Forum Discussion

WUM_113639's avatar
WUM_113639
Icon for Nimbostratus rankNimbostratus
Jan 27, 2014
Solved

MX record resolution for a public email proxy by GTM

I have to configure MX record configuration on GTM....I have searched the solution a lot but have not found it in askf5.com.

 

Having bought GTM, our customer wanted their service provider to stop hosting their DNS A records, now the Service Provider is asking them to, based on the SP's policy, even move their MX records.

 

So, the SP will send all the cusotmer.com requests to the GTM and GTM will have to do the resolution, the catch is that the GTM has to resolve these requests to a public microsoft MAIL.MESSAGING.MICROSOFT.COM server for email filtering and other scans.

 

I would appreciate, if you can help me out in this scenario.

 

Regards, WUM

 

  • You can configure an MX record within the appropriate zone in ZoneRunner and specify the target as the desired hostname of mail.messaging.microsoft.com.

     

13 Replies

  • You can configure an MX record within the appropriate zone in ZoneRunner and specify the target as the desired hostname of mail.messaging.microsoft.com.

     

  • Thanks Cory...

    What will be the zone type...

    Actually, I need a bit more detailed help, I will appreciate if you can help me with a little procedure...

    And, why do I see 127.0.0.1 in my named.conf file...

    named.conf

    restrict rndc access to local machines use the key in the default place: /config/rndc.key

    controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; };

    logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; };

    options { listen-on port 53 { 127.0.0.1; "zrd-acl-000-000"; }; listen-on-v6 port 53 { ::1; }; recursion no; directory "/config/namedb"; allow-transfer { localhost; }; check-names master warn;

    check-integrity yes;
    max-journal-size 1M;
    forwarders {
        172.31.171.11;
        172.31.201.11;
        172.31.201.12;
    };
    

    };

    acl "zrd-acl-000-000" { 127.10.0.0; };

    server 172.31.171.11 { }; server 172.31.201.11 { }; server 172.31.201.12 { };

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      You'll need to create a master zone for whatever your domain is, customer.com in your example. So within your customer.com master zone, you'll define an MX record. In the record configuration, your "Name" field will be "customer.com.". Your "Mail Server" field will be "mail.messaging.microsoft.com.". The TTL you set is up to you, but would recommend either 1800 or 3600. Preference value shouldn't matter. When your service provider defers resolution to your GTM for the customer.com zone, you'll now be configured to respond back to MX record queries for customer.com. Your original question mentions moving A records. Has this already been done, and if so, how are you providing authority for these records?
  • Yes, We have fully configured and tested the A records on the GTMs, and when we were about to have the DNS A records' hosting moved from the SP to the in-house GTM, the SP told us the story about their procedure for holding DNS A and MX record entries.

     

    I am going to follow your suggested procedure...and will let you know the outcome...

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Just curious, are you hosting the A records as wide IPs or are they configured within ZoneRunner? Or something else?
  •  

    Still, not able to grab the things...as the options are totally different in ver11.4...

     

    I have attached the screenshot...for the options that i am getting.

     

    And by the way, the configuration for A records (wide ips) is done without zone runners....

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      SOA TTL 1800, master server is whatever the public hostname of your GTM is. NS TTL 7200, and list your authoritative name servers here. If it's just this one GTM, then use its hostname.
  • We have two GTMs at two different locations...

     

    There is no public name of our GTM! we have only public IP...how to create a public name of our GTM !

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      I'm pretty sure you can put in an IP address instead of a hostname. So is the parent domain delegating A and MX records to your GTM by IP address?
  • yes...they are sending it to two public ips of our GTMs...

     

    I have created an mx record and it is successfully resolving the name to the microsoft messaging server.

     

    Since, i have two GTMs, can I create two zones (SOA records) for both HO GTM and DR GTM. So that if primary GTM is down the secondary GTM can also respond to the MX records requests...

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Is there a reason both of your GTMs can't be active at the same time, and just hand out answers based on whether you are running from your normal or DR location? This way they could be in a GTM sync group and share the same configuration.
  • They are synching the configuration ... and both of them are active as well...but with the single zone configuration inside the zonerunner...it is showing that GTM1 is the SOA Server...then if the GTM1 is down....will GTM2 still be able to resolve the MX record for internet clients?

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      As long as your service provider is configured to use both of your GTMs, queries to either one should work the same.