I have what might be a simple problem but i'm not sure. We have two AD domains in separate forests. Both have separate Exchange 2013 deployments.
One is for a company we are taking over and I eventually need to set up a one way Trust from their domain to mine, both AD 2012. A prerequisite for setting up a trust is that you set up DNS conditional forwarders on both sides for each others domains.
At their domain, they only use AD DNS. On our domain we use SPLIT DNS. That is, we have an external provider that announces authoritative DNS for use publicly so that for our externally facing websites and services, they get a lookup or a routable IP that hits our Firewall and is translated to a NAT IP internally.
For internal DNS though, we make similar records, but not to the routable IP but rather the internal unroutable IP, like 192.168.*.*
So for mail routing on the internet, we use external DNS MX record that routes to our virus/spam firewall external IP. This other company sends us mail and gets it to us just like any other external entity.
We set up a site to site VPN so we can route to each others unroutable space. Ours is 192.168.25.* theirs is 10.0.0.*
When I set up the conditional forwarder for our domain, that forces their DNS queries to go directly to our AD DNS server at the 192.168.25.2 address and not the external DNS provider. This setup worked, and I could ping internal non-externally advertised internal host names after I set it up.
However, email flow broke. They started getting the following bounce message.
Delivery is delayed to these recipients or groups:
Generating server: EMAIL2.NTDOMAIN.local
Receiving server: mydomain.com (192.168.25.2)<o:p></o:p>
Remote Server at mydomain.com (192.168.25.2) returned '400 4.4.7 Message delayed'
2/12/2016 2:54:49 AM - Remote Server at mydomain.com (192.168.25.2) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10061, Win32 error code: 10061." Attempted failover
to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.25.2:25'<o:p></o:p>
So basically delivery is attempted to my domain controller and not my exchange server. I assume that when I set up the forwarder it would use my MX records in my domain. I checked and I do have several MX records, some for Sharepoint servers, but the one with the lowest priority (10) was my Exchange 2013 MB server. So i'm not sure why mail delivery was attempted to my domain controller.
Any help is greatly appreciated.