We have a company with several sites, each site has an exchange server.
We do not operate a front end, back end Exchange solution as yet, although we will develop this in the future.
We have an intranet which is accessable from the outside and we publish links to our exchange servers at each site. for instance London, Norway, Houston etc.... These sites are connected via Site-Site VPNs
We have created public A records to resolve these exchange servers from the ( Outside )
A record - london - 194.xxx.xxx.xxx
A record - norway -194.xxx.xxx.xxx
A record - houston -194.xxx.xxx.xxx
These all resolve to Public IP's and work great.
The problem is that when on the "inside" a user travels to Norway from London and wants to use webmail from the Norway office the intranet links point out to the Public IP over the Internet, I thought that because we have a site-site VPN we should be using that link for all internal site to site communications. rather than pointing people out over the internet to get internal webmail!
So, I created an internal Microsoft DNS A records pointing to the internal IP of the exchange servers, I done this for all our sites.
A record - london - 172.16.xxx.xxx
A record - norway -172.16.xxx.xxx
A record - houston -172.16.xxx.xxx
So when a user uses the intranet to access webmail from inside the network it always goes over the VPN to resolve. And when accessing webmail from the outside using the same web published links then the site is resolved using the public DNS A records.
For information, I dont think a lot of users access webmail from the inside that much, it's only if people trave from site to site without there usual laptop etc...
Is this good practice?
Should I have internal and external A record with the same names but different IP's
Am I mixing up public and private A records by doing this?