External Domain and internal DNS

while others will disagree, i would recommend setting both your internal and external domain names to the same thing (domain.com)  that way if your users want to get to your www site at home they will simply enter www.domain.com, and if they are in the office they will simply enter the same thing (www.domain.com).  But if you dont want to go that route you will just need to set up your PUBLIC domain.com dns server to point to the servers you want open to the public (these will point to the public IPS) and then on your domain.local dns server just set up basically a "mirror" for domain.local and domain.com.  For examply you will have a record for www.domain.com that points to 1.2.3.4 and you will also have a record that points www.domain.local to 1.2.3.4 where 1.2.3.4 is the private ip address of your www server.  As you can see, setting up domain.local and domain.com is messy, that is why i advise against it.

Hi,

Both the Internal and External domains will need a www entry if you want it to answer on www.domain.com.

Generally that's just a case of making a new Host (A / Address) record called www and give it an IP Address.

If your site is hosted internally then the Internal DNS should have the internal IP. And the External DNS should have the external IP.

E.g.

Internal DNS
www IN A 192.168.1.1

External DNS
www IN A 212.212.212.1

HTH

Chris

hehe and just to prove Mike's point (and for the sake of mild interest)...

I disagree and prefer .local naming for private networks, from my perspective this has less potential to cause trouble than giving it a public name. Although generally the trouble only appears when someone attempts to host public and private DNS (for the same domain name) on the same machine or some other crazy setup.

It sounds like you have domain.com setup as a Forward Lookup zone on your Internal DNS (which is what I assumed before and was referring to when making the www entry) as well which is absolutely fine and would wouldn't need any www entries in the .local zone.

true,,, but with a .local setup,, he has to have TWO seperate internal DNS zones (.local and .com), with a .com setup he would only have one.  you tell me which is more efficient?

The proper way to set up a domain (And microsoft suggested) is to use the .local  Efficiency and security can be two different things.  sharing internal and external namespaces with improperly managed records can cause routing loops and all kinds of problems...  As well as expose your entire internal namespace to the world....  Truthfully I use Unix and Bind for my AD DNS and outside DNS and use views accordingly.  Either way it is my professional opinion that a .local or .int be used for internal domains..


My 2cents

-D-

dimante,, routing loops have nothing to do with DNS.... also, your DNS namespace is no more exposed with a .com internal domain name than it is with a .local name. In either case you should have your router/firewall setup so nobody from the outside world can access your internal DNS server. The fact that it is .local or .com makes no difference what so ever as to how exposed your dns server is. if it is exposed it is exposed, period.

As always, either one will work and be secure if they are set up PROPERLY.  They both have their pros and cons. It is just a matter of preference.

I did not want to start a heated debate but if DNS resolves mydomain.com to a global ip that nats into an internal LAN and the internal client sends to the global instead of the local it can definately loop, and it will if it is not set up right.  I don't need a lesson in DNS, thanks.

-D-

dimante,, you speak the obvious,, NOTHING will work right if it is configured incorrectly. we could talk about millions of ways to set things up incorrectly here. The point is to give suggestions that will work, not that won't work.

in your scenario if the DNS was set up properly, the client should only be pointed to the internal DNS server, in which case it would never resolve any  public IPs for domain.com, since the internal dns server only has records for the private "domain.com".  Again, this assumes it is setup correctly.

in any case, misconfigured DNS will never create a routing loop. You route by IP address, not by DNS name at all.  I have yet to see a routing table that has DNS names in it.

Chris-Dent
Let see if i understand this:

I need to add two host (a) records on my domain.com, one for "www" and other for "mail" and both should be pointing to my domain.local DC IP, and my MX record points to my domain.com.
Do i need to add my domain.com hosted name servers on my domain.local name server list so my internal users will be able to resolve external www.domain.com or www.domain.com/exchange ?
or is that something totally out of context ?
am sorry, but i am new to this so bare with me.

Thanks