RE: Split DNS Questions...
- From: "David Haam" <DavidH@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>, "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 25 Apr 2005 11:47:11 -0700
For the error you're seeing, the issue is the REVERSE LOOKUP for the IP
addresses in question.
You can have both of your ISPs put in reverse lookup entries for the 2 IPs of
"mail.mapsnet.org" to address your problem.
The reverse lookup and the forward lookup are really completely de-coupled.
If you're going to be trying to do a DNS round-robin for the forward lookup of
"mail.mapsnet.org" to the 2 IP addresses, you only need one MX record and have
the 2 A records for the same name going to the 2 IP addresses. Alternately, you
can have the 2 IP's set up to different FQDNs and have each be an MX record.
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Mon 4/25/2005 11:16 AM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] RE: Split DNS Questions...
http://www.ISAserver.org
Well, I guess it's nothing that couldn't be found out by doing a DNS
lookup, so here is the info:
Domain Name: MAPSNET.ORG
ISP 1: 24.213.58.250
ISP 2: 207.75.63.2
MX Record: MAIL.MAPSNET.ORG
MAIL.MAPSNET.ORG resolves to 24.213.58.250
The problem arises when recipients of our outbound SMTP traffic uses the
207.75.63.2 route. When this happens, we get a reject message saying
something like this:
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.MAPSNET.ORG #5.7.1 smtp;501 5.7.1
<username@xxxxxxxxxxx>... Sender IP must resolve>
Or:
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.MAPSNET.ORG #5.7.1 smtp;554 5.7.1 The server sending your
mail [207.75.63.2] does not have a reverse DNS entry. Connection
Rejected. Please contact your Dial-Up/DSL/Network ISP Provider.
Default Reject!>
There is a route added into RainConnect to route all port 25 traffic via
the 24.213.58.250 route, but it didn't seem to make a difference. I
also added 207.75.63.2 as an additional A record for MAIL.MAPSNET.ORG,
but it didn't seem to help.
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, April 25, 2005 11:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split DNS Questions...
http://www.ISAserver.org
Major potential e-mail problems is one reason I am weary of using
RainConnect if that is what you are using.
I am very busy this week including waking up to a down server today, but
if
you continue to have problems please describe again your exact
configuration
including real domain names and IP addresses and I will review it. If
you
would rather, send me the information off list.
John T
eServices For You
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidh@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
