[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Split DNS

Posted on 2014-09-01
4
Medium Priority
?
298 Views
Last Modified: 2014-09-03
We set local.abc.com domain.
Exchange is authoritative for local.abc.com and abc.com and all people use abc.com as main address.
We have simple SSL certificate for  abc.com installed.
Proper SRV record is set at Network Solution.
No problem with Outlook connection from outside.
There is certificate warning showing by Outlook inside office.
Problem is solved installing second router with different external IP address for Exchange server.
So Cisco ASA firewall does not allow session to go outside and return back.
Another workaround is editing host file on every PC specifying mail.abc.com ---> internal IP.
It is not option for laptops as they go outside.

Is any other fix except Split DNS configuring?
Can I set a record  mail.abc.com ---> internal IP  in host file of DC or it does not check a host file?


Thank you.
0
Comment
Question by:D_Batona
4 Comments
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40297606
Problem is solved installing second router with different external IP address for Exchange server.
So Cisco ASA firewall does not allow session to go outside and return back.
Another workaround is editing host file on every PC specifying mail.abc.com ---> internal IP.
It is not option for laptops as they go outside.

Although somewhat intensive, and nowhere near required to get this to work I give you some credit.. this is the first time I have ever heard anyone doing this in my life but it seems that (in theory) it would work.

I would recommend the following:

- Within local (internal) dns, create a forward lookup zone called "abc.com" and add the A records for mail.abc.com and autodiscover.abc.com. This would in theory point to the internal IP of the CAS role, depending on the version of Exchange you are running (2007+ this is accurate, if its 2003 you point it to the FE server)
- Set the InternalURL to the same values as the ExternalURL
- Set the SCP to autodiscover.abc.com, which can be done with the following command..

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalUri https://autodiscover.abc.com/autodiscover/autodiscover.xml

Open in new window


That will fix the issue, permanently for you. Since a forward lookup zone exists within internal DNS, the clients will look at that zone for abc.com and only request DNS to refeer outside if the lookup is not within the zone. The clients should be pulling autodiscover, which will point internally and the XML records will pull down the proper InternalURL and ExternalURL since you have them set to the same. This would fix it, and then you can remove the second PIX.

Cheers!
0
 

Author Comment

by:D_Batona
ID: 40297619
Yes,
I know it will work.
 But question is "HOW TO" without setting abc.com as forward zone (Split DNS).
That cause a problem with www.abc.com and other records which should go to external IP addresses.
Host file trick is not working on DC. I just tested.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 40297887
Give the zone the FQDN and only put a blank record in it

Windows - Setting Up Split DNS

Pete
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 40298417
The ASA allow "hairpin" traffic.

It sounds like what you may need is DNS doctoring.  That's where you append the keyword 'dns' at the end of the static nat entry for your Exchange server.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month18 days, 14 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question