[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Public and Private A Records



We have a company with several sites, each site has an exchange server.
We do not operate a front end, back end Exchange solution as yet, although we will develop this in the future.

We have an intranet which is accessable from the outside and we publish links to our exchange servers at each site. for instance London, Norway, Houston etc.... These sites are connected via Site-Site VPNs

We have created public A records to resolve these exchange servers from the ( Outside )
A record - london - 194.xxx.xxx.xxx
A record - norway -194.xxx.xxx.xxx
A record - houston -194.xxx.xxx.xxx

These all resolve to Public IP's and work great.

The problem is that when on the "inside" a user travels to Norway from London and wants to use webmail from the Norway office the intranet links point out to the Public IP over the Internet, I thought that because we have a site-site VPN we should be using that link for all internal site to site communications. rather than pointing people out over the internet to get internal webmail!

So, I created an internal Microsoft DNS A records pointing to the internal IP of the exchange servers, I done this for all our sites.
A record - london - 172.16.xxx.xxx
A record - norway -172.16.xxx.xxx
A record - houston -172.16.xxx.xxx

So when a user uses the intranet to access webmail from inside the network it always goes over the VPN to resolve. And when accessing webmail from the outside using the same web published links then the site is resolved using the public DNS A records.

For information, I dont think a lot of users access webmail from the inside that much, it's only if people trave from site to site without there usual laptop etc...

Is this good practice?

Should I have internal and external A record with the same names but different IP's

Am I mixing up public and private A records by doing this?


1 Solution
Chris DentPowerShell DeveloperCommented:

Hi Mike,

As long as the Private and Public versions of the zones are on different servers (for MS DNS) then there's no problem doing that at all.

It's referred to as Split Brain DNS, where you have two different versions of the same Zone. It's use is very common in Microsoft environments these days and your solution is as good as it can be given the circumstances.

Of course, it does add a bit of an administrative overhead, but there's no problem having that as long as you remember it's there.


mf_readAuthor Commented:
That answers my question, thanks :)

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now