Well, I kinda figured this one out, but I'm still not sure how it's happening. The whole point of this was to move the external-facing SMTP connector from an exch 5.5 box to a new E2K3 box. Didn't want to change external DNS if I didn't have to. I changed the static NAT mapping in our PIX to point to the new server. I figured that maybe there was something with the PIX doing it, even though the config doesn't show it (and no, smtp fixup isn't on). Once I did that, the DNS entry changed immediately. I still don't know how, though. Something to wade through Cisco's site and research, I guess. In my spare time. <G> Your test, which was exactly what I was looking for, BTW, showed that the auth record is indeed an outside DNS server. So somehow, the PIX is natting the DNS entry? Strange. The connector works fine, and mail is flowing. We'll see where it goes for a while... Thanks, Deji.
********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Deji > Akomolafe > Sent: Friday, September 17, 2004 8:52 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DNS question > > nslookup <enter> > set q=ns <enter> > mail.essexcredit.com <enter> > > That will give you the nameserver's IP and name. From > outside, your nameserver is a.ns.interland.net. Do the same > from inside and you are on your way > > > Sincerely, > > Dèjì Akómöláfé, MCSE MCSA MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were > worried about Yesterday? -anon > > ________________________________ > > From: Charlie Kaiser > Sent: Fri 9/17/2004 5:06 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DNS question > > > OK; Friday afternoon, brain fade time... > I have my production internal domains. W2K3 AD, AD-integrated DNS. > External-facing DNS is hosted by ISP. If I dig or nslookup for > mail.essexcredit.com from an outside host, I get our proper public IP > address. If I do the same from inside, I get our private Nat'd IP > address. I seem to remember setting up an alias for it, but I need to > change it now and I can't for the life of me remember where it is. > Nslookup gives the correct address, but with > "non-authoritative answer". > Dig gives me: > C:\Dig>dig mail.essexcredit.com > > ; <<>> DiG 9.2.3 <<>> mail.essexcredit.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.essexcredit.com. IN A > > ;; ANSWER SECTION: > mail.essexcredit.com. 1273 IN A <inside IP address> > > ;; Query time: 40 msec > ;; SERVER: <inside DNS server address>#53(inside DNS server address) > ;; WHEN: Fri Sep 17 17:01:08 2004 > ;; MSG SIZE rcvd: 54 > > I don't have a domain zone for essexcredit.com, although I > think I might > have at one point when we were doing some testing. If it had been > removed, say, 5 months ago, would that record still be there? > How can I find the DNS server that is authoritative for this > record so I > can change it? > Thanks! > > ********************** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
