I have to configure MX record configuration on GTM....I have searched the solution a lot but have not found it in askf5.com. Having bought GTM, our customer wanted their service provider to stop hosting their DNS A records, now the Service Provider is asking them to, based on the SP's policy, even move their MX records. So, the SP will send all the cusotmer.com requests to the GTM and GTM will have to do the resolution, the catch is that the GTM has to resolve these requests to a public microsoft MAIL.MESSAGING.MICROSOFT.COM server for email filtering and other scans. I would appreciate, if you can help me out in this scenario. Regards, WUM

You can configure an MX record within the appropriate zone in ZoneRunner and specify the target as the desired hostname of mail.messaging.microsoft.com.

Thanks Cory... What will be the zone type... Actually, I need a bit more detailed help, I will appreciate if you can help me with a little procedure... And, why do I see 127.0.0.1 in my named.conf file... named.conf restrict rndc access to local machines use the key in the default place: /config/rndc.key controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; }; logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; }; options { listen-on port 53 { 127.0.0.1; "zrd-acl-000-000"; }; listen-on-v6 port 53 { ::1; }; recursion no; directory "/config/namedb"; allow-transfer { localhost; }; check-names master warn; check-integrity yes; max-journal-size 1M; forwarders { 172.31.171.11; 172.31.201.11; 172.31.201.12; }; }; acl "zrd-acl-000-000" { 127.10.0.0; }; server 172.31.171.11 { }; server 172.31.201.11 { }; server 172.31.201.12 { };

You'll need to create a master zone for whatever your domain is, customer.com in your example. So within your customer.com master zone, you'll define an MX record. In the record configuration, your "Name" field will be "customer.com.". Your "Mail Server" field will be "mail.messaging.microsoft.com.". The TTL you set is up to you, but would recommend either 1800 or 3600. Preference value shouldn't matter. When your service provider defers resolution to your GTM for the customer.com zone, you'll now be configured to respond back to MX record queries for customer.com. Your original question mentions moving A records. Has this already been done, and if so, how are you providing authority for these records?

Yes, We have fully configured and tested the A records on the GTMs, and when we were about to have the DNS A records' hosting moved from the SP to the in-house GTM, the SP told us the story about their procedure for holding DNS A and MX record entries. I am going to follow your suggested procedure...and will let you know the outcome...

Just curious, are you hosting the A records as wide IPs or are they configured within ZoneRunner? Or something else?

Still, not able to grab the things...as the options are totally different in ver11.4... I have attached the screenshot...for the options that i am getting. And by the way, the configuration for A records (wide ips) is done without zone runners....

MX record resolution for a public email proxy by GTM

13 Replies

Cory_50405
Noctilucent
Jan 27, 2014
You can configure an MX record within the appropriate zone in ZoneRunner and specify the target as the desired hostname of mail.messaging.microsoft.com.
WUM_113639
Nimbostratus
Jan 27, 2014
Thanks Cory...

What will be the zone type...

Actually, I need a bit more detailed help, I will appreciate if you can help me with a little procedure...

And, why do I see 127.0.0.1 in my named.conf file...

named.conf
restrict rndc access to local machines use the key in the default place: /config/rndc.key
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; };

logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; };

options { listen-on port 53 { 127.0.0.1; "zrd-acl-000-000"; }; listen-on-v6 port 53 { ::1; }; recursion no; directory "/config/namedb"; allow-transfer { localhost; }; check-names master warn;

check-integrity yes; max-journal-size 1M; forwarders { 172.31.171.11; 172.31.201.11; 172.31.201.12; };

};

acl "zrd-acl-000-000" { 127.10.0.0; };

server 172.31.171.11 { }; server 172.31.201.11 { }; server 172.31.201.12 { };
- Cory_50405
  Noctilucent
  Jan 27, 2014
  You'll need to create a master zone for whatever your domain is, customer.com in your example. So within your customer.com master zone, you'll define an MX record. In the record configuration, your "Name" field will be "customer.com.". Your "Mail Server" field will be "mail.messaging.microsoft.com.". The TTL you set is up to you, but would recommend either 1800 or 3600. Preference value shouldn't matter. When your service provider defers resolution to your GTM for the customer.com zone, you'll now be configured to respond back to MX record queries for customer.com. Your original question mentions moving A records. Has this already been done, and if so, how are you providing authority for these records?
WUM_113639
Nimbostratus
Jan 27, 2014
Yes, We have fully configured and tested the A records on the GTMs, and when we were about to have the DNS A records' hosting moved from the SP to the in-house GTM, the SP told us the story about their procedure for holding DNS A and MX record entries.

I am going to follow your suggested procedure...and will let you know the outcome...
- Cory_50405
  Noctilucent
  Jan 27, 2014
  Just curious, are you hosting the A records as wide IPs or are they configured within ZoneRunner? Or something else?
WUM_113639
Nimbostratus
Jan 27, 2014

Still, not able to grab the things...as the options are totally different in ver11.4...

I have attached the screenshot...for the options that i am getting.

And by the way, the configuration for A records (wide ips) is done without zone runners....
- Cory_50405
  Noctilucent
  Jan 27, 2014
  SOA TTL 1800, master server is whatever the public hostname of your GTM is. NS TTL 7200, and list your authoritative name servers here. If it's just this one GTM, then use its hostname.
WUM_113639
Nimbostratus
Jan 27, 2014
We have two GTMs at two different locations...

There is no public name of our GTM! we have only public IP...how to create a public name of our GTM !
- Cory_50405
  Noctilucent
  Jan 27, 2014
  I'm pretty sure you can put in an IP address instead of a hostname. So is the parent domain delegating A and MX records to your GTM by IP address?
WUM_113639
Nimbostratus
Jan 29, 2014
yes...they are sending it to two public ips of our GTMs...

I have created an mx record and it is successfully resolving the name to the microsoft messaging server.

Since, i have two GTMs, can I create two zones (SOA records) for both HO GTM and DR GTM. So that if primary GTM is down the secondary GTM can also respond to the MX records requests...
- Cory_50405
  Noctilucent
  Jan 29, 2014
  Is there a reason both of your GTMs can't be active at the same time, and just hand out answers based on whether you are running from your normal or DR location? This way they could be in a GTM sync group and share the same configuration.
WUM_113639
Nimbostratus
Jan 29, 2014
They are synching the configuration ... and both of them are active as well...but with the single zone configuration inside the zonerunner...it is showing that GTM1 is the SOA Server...then if the GTM1 is down....will GTM2 still be able to resolve the MX record for internet clients?
- Cory_50405
  Noctilucent
  Jan 29, 2014
  As long as your service provider is configured to use both of your GTMs, queries to either one should work the same.

Forum Discussion

MX record resolution for a public email proxy by GTM

13 Replies

Recent Discussions

Learn & Recover stolen or lost cryptocurrency with Mighty Hacker Yuri

Pulse secure Ssl vpn

F5 - insert http header on redirect and carry it over to the redirected site?

Cookie insert via http:redirect - can it be configured "secure"?

Dynamic url redirection feasibility

Related Content

F5 GTM resolution issue

Enriching AFM with public domain Threat Intelligence

SSLO in public cloud: Azure inbound L3 use case

DNS over HTTPS Resolution

DNS Resolution with the RESOLVER::name_lookup Command