Public and Private A Records



We have a company with several sites, each site has an exchange server.
We do not operate a front end, back end Exchange solution as yet, although we will develop this in the future.

We have an intranet which is accessable from the outside and we publish links to our exchange servers at each site. for instance London, Norway, Houston etc.... These sites are connected via Site-Site VPNs

We have created public A records to resolve these exchange servers from the ( Outside )
A record - london -
A record - norway
A record - houston

These all resolve to Public IP's and work great.

The problem is that when on the "inside" a user travels to Norway from London and wants to use webmail from the Norway office the intranet links point out to the Public IP over the Internet, I thought that because we have a site-site VPN we should be using that link for all internal site to site communications. rather than pointing people out over the internet to get internal webmail!

So, I created an internal Microsoft DNS A records pointing to the internal IP of the exchange servers, I done this for all our sites.
A record - london -
A record - norway
A record - houston

So when a user uses the intranet to access webmail from inside the network it always goes over the VPN to resolve. And when accessing webmail from the outside using the same web published links then the site is resolved using the public DNS A records.

For information, I dont think a lot of users access webmail from the inside that much, it's only if people trave from site to site without there usual laptop etc...

Is this good practice?

Should I have internal and external A record with the same names but different IP's

Am I mixing up public and private A records by doing this?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Hi Mike,

As long as the Private and Public versions of the zones are on different servers (for MS DNS) then there's no problem doing that at all.

It's referred to as Split Brain DNS, where you have two different versions of the same Zone. It's use is very common in Microsoft environments these days and your solution is as good as it can be given the circumstances.

Of course, it does add a bit of an administrative overhead, but there's no problem having that as long as you remember it's there.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mf_readAuthor Commented:
That answers my question, thanks :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.