Link to home
Start Free TrialLog in
Avatar of pahurdle

asked on

Local DNS Issue

I host my own email using Windows 2003 SBS. I have the system setup so iphone users can access their email from any external wifi site or when on cell. They cannot access the email via the exchange client on the iphone when connected to the internal wifi. I know this is becuase the internal DNS does not recognize the external domain. How do I tell the DNS on the WIndows 2003 SBS to recognize the external domain name and point it to the correct server.
Avatar of Mustafa L. McLinn
Mustafa L. McLinn
Flag of United States of America image

You have to route with whomever is serving the IP address for your LAN, is your Wifi Device sub-netting or is it in the same ip segment.
You can create a dns zone of your external domain "" in your local domain, but then you will have to maintain this zone.

You could also set a second or a third dns to an external dns server ( for example), but you will certainly have to check your firewall.

Avatar of pahurdle


It is the same ip segment. I am not sure how to add the zone to the external domain and whatmaintain it means.
local zone "" will have local addresse
so you will have to maintain one local dns with local adresses and one external dns with public addresses for the same external domain
The instructions are very vague and confusing. Is there anyone who can give me more detailed instructions. Thanks.
See Picture of my AD dns to clarify.

you see a copy domain "" with public ip translated to local ip adresses
Somewhat helpfull but in a language I don't read. Do you happen to have it in English?
Yes it is french ;) sorry no I can provide an english screencopy

it is only a description of a "" AD dns zone (local dns and local ip)

I have also a public dns hosted by my internet provider and the "" zone is set with the same name but instead of internal ip it is set with public ip.

AD dns for the management of local ip (when iphone are in th office)

Internet Provider dns for public ip (when you are outside of the office)
First question, is your internal and external domains sharing the same name?
If no, then check if you need to setup forwarders correctly to resolve DNS zones that don't exist locally. It should be set to the DNS servers of your Internet Service Provider.

If the internal and external DNS zones are named the same, i.e.
Then you will need to setup a split DNS zone.

This means you will have a DNS zone called on both internal and external DNS servers.

Internal DNS zone then has records pointing to only to internal IP's, while the external DNS will have the external records.

See links for more information on split DNS
my internal domain is
I access my email externally through
When I try to access on the internal network it takes me to my router which is what would happen if I accessed it from the outside, then the appropriate port would forward. That doesn't work when coming from the internal network. That is why I think I need to make a change to the DNS server. Just not sure how to do so.

Hmmm Perhaps we're taking the wrong approach to this. Perhaps something is routing internally and therefor not allowing it to access those ports as if you were on the outside.

First I'm almost sure your routers configuration is the one that needs to be modified.

Most likely it is the DNS server from the router that is doing this.

How configurable is your router? Cisco or linksys?

Also you should definitatly be able to route back into your network as you do from the outside.

Ping the addresses figure out if they are internal or external.
When I try to access on the internal network it takes me to my router which is what would happen if I accessed it from the outside, then the appropriate port would forward.

Run nslookup on your internal network.
That needs to either resolve to the external IP address for OR it needs to point directly to your mail server.

If internal nslookup and external nslooks don't point to the same IP, then you've already got a split DNS zone configured.

Make sure that your router/firewall has internal network listed as a source network for the access rule that sends traffic to your
When I run nslookup from inside the network, I get:


Non-authoritative answer:

The ip address is the internal address of my router.

The first address for my DNS is the server itself.

Hope this helps.
Ok, so I added a forward lookup zone of Under that I added an "A" record for with the internal ip address and it works well. The problem is, now I can't access which is an external website. Any help would be appreciated.

On your internal DNS zone, you must add an A record for www which points to your external ip address.

You will also need to add any other external sites that you may also use in that domain.
I attempted that but it does not work. I ping the website and it gives me an ip address. I try using that ip address and it won't work. I did notice that if I put that ip address in ie is also doesn't work.

Check your proxy server settings in IP.
If you can Ping from command prompt then it's most likely an IE setting.

Also check out these instructions for setting up SBS for Internet access:
My IP address and proxy settings are fine.
Avatar of pahurdle

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This was the easiest solution.