Solved

Internal/External DNS

Posted on 2004-09-08
22
443 Views
Last Modified: 2010-06-30
I have a question about configuring DNS services on a Win2K server to allow the use of internal and external DNS resolution.  The goal is this:  Allow employee's access to exchange 2003 OWA using the same URL of webmail.company.info.
The problem:  When employee's try to access webmail.company.info from the LAN it does not resolve.  They must use http://server/exchange to access the OWA.  However, from the outside (public internet) our external (hosted) DNS servers resolve webmail.company.info properly.  Is there a way I can have users on the LAN resolve to webmail.company.info?

I'm fairly new to configuring DNS services and have a host of other questions and issues such as AD replication issues that I will address under separate cover.
0
Comment
Question by:danielbourdeau
  • 9
  • 6
  • 4
  • +1
22 Comments
 
LVL 76

Expert Comment

by:David Lee
ID: 12008406
All you should need to do is create a new host record on your internal DNS server.  The host record points the url webmail.company.info to the IP address of the OWA server.
0
 

Author Comment

by:danielbourdeau
ID: 12008574
Thank  you for the prompt reply.  I understand creating a host record on the internal DNS server to point to the IP of the webserver.  However, the web server name is not webmail.  On the externally hosted DNS I'm doing a URL stealth redirect.  How can I accomplish that internally?  the server name is really STMATT.  Would I create an alias of Webmail and point it to the STMATT IP address?  If so, that gets me to the root of the web server not to the Exchange virtual directory.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12008616
You are using "SPLIT DNS", this mean that the external domain name is the same as the internal domain name. Inside = microsoft.com Outside = microsoft.com. That means that everything done on the Outside DNS, must be done on the Inside DNS. Is this a correct statement?

J
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12009006
Sorry, I'm not that deep into DNS and I don't know what a "stealth redirect" is.  How about this?

Canonical Name (CNAME) or Alias records
A Canonical Name (CNAME) or Alias record allows a DNS server to have multiple names for a single host. For example, an Alias record can have several records that point to a single sever in your environment. This is a common approach if you have both your Web server and your mail server running on the same machine.

To create a DNS Alias:

Select DNS from the Administrative Tools folder to open the DNS console.
Expand the Forward Lookup Zone and highlight the folder representing your domain.
From the Action menu, select New Alias.
Enter your Alias Name (Figure K).
Enter the fully qualified domain name (FQDN).
Click OK.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12009036
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12009478
a stealth redirect, means that the DNS Accepts the name and really redirects the browser some where else. So if the user types in www.microsoft.com, the DNS really points that to www.microsoft.com/exchange and the user and browser doesn't know. It is usually used by ISP's to point many domain name at a single server.

ex
www.myfriends.com --> www.myserver.com/friends
www.myparents.com--> www.myserver.com/parents


J
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12009506
BlueDevilFan was correct in the very first response,,,, DNS is pretty easy, but people often needlessly complicate it... on your internal dns server you need to point webmail.company.info to the IP address of your webmail server. It doesnt matter that the hostname isn't webmail,,, you just made it accessable via webmail.company.info when you made the DNS record (from inside your lan),, it is 100% irrelivant what the actual host name is.  Example.... you could have made a dns record pointing whocares.company.info to the ip address of the web mail server and then whoever typed in whocares.company.info from inside your lan would get to your web mail.  
0
 

Author Comment

by:danielbourdeau
ID: 12009518
jdeclue is exactly right in the description of what we're doing.  We have a split DNS.  So my question really comes down to, how do I do a stealth redirect of webmail.company.info to http://server/exchange?  Or, how do I used the external DNS to resolve and do the stealth redirect for me?  Externally works great using webmail.company.info while internally I have to use http://server/exchange.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12009572
is your webmail server internal or external?





0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12009583
You cannot do that with Microsft DNS, you can do a redirect page on the IIS server, to automatically move them to the Exchange/Index.html when they connect, though. THat is probably the safest thing to do.

J
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12009632
jdeclue is right on that
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 9

Expert Comment

by:jdeclue
ID: 12009655
More to the point, you will need to use the Internal DNS, so Stealth DNS is not an option. Additionally, you should not change the IIS configuration on the OWA server to use Host Headers (this accomplishes stealth), that can mess up OWA. So, that leaves changing the defualt page to redirect them to the Exchange Server.

J
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12009664
Thanks Mike!

Daniel: Let me know if you want the HTML to do the page with.

J
0
 

Author Comment

by:danielbourdeau
ID: 12009978
That would be excellent - I'd love the help with the HTML.  So, if I'm clear, I need to setup on the INTERNAL DNS server a host record called webmail that points to the IP of the Exchange server.  Then, using the HTML redirect you'll provide me I can setup a virtual website called webmail.company.info with the appropriate host header.  The 'home page' for the internal webmail.company.info will be the redirect page that will bump my clients internally to http://server/exchange.  Yes?

Let me just say now what a great forum this is.  I've enjoyed this, my first post, greatly as it's taught me a great many things.  Thank you to everyone who's taken the time to reply!  Thank you.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 100 total points
ID: 12010022
the html is pretty simple:


<html>
<head>
<meta http-equiv="refresh" content="0; URL=http://mail.yourdomain.info/exchange">
<head>
</html>
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12010053
hold on a minute,, host headers are for something different alltogether,,,, host headers are for hosting mulitple domain names from one IP address,,, ie

www.domain.com on 172.25.90.1
www.otherdomain.com also points to 172.25.90.1

since both requests come into 172.25.90.1  a host header is used to tell IIS which web site the user is actually trying to access.
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 150 total points
ID: 12010081
Kind of... You create a CNAME (Alias) record call webmail which points to the computername of the real server. Then you rename the file "default.htm" in the c:\Inetpub\wwwroot folder to something else and paste the following into a text file and name it default.htm, then copy it into the wwwroot folder. You may need to change the server name in the URL statement if it is incorrect.

----------------HTML BELOW-----------------

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      <meta http-equiv="REFRESH" content="0; URL=http://webmail.company.info/exchange">
      <title>HTML REDIRECT</title>
</head>
<body>
</body>
</html>



0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12010095
MIssed your post mike.

J
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12010109
no problem,, he who snoozes often looses.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12010175
What, is this a competition, speedo? :)
0
 

Author Comment

by:danielbourdeau
ID: 12015477
Thank you especially to jdeclue and mikeleebrla for your help.  typing webmail.stmatthew.info internally now works thanks to both of you!  Thank you guys so much for taking the time to both help technically and to teach.  You guys rock!
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12016042
Anytime Daniel, thanks for the kudos! Much appreciated, and thanks for the help Mike.

J
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now