Exchange 2003 reverse lookup

      When you say "move the mx record" , I'm assuming you mean that you are going to create one in your internal AD DNS zone. If that's what you meant it is totally unneccessary. Exchange does not need or use an internal MX record. The MX record is only needed in your public (external) DNS namespace for external mail servers to find your Exchange server (a routable ip address NAT'ed to the non-routable ip address of your Exchange server).


      • #4
        Re: Exchange 2003 reverse lookup

        Yes I do know that you do not need to add an MX record on the exchange server. Yes I also understand that the MX record gets re pointed to one of our public ip's that get NAT'd within our firewall. In the past, I've always setup reverse lookup zones when configuring DNS in an AD environemnt. But being that i have VLAN's setup with muliple subnets, the reverse lookup ip's are not updating. I have another post on this topic in a different thread so no need to re-iterate the same subject here.

        Once i have contacted my public DNS provider and request the mx change, (my dns provider already has the reverse lookup configured) and after about 48-72 hours to propagte over the internet, is there anything else I would need to do the exchange server (aside from making any change on our firewall , opening port 25 and port 80/443) in regards to receiving email?


        • #5
          Re: Exchange 2003 reverse lookup

          Not that I can think of. Also, see this excerpt from a Wikipedia article on DNS that references the "72 hour" myth of DNS propagation:

          Many people incorrectly refer to a mysterious 48 hour or 72 hour propagation time when you make a DNS change. When one changes the NS records for one's domain or the IP addresses for hostnames of authoritative DNS servers using one's domain (if any), there can be a lengthy period of time before all DNS servers use the new information. This is because those records are handled by the zone parent DNS servers (for example, the .com DNS servers if your domain is, which typically cache those records for 48 hours. However, those DNS changes will be immediately available for any DNS servers that do not have them cached. And any DNS changes on your domain other than the NS records and authoritative DNS server names can be nearly instantaneous, if you choose for them to be (by lowering the TTL once or twice ahead of time, and waiting until the old TTL expires before making the change).


          • #6
            Re: Exchange 2003 reverse lookup

            Cool - thanks for that article. In prior experience with this, I have seen the mx change take longer than 72 hours, but that was only with 1 customer. All other clients I have dealt with normally take about 2-3 days to propagate which normally gets scheduled for a friday evening to allow the change over the weekend.


            • #7
              Re: Exchange 2003 reverse lookup

              Wow. We are an email hosting company and when we change MX records for our customers the longest I've seen is 1 hour. We're usually only changing the MX though and not changing NS or SOA records.


              • #8
                Re: Exchange 2003 reverse lookup

                wow that is fast . Some of the customer's I've worked with have comcast as their DNS provider and they usually take the longest.
                We're actually in the process of changing internet providers so i think once this occurs and things settle, we'll then request the mx change. I would imagine the ns and soa records get changed when switching ISP's?


                • #9
                  Re: Exchange 2003 reverse lookup

                  The MX points to the A record and the A record to the IP address (which changes) is my understanding, this then needs to replicate around the world so figures of 24/48 hours are usually stated. 1 hour seems too fast but is it for this scenario?
                  Message Labs for example can change your IP quickly (when they can be bothered) because they just update their own internal entry as your public MX still stays the same (which is their servers). Does that make sense or have I got confused?

                  Please read this before you post:

                  Quis custodiet ipsos custodes?


                  • #10
                    Re: Exchange 2003 reverse lookup

                    The change doesn't need to "replicate" around the world. When your email server needs to find my MX it asks it's DNS server (which is not authorative for my domain) so it goes to the forwarders that you use and these in turn go to the root servers for the gTLD (.com, .org, etc.) (which are not authorative for my domain) which then go to my name servers (which are authorative for my domain) which then give the new MX data. The only delay that occurs is that any server that happens to have my MX record cached has to wait for the TTL to expire (usually 1 hour) before it will query again and get the new MX data. The record does not propagate or replicate anywhere as only my name servers are authorative and only they hold the record in my zone files. All other DNS servers only cache my MX record for the life of the TTL. Even the root servers don't hold any of my DNS records as they are not authorative for my DNS namespace.

                    If you're changing your SOA or NS records, then there could be significant delay as these records do have to be updated on the root servers, which could take some time as the root servers aren't updated that quickly. For all other DNS records the change should be almost instant, save for any TTL expiration.
                    Last edited by joeqwerty; 13th May 2008, 15:46.