Why can't I do a lookup on an internal workstation?
My company primarily runs NT4 servers. We recently put a new Win2k DNS server in place on the internal network. We will add another DNS Unix box into the demilitarized zone (DMZ), as well as move our SMTP gateway into our DMZ. We were planning on having the Win2k DNS forward unknown queries to the DMZ DNS, and then out to the ISP.
We provisioned another MX record in our ISP's DNS for that new SMTP gateway, and it appears to have propagated from the Internet side (Dig finds it from a Web site). However, if I try to do a lookup on it from an internal workstation, it doesn't resolve. Using the syntax, it resolves www.yahoo.com just fine. If I add a host record on the Win2k DNS, it works fine, but since it's external, I don't think that's optimal. I'm not sure how to setup the primary/secondary or how to fix the resolution problem. What's going on here?
It sounds like your ISP thinks it's authoritative for your domain, and your internal DNS server also thinks that it is authoritative. If your internal server thinks it's authoritative for the domain containing the MX record you're querying, it's not going to forward the request to your ISP's DNS server. If it doesn't know how to answer the request, it will just respond that the record doesn't exist.
I would tell the ISP to be secondary to your primary DNS server. Configure the MX record on your own server.
This was first published in July 2003