Simplest Way to configure Internal DNS to resolve External hostname for mail host instead of Private IP

Am looking for a solution or way to setup an internal DNS resolver so our private internal LAN clients can connect to MAILHOST over its resolved hostname.
We have DHCP running on WIN 2003 Server that has private IP. Secondary NIC is free and we have a spare global IP.Currently PAT and NAT is done on each public facing IP translating to private internal.
Currently we are connecting over its private internal address and port forwarding out to our public and this is fine for the majority but of course the laptops as soon as offsite  require their SMTP / POP details to be altered and again on arrival back at work.
Idea being resolves externally by our external DNS allowing to be used and to be used in the clients.
And on the LAN side an internal DNS JUST for internal clients (to ensure that is accessible and + are usuable in the LAN nodes email client config.
i believe this is called split horizon dns ? however we really only want the lookups done for our mail host  not every http lookup.

Ideally if our Router supported NAT loopback we would roll with that. but as murphys law dictates doesnt. and so im trying to establish a bandwidth friendly alternative.

Any suggestions guys / girls ?

Who is Participating?
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Split Brain DNS, two Start of Authority (SoA) Servers for a single Domain. Split Horizon is used in Link State routing protocols to prohibit a route being advertised out on the interface it was learned, not quite the same thing :)

There are two different ways to achieve what you wish, the only difference really is the scope you wish to give DNS. Hopefully that will become clear in a moment.

1. Open the DNS Console
2. Expand Forward Lookup Zones
3. Create a New Forward Lookup Zone. Primary, AD Integrated.

4. This is the point where you get to decide the scope:

If you wish only to resolve to a private IP within your network, but nothing else within

Zone Name: (or

If you wish to take responsibility for all records beneath

Zone Name:

5. Disabled Dynamic Updates for the Zone.
6. And add records appropriate to your Zone Name.

For a zone called

Remove any Host (A) Records bound to "(same as parent folder)", add a new Host (A) Record with a Blank Name, point it at the Internal IP Address of the Server.


Add Host (A) Records, set the name to mailhost and the IP to the Internal Address of the Server.

Using this method we're treating as a domain in it's own right. As it's a Subdomain of it won't have any impact on except for the names which match the Subdomain (the rest will continue to resolve via the Public DNS). Basically we're providing an exception for a single entry beneath the zone.

Setting the zone to makes us responsible for everything beneath the zone, in that instance you would have to add every record you expect to resolve within the zone.

Hope that all makes sense! If anything is not clear please don't hesitate to ask for clarification.

lynuss030Author Commented:
HI Chris, Thanks for fast response.
OK definitely just want the mail dns setup as our current public dns im unsure of, when i do a nslookup as it currently stands i get a non authorative answer back with the correct details Name followed by global IP.

The mailserver its self does a DNS lookup of its own name before it will allow mail in and out, we don't want it resolving to its internal DNS

the public records are held with could you confirm i dont have to change anything there ?
This setup i would like purely to allow one setting for ALL ie internally on LAN clients

The externally on HOME clients can be handled (and works well) by the external DNS

Three questions if i could:

Will the win 2003 server need a global IP and its own NIC to communicate to the outside world on 53?Currently i have a global ip setup for it and its port (53) is forwarded from a global ip to its internal private ip 192.xx.x.x would this require more port(s) forwarding and  any referencing in our public DNS NS/A/MX files?

Will this allow the current clients to keep their current configuration Ie 192.XX.XX.XX
ie either email client configuration will roll .. smtp host = 192.xx.xx OR smtp host =

Do the network clients (we do not operate AD or OD here, just file serving over AFP its a mixed plat network) need to have the private IP of the DNS server listed in their Primary DNS panel of the Internet Protocol TCP/IP prefs.

Again thanks for your support on this ..


Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Hi Ben,

Do you have a Name Server within your network which resolves Private Names and Addresses? If you had AD you would, which makes the methods above fairly safe (I assumed you did have AD, most do, after all :)).

If the only Internal Name Server is a Public one you can still make this change as long as Internal Clients refer to it. Externally it would still resolve correctly as your server is not Authoritative for the zones in question according to the Top Level Domain servers.

If you don't have a DNS Server on your LAN at all then you would either need to add one or achieve this another way.

> The mailserver its self does a DNS lookup of its own name before it
> will allow mail in and out, we don't want it resolving to its internal DNS

This may be problematic. But could be resolved by creating a different name to access the mail services on for clients, or by having the Mail Server use a different Name Server from the clients.

> the public records are held with could you confirm
> i dont have to change anything there ?

Yep, I can confirm that. We're only looking at setting this so LAN Clients can resolve the host to a different IP from Public Clients.

> Will the win 2003 server need a global IP and its own NIC to
> communicate to the outside world on 53?

No. As far as I understood you only wanted to provide this service to LAN clients, so no one outside the LAN will need to care about it.

It will only need outbound access to continue resolving other internet names.

> Will this allow the current clients to keep their current configuration
> Ie 192.XX.XX.XX
> ie either email client configuration will roll .. smtp host = 192.xx.xx
> OR smtp host =

IP Based configuration will be completely unaffected by this change. Name based resolution will only be affected while on the LAN, and hopefully for the better.

If we were to make an internal name for then clients could happily resolve that to 192.x.x.x while on the LAN, but still correctly resolve it to the Public IP outside the LAN.

I hope that all makes sense.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.