Solved

Simplest Way to configure Internal DNS to resolve External hostname for mail host instead of Private IP

Posted on 2007-11-19
3
5,209 Views
Last Modified: 2012-08-13
Am looking for a solution or way to setup an internal DNS resolver so our private internal LAN clients can connect to MAILHOST over its resolved hostname.
We have DHCP running on WIN 2003 Server that has private IP. Secondary NIC is free and we have a spare global IP.Currently PAT and NAT is done on each public facing IP translating to private internal.
Currently we are connecting over its private internal address and port forwarding out to our public and this is fine for the majority but of course the laptops as soon as offsite  require their SMTP / POP details to be altered and again on arrival back at work.
Idea being mailhost.whoever.com resolves externally by our external DNS allowing smtp.whoever.com to be used and pop.whoever.com to be used in the clients.
And on the LAN side an internal DNS JUST for internal clients (to ensure that mailhost.whoever.com is accessible and smtp.whoever.com + pop.whoever.com are usuable in the LAN nodes email client config.
i believe this is called split horizon dns ? however we really only want the lookups done for our mail host  not every http lookup.

Ideally if our Router supported NAT loopback we would roll with that. but as murphys law dictates ..it doesnt. and so im trying to establish a bandwidth friendly alternative.

Any suggestions guys / girls ?



0
Comment
Question by:lynuss030
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 20318307

Split Brain DNS, two Start of Authority (SoA) Servers for a single Domain. Split Horizon is used in Link State routing protocols to prohibit a route being advertised out on the interface it was learned, not quite the same thing :)

There are two different ways to achieve what you wish, the only difference really is the scope you wish to give DNS. Hopefully that will become clear in a moment.

1. Open the DNS Console
2. Expand Forward Lookup Zones
3. Create a New Forward Lookup Zone. Primary, AD Integrated.

4. This is the point where you get to decide the scope:

If you wish only to resolve mailhost.whoever.com to a private IP within your network, but nothing else within whoever.com:

Zone Name: mailhost.whoever.com (or hostname.whoever.com)

If you wish to take responsibility for all records beneath whoever.com:

Zone Name: whoever.com

5. Disabled Dynamic Updates for the Zone.
6. And add records appropriate to your Zone Name.

For a zone called mailhost.whoever.com:

Remove any Host (A) Records bound to "(same as parent folder)", add a new Host (A) Record with a Blank Name, point it at the Internal IP Address of the Server.

For whoever.com:

Add Host (A) Records, set the name to mailhost and the IP to the Internal Address of the Server.


Using this method we're treating mailhost.whoever.com as a domain in it's own right. As it's a Subdomain of whoever.com it won't have any impact on whoever.com except for the names which match the Subdomain (the rest will continue to resolve via the Public DNS). Basically we're providing an exception for a single entry beneath the whoever.com zone.

Setting the zone to whoever.com makes us responsible for everything beneath the zone, in that instance you would have to add every record you expect to resolve within the zone.

Hope that all makes sense! If anything is not clear please don't hesitate to ask for clarification.

Chris
0
 

Author Comment

by:lynuss030
ID: 20325388
HI Chris, Thanks for fast response.
OK definitely just want the mail dns setup as our current public dns im unsure of, when i do a nslookup as it currently stands i get a non authorative answer back with the correct details Name followed by global IP.

The mailserver its self does a DNS lookup of its own name before it will allow mail in and out, we don't want it resolving to its internal DNS

the public records are held with everydns.net could you confirm i dont have to change anything there ?
This setup i would like purely to allow one setting for ALL ie mail.whoever.com internally on LAN clients

The mail.whoever.com externally on HOME clients can be handled (and works well) by the external DNS

Three questions if i could:

Will the win 2003 server need a global IP and its own NIC to communicate to the outside world on 53?Currently i have a global ip setup for it and its port (53) is forwarded from a global ip to its internal private ip 192.xx.x.x would this require more port(s) forwarding and  any referencing in our public DNS NS/A/MX files?

Will this allow the current clients to keep their current configuration Ie 192.XX.XX.XX
ie either email client configuration will roll .. smtp host = 192.xx.xx OR smtp host = mail.whoever.com

Do the network clients (we do not operate AD or OD here, just file serving over AFP its a mixed plat network) need to have the private IP of the DNS server listed in their Primary DNS panel of the Internet Protocol TCP/IP prefs.

Again thanks for your support on this ..

ben


0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 20326873

Hi Ben,

Do you have a Name Server within your network which resolves Private Names and Addresses? If you had AD you would, which makes the methods above fairly safe (I assumed you did have AD, most do, after all :)).

If the only Internal Name Server is a Public one you can still make this change as long as Internal Clients refer to it. Externally it would still resolve correctly as your server is not Authoritative for the zones in question according to the Top Level Domain servers.

If you don't have a DNS Server on your LAN at all then you would either need to add one or achieve this another way.

> The mailserver its self does a DNS lookup of its own name before it
> will allow mail in and out, we don't want it resolving to its internal DNS

This may be problematic. But could be resolved by creating a different name to access the mail services on for clients, or by having the Mail Server use a different Name Server from the clients.

> the public records are held with everydns.net could you confirm
> i dont have to change anything there ?

Yep, I can confirm that. We're only looking at setting this so LAN Clients can resolve the host to a different IP from Public Clients.

> Will the win 2003 server need a global IP and its own NIC to
> communicate to the outside world on 53?

No. As far as I understood you only wanted to provide this service to LAN clients, so no one outside the LAN will need to care about it.

It will only need outbound access to continue resolving other internet names.

> Will this allow the current clients to keep their current configuration
> Ie 192.XX.XX.XX
> ie either email client configuration will roll .. smtp host = 192.xx.xx
> OR smtp host = mail.whoever.com

IP Based configuration will be completely unaffected by this change. Name based resolution will only be affected while on the LAN, and hopefully for the better.

If we were to make an internal name for mail.whoever.com then clients could happily resolve that to 192.x.x.x while on the LAN, but still correctly resolve it to the Public IP outside the LAN.

I hope that all makes sense.

Chris
0

Featured Post

Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Resolve DNS query failed errors for Exchange
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question