How many MX records are allowed?

[d0mufasa]

Hello all,

I have a sitution that I am trying to set up.

I have 2 email servers that run on Windows: one is for internal purposes, the other is external purposes.

The external one will receive e-mail from the outside world, clean it up and forward it to the internal one.

There are 2 Windows Vista machines and 2 Unix (OpenSuse Linux) machines.

Since there can be only 1 email server per domain, I thought I would:

-> set up a local domain with ALL of the machines in it
-> set up a DNS server for the local domain
-> set up a MX record in the DNS server for the email

For the external machine, just have a Dynamic IP point to the Windows machine holding the external email server.

Does this sound plausible? Does this make sense?

Is it easier to set up DNS in Linux or Windows?

TIA

[scathefire]

Basically you want one machine to be a mail router/cleanup and the other to actually house the emails. Sure completely doable.

I will make assumptions, like you have an external/public DNS and an internal DNS.

Internally - you would set your internal DNS server with an MX record pointing to your mail server. If you internal domain is named something different (and I highly recommend that you do), add a zone record for whatever.com containing an MX record. That way your DNS server does not ask the next hop for an answer as far as where to send your emails.

Externally - have your public/external DNS with a record pointing to your border mail server. If it were a postfix/sendmail server (since this is a linux forum afterall), your external mail server would have to be set up to redirect all the email for whatever.com to be delivered to your internal mail server. I'm sure there is something in windows that faciliates the same thing as the transport() function in postfix.

[d0mufasa]

Hello scathefire and thanks for responding

I saw that you responded to my other post as well. So, I will address all items here.

Basically, I had set up a DNS server on a Linux/OpenSuse machine.

Since the decision was made to put all mail servers in the Windows environment, the idea then was to go ahead and set up a DNS server on the Windows side. If you could point me to a good tutorial in that case, I would greatly appreciate it

At the same time, all of the other machines (windows and Unix) will need to point to the Windows machine that has the DNS on it. This DNS would hold information for the local domain.

If you could point me to a tutorial that shows how to do this for Opensuse/Linux, I would be most grateful for that as well

Another thing is that I have fixed the router so that certain IP addresses are assigned to certain machines (in other words, no dynamic IP addresses are to be used).

TIA

[scathefire]

setting up DNS itself is rather vanilla as far as linux goes, if you intend to use BIND. Here is one I can recommend Traditional DNS Howto | HowtoForge - Linux Howtos and Tutorials

Since you are using opensuse, if you don't feel comfortable in the terminal you can also use Yast to set it up. Never used it, but one should exist, all other services have a Yast module.

[d0mufasa]

Hello scathefire,

As of now, here is the way it stands:

nslookup FROM windows machine to UNIX machine : works
nslookup FROM windows machine to windows machine : works
nslookup FROM UNIX/Linux machine to Windows machine : works
nslookup FROM UNIX/Linux machine to UNIX/Linux machine :works

ping FROM windows machine to UNIX machine : works
ping FROM windows machine to windows machine : does not work
ping FROM UNIX/Linux machine to Windows machine : does not work
ping FROM UNIX/Linux machine to UNIX/Linux machine :works

So, anything that pings to the windows machine does not work even though the nslookup returns the correct IP for the DNS server and the correct IP address for the windows machine.

Would the use of BIND solve this problem?

TIA

[scathefire]

If names are being resolved to IP addresses, then 'no'. the next step is to see why pings are failing. Have you checked firewall settings, etc. Have you checked to ensure that those names resolve to the CORRECT ip address?

[d0mufasa]

If names are being resolved to IP addresses, then 'no'. the next step is to see why pings are failing. Have you checked firewall settings, etc. Have you checked to ensure that those names resolve to the CORRECT ip address?

The names do resolve to the correct IP addresses.

When doing a nslookup on all machines, it resolves to the correct domain name as well as the correct IP address.

There is no firewall between the Windows machine and the Linux machine.

Are there any commands/tools I can run to see what is going on? Something other than "ping" or "nslookup"?

The only other thing I have is a 2wire gateway - but - I made sure that the gateway was configured so that the IP addresses assigned to the machines are static and not changing.

TIA

[d0mufasa]

Hi scathefire,

I went over your post again. You were right, it was the firewall.

I remember having to turn off the firewall on the Linux side but I never considered it to be a problem here.

From the perspective of the internet, it only sees the 2wire router. It's the only way into my network. It's the only thing on the internet that has an actual IP address. As of now, ALL ports are closed. So, does this mean I am safe?

Thanks for the suggestion!

Cheers!

[scathefire]

I suppose you are as safe as one can be. ;D

I guess now if you're wanting to have internet services, you will need to have the 2wire setup to map various services (e.g. SMTP maps to LinuxServer1, DNS maps to WinServer1, etc). I would assume there is some kind of web interface like with most firewall/router combo boxes.

If you are feeling paranoid though, a host-based firewall isn't a bad option. Just have to add the appropriate rules in place.

[d0mufasa]

Yes, there is an interface with the 2Wire router.

What I did was enable port forwarding to the host holding the email server (i.e. opening the ports for SMTP, IMAP, POP3)

What I have is DynDNS pointing to 2Wire router. Again in the 2Wire router, I have enabled port forwarding so that the IMAP, SMTP and POP3 ports can be reached.

I am hoping that the DynDNS does not require some kind of MX record setup but we shall see...

Thanks again for all of the help