Solved

Simplest Way to configure Internal DNS to resolve External hostname for mail host instead of Private IP

Posted on 2007-11-19
3
5,191 Views
Last Modified: 2012-08-13
Am looking for a solution or way to setup an internal DNS resolver so our private internal LAN clients can connect to MAILHOST over its resolved hostname.
We have DHCP running on WIN 2003 Server that has private IP. Secondary NIC is free and we have a spare global IP.Currently PAT and NAT is done on each public facing IP translating to private internal.
Currently we are connecting over its private internal address and port forwarding out to our public and this is fine for the majority but of course the laptops as soon as offsite  require their SMTP / POP details to be altered and again on arrival back at work.
Idea being mailhost.whoever.com resolves externally by our external DNS allowing smtp.whoever.com to be used and pop.whoever.com to be used in the clients.
And on the LAN side an internal DNS JUST for internal clients (to ensure that mailhost.whoever.com is accessible and smtp.whoever.com + pop.whoever.com are usuable in the LAN nodes email client config.
i believe this is called split horizon dns ? however we really only want the lookups done for our mail host  not every http lookup.

Ideally if our Router supported NAT loopback we would roll with that. but as murphys law dictates ..it doesnt. and so im trying to establish a bandwidth friendly alternative.

Any suggestions guys / girls ?



0
Comment
Question by:lynuss030
  • 2
3 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

Split Brain DNS, two Start of Authority (SoA) Servers for a single Domain. Split Horizon is used in Link State routing protocols to prohibit a route being advertised out on the interface it was learned, not quite the same thing :)

There are two different ways to achieve what you wish, the only difference really is the scope you wish to give DNS. Hopefully that will become clear in a moment.

1. Open the DNS Console
2. Expand Forward Lookup Zones
3. Create a New Forward Lookup Zone. Primary, AD Integrated.

4. This is the point where you get to decide the scope:

If you wish only to resolve mailhost.whoever.com to a private IP within your network, but nothing else within whoever.com:

Zone Name: mailhost.whoever.com (or hostname.whoever.com)

If you wish to take responsibility for all records beneath whoever.com:

Zone Name: whoever.com

5. Disabled Dynamic Updates for the Zone.
6. And add records appropriate to your Zone Name.

For a zone called mailhost.whoever.com:

Remove any Host (A) Records bound to "(same as parent folder)", add a new Host (A) Record with a Blank Name, point it at the Internal IP Address of the Server.

For whoever.com:

Add Host (A) Records, set the name to mailhost and the IP to the Internal Address of the Server.


Using this method we're treating mailhost.whoever.com as a domain in it's own right. As it's a Subdomain of whoever.com it won't have any impact on whoever.com except for the names which match the Subdomain (the rest will continue to resolve via the Public DNS). Basically we're providing an exception for a single entry beneath the whoever.com zone.

Setting the zone to whoever.com makes us responsible for everything beneath the zone, in that instance you would have to add every record you expect to resolve within the zone.

Hope that all makes sense! If anything is not clear please don't hesitate to ask for clarification.

Chris
0
 

Author Comment

by:lynuss030
Comment Utility
HI Chris, Thanks for fast response.
OK definitely just want the mail dns setup as our current public dns im unsure of, when i do a nslookup as it currently stands i get a non authorative answer back with the correct details Name followed by global IP.

The mailserver its self does a DNS lookup of its own name before it will allow mail in and out, we don't want it resolving to its internal DNS

the public records are held with everydns.net could you confirm i dont have to change anything there ?
This setup i would like purely to allow one setting for ALL ie mail.whoever.com internally on LAN clients

The mail.whoever.com externally on HOME clients can be handled (and works well) by the external DNS

Three questions if i could:

Will the win 2003 server need a global IP and its own NIC to communicate to the outside world on 53?Currently i have a global ip setup for it and its port (53) is forwarded from a global ip to its internal private ip 192.xx.x.x would this require more port(s) forwarding and  any referencing in our public DNS NS/A/MX files?

Will this allow the current clients to keep their current configuration Ie 192.XX.XX.XX
ie either email client configuration will roll .. smtp host = 192.xx.xx OR smtp host = mail.whoever.com

Do the network clients (we do not operate AD or OD here, just file serving over AFP its a mixed plat network) need to have the private IP of the DNS server listed in their Primary DNS panel of the Internet Protocol TCP/IP prefs.

Again thanks for your support on this ..

ben


0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
Comment Utility

Hi Ben,

Do you have a Name Server within your network which resolves Private Names and Addresses? If you had AD you would, which makes the methods above fairly safe (I assumed you did have AD, most do, after all :)).

If the only Internal Name Server is a Public one you can still make this change as long as Internal Clients refer to it. Externally it would still resolve correctly as your server is not Authoritative for the zones in question according to the Top Level Domain servers.

If you don't have a DNS Server on your LAN at all then you would either need to add one or achieve this another way.

> The mailserver its self does a DNS lookup of its own name before it
> will allow mail in and out, we don't want it resolving to its internal DNS

This may be problematic. But could be resolved by creating a different name to access the mail services on for clients, or by having the Mail Server use a different Name Server from the clients.

> the public records are held with everydns.net could you confirm
> i dont have to change anything there ?

Yep, I can confirm that. We're only looking at setting this so LAN Clients can resolve the host to a different IP from Public Clients.

> Will the win 2003 server need a global IP and its own NIC to
> communicate to the outside world on 53?

No. As far as I understood you only wanted to provide this service to LAN clients, so no one outside the LAN will need to care about it.

It will only need outbound access to continue resolving other internet names.

> Will this allow the current clients to keep their current configuration
> Ie 192.XX.XX.XX
> ie either email client configuration will roll .. smtp host = 192.xx.xx
> OR smtp host = mail.whoever.com

IP Based configuration will be completely unaffected by this change. Name based resolution will only be affected while on the LAN, and hopefully for the better.

If we were to make an internal name for mail.whoever.com then clients could happily resolve that to 192.x.x.x while on the LAN, but still correctly resolve it to the Public IP outside the LAN.

I hope that all makes sense.

Chris
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Know what services you can and cannot, should and should not combine on your server.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now