lynuss030
asked on
Simplest Way to configure Internal DNS to resolve External hostname for mail host instead of Private IP
Am looking for a solution or way to setup an internal DNS resolver so our private internal LAN clients can connect to MAILHOST over its resolved hostname.
We have DHCP running on WIN 2003 Server that has private IP. Secondary NIC is free and we have a spare global IP.Currently PAT and NAT is done on each public facing IP translating to private internal.
Currently we are connecting over its private internal address and port forwarding out to our public and this is fine for the majority but of course the laptops as soon as offsite require their SMTP / POP details to be altered and again on arrival back at work.
Idea being mailhost.whoever.com resolves externally by our external DNS allowing smtp.whoever.com to be used and pop.whoever.com to be used in the clients.
And on the LAN side an internal DNS JUST for internal clients (to ensure that mailhost.whoever.com is accessible and smtp.whoever.com + pop.whoever.com are usuable in the LAN nodes email client config.
i believe this is called split horizon dns ? however we really only want the lookups done for our mail host not every http lookup.
Ideally if our Router supported NAT loopback we would roll with that. but as murphys law dictates ..it doesnt. and so im trying to establish a bandwidth friendly alternative.
Any suggestions guys / girls ?
We have DHCP running on WIN 2003 Server that has private IP. Secondary NIC is free and we have a spare global IP.Currently PAT and NAT is done on each public facing IP translating to private internal.
Currently we are connecting over its private internal address and port forwarding out to our public and this is fine for the majority but of course the laptops as soon as offsite require their SMTP / POP details to be altered and again on arrival back at work.
Idea being mailhost.whoever.com resolves externally by our external DNS allowing smtp.whoever.com to be used and pop.whoever.com to be used in the clients.
And on the LAN side an internal DNS JUST for internal clients (to ensure that mailhost.whoever.com is accessible and smtp.whoever.com + pop.whoever.com are usuable in the LAN nodes email client config.
i believe this is called split horizon dns ? however we really only want the lookups done for our mail host not every http lookup.
Ideally if our Router supported NAT loopback we would roll with that. but as murphys law dictates ..it doesnt. and so im trying to establish a bandwidth friendly alternative.
Any suggestions guys / girls ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK definitely just want the mail dns setup as our current public dns im unsure of, when i do a nslookup as it currently stands i get a non authorative answer back with the correct details Name followed by global IP.
The mailserver its self does a DNS lookup of its own name before it will allow mail in and out, we don't want it resolving to its internal DNS
the public records are held with everydns.net could you confirm i dont have to change anything there ?
This setup i would like purely to allow one setting for ALL ie mail.whoever.com internally on LAN clients
The mail.whoever.com externally on HOME clients can be handled (and works well) by the external DNS
Three questions if i could:
Will the win 2003 server need a global IP and its own NIC to communicate to the outside world on 53?Currently i have a global ip setup for it and its port (53) is forwarded from a global ip to its internal private ip 192.xx.x.x would this require more port(s) forwarding and any referencing in our public DNS NS/A/MX files?
Will this allow the current clients to keep their current configuration Ie 192.XX.XX.XX
ie either email client configuration will roll .. smtp host = 192.xx.xx OR smtp host = mail.whoever.com
Do the network clients (we do not operate AD or OD here, just file serving over AFP its a mixed plat network) need to have the private IP of the DNS server listed in their Primary DNS panel of the Internet Protocol TCP/IP prefs.
Again thanks for your support on this ..
ben