We help IT Professionals succeed at work.

DNS Forwarding - Internal and External Domain the same


My local domain (company1.local) for example has 2 DNS servers but we also have a parent company who we connect to via a branch office VPN on our firewall.  There is no trust between the domains so for DNS lookups on there network we just add them into our host zone of company1.local.

In the past I tried putting in a DNS forwarder for the head office DNS domain (headoffice.com) and while we could resolve hosts OK, we couldn't email them because there external domain for email was also the same as there internal DNS name so mail just bounced until I removed the forwarder.

How can I get around this?


Watch Question

You can create another xone in your domain with their domain name.  Unless their mail server does something else (file shares and such) you can create and a record with the external IP of their mail server.

What's missing from their internal domain DNS that they have on external DNS?
Do they have a host entry for their mail server with an address yours can connect to?
Do they have an MX record for their domain for their mail server?

Check with their IT and ask them to put the records in if they are not there.


What about for any external sites they have, such as remote access password reset pages, or external webmail?  Just create a host entry with the internal IP with them?

So I'd have

DNS Server 1
Forward Lookup Zones
List of dynamic dns entries
entry internal host
mail server entry external host



Frabble - There external domain is headoffice.com for example so when we email them it goes externally via SMTP to there mail server.

Never thought about asking them for an internal mail server IP address.  If I was to get that, how would I tell exchange to route mail to  that server instead of sending it externally via SMTP.  Yes they have an external MX record, do you mean an internal MX?

When I asked for the internal address of a host we need, say sharepoint.headoffice.com, thats where my problem comes in because there external address is also headoffice.com so struggle to figure out how to route what I want externally, rather than having it query internal dns forwarders.

You don't change the way mail is sent, you still use SMTP.
 I assume without any forwarding for their domain to their internal name servers that you forward queries to external name servers. Mail to their domain works, yes?, so there must be an MX record for that domain, with a host name that resolves to an address that your mail server can connect to.
You can use nslookup to get these:

set q=mx

should return mail exchange host entries and their IP address.

Point to their internal name server or servers IP address and query for their domain again:

server x.x.x.x

For you to sent e-mail to them the response should be the same.
Network Engineer
Headoffice.com should add a valid MX record to their internal DNS. That record can be a public or private IP - whatever is appropriate for their email environment.  Then your server would be able to route email according to the normal DNS rules.  


Didn't directly answer the question, probably me asking it wrong so leaving it for now.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.