Split DNS

We set local.abc.com domain.
Exchange is authoritative for local.abc.com and abc.com and all people use abc.com as main address.
We have simple SSL certificate for  abc.com installed.
Proper SRV record is set at Network Solution.
No problem with Outlook connection from outside.
There is certificate warning showing by Outlook inside office.
Problem is solved installing second router with different external IP address for Exchange server.
So Cisco ASA firewall does not allow session to go outside and return back.
Another workaround is editing host file on every PC specifying mail.abc.com ---> internal IP.
It is not option for laptops as they go outside.

Is any other fix except Split DNS configuring?
Can I set a record  mail.abc.com ---> internal IP  in host file of DC or it does not check a host file?


Thank you.
D_BatonaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam FarageEnterprise ArchCommented:
Problem is solved installing second router with different external IP address for Exchange server.
So Cisco ASA firewall does not allow session to go outside and return back.
Another workaround is editing host file on every PC specifying mail.abc.com ---> internal IP.
It is not option for laptops as they go outside.

Although somewhat intensive, and nowhere near required to get this to work I give you some credit.. this is the first time I have ever heard anyone doing this in my life but it seems that (in theory) it would work.

I would recommend the following:

- Within local (internal) dns, create a forward lookup zone called "abc.com" and add the A records for mail.abc.com and autodiscover.abc.com. This would in theory point to the internal IP of the CAS role, depending on the version of Exchange you are running (2007+ this is accurate, if its 2003 you point it to the FE server)
- Set the InternalURL to the same values as the ExternalURL
- Set the SCP to autodiscover.abc.com, which can be done with the following command..

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalUri https://autodiscover.abc.com/autodiscover/autodiscover.xml

Open in new window


That will fix the issue, permanently for you. Since a forward lookup zone exists within internal DNS, the clients will look at that zone for abc.com and only request DNS to refeer outside if the lookup is not within the zone. The clients should be pulling autodiscover, which will point internally and the XML records will pull down the proper InternalURL and ExternalURL since you have them set to the same. This would fix it, and then you can remove the second PIX.

Cheers!
0
D_BatonaAuthor Commented:
Yes,
I know it will work.
 But question is "HOW TO" without setting abc.com as forward zone (Split DNS).
That cause a problem with www.abc.com and other records which should go to external IP addresses.
Host file trick is not working on DC. I just tested.
0
Pete LongTechnical ConsultantCommented:
Give the zone the FQDN and only put a blank record in it

Windows - Setting Up Split DNS

Pete
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jan SpringerCommented:
The ASA allow "hairpin" traffic.

It sounds like what you may need is DNS doctoring.  That's where you append the keyword 'dns' at the end of the static nat entry for your Exchange server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.