Tuesday, November 3, 2009

Adding an RDNS record for a SBS 2008 environment

My Situation:
I was reading about the various kinds of DNS records needed for email to flow properly in an SBS 2008 environment and decided to create a simple RDNS record for mail server. My confusion came when I wasn't sure if the RDNS record should contain the name of the server as seen on the local network or as seen from  public DNS.

The Solution:
When creating an RDNS record, the hostname should match both the external A record for the IP where email exits your network as well as the FQDN that your MTA presents to SMTP servers. Most SBS 2008 admins will use remote for the external hostname A record and thus the RDNS record that they create should resolve to that same IP address. The FQDN in the internet send connector should be "remote.yourdomain.TLD"

The Long Story:
When creating a RDNS record, you need to supply the name of the server that is seen in Exchange 2007's send connector. However, when you use the Exchange Management Shell cmdlet "get-sendconnector | select name" you get a different name than if you look at the "specify the FQDN this connector will provide in response to HELO or EHLO" (that can be found by going to the Exchange Management Console >> Organization Configuration >> Hub Transport >> Send Connectors Tab >> right click the Windows SBS Internet Send [server name] connector and select properties >> General Tab)

The cmdlet returns the local DNS name of the Exchange server but the Send Connector properties box shows the external DNS name of the server; remote.compayname.com.

Questions started to arise in my head when I arealied that I've seen email headers stamped with the local DNS names of the email server and not the public DNS names. I wondered if I needed to create an RDNS record using the internal name of the server which would require me to create an A record in the public DNS zone named with the same name or if I shuold just create the RDNS record to point to the already existing "remote" A record.

After some research (the specific documents that I found were not recorded so I can't give links here; I'm a bad, bad researcher =( ), I discovered that the proper configuration does not include the name of the server on your local network in any way.

No comments:

Post a Comment