Split DNS
We set local.abc.com domain.
Exchange is authoritative for local.abc.com and abc.com and all people use abc.com as main address.
We have simple SSL certificate for abc.com installed.
Proper SRV record is set at Network Solution.
No problem with Outlook connection from outside.
There is certificate warning showing by Outlook inside office.
Problem is solved installing second router with different external IP address for Exchange server.
So Cisco ASA firewall does not allow session to go outside and return back.
Another workaround is editing host file on every PC specifying mail.abc.com ---> internal IP.
It is not option for laptops as they go outside.
Is any other fix except Split DNS configuring?
Can I set a record mail.abc.com ---> internal IP in host file of DC or it does not check a host file?
Thank you.
Exchange is authoritative for local.abc.com and abc.com and all people use abc.com as main address.
We have simple SSL certificate for abc.com installed.
Proper SRV record is set at Network Solution.
No problem with Outlook connection from outside.
There is certificate warning showing by Outlook inside office.
Problem is solved installing second router with different external IP address for Exchange server.
So Cisco ASA firewall does not allow session to go outside and return back.
Another workaround is editing host file on every PC specifying mail.abc.com ---> internal IP.
It is not option for laptops as they go outside.
Is any other fix except Split DNS configuring?
Can I set a record mail.abc.com ---> internal IP in host file of DC or it does not check a host file?
Thank you.
ASKER
Yes,
I know it will work.
But question is "HOW TO" without setting abc.com as forward zone (Split DNS).
That cause a problem with www.abc.com and other records which should go to external IP addresses.
Host file trick is not working on DC. I just tested.
I know it will work.
But question is "HOW TO" without setting abc.com as forward zone (Split DNS).
That cause a problem with www.abc.com and other records which should go to external IP addresses.
Host file trick is not working on DC. I just tested.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The ASA allow "hairpin" traffic.
It sounds like what you may need is DNS doctoring. That's where you append the keyword 'dns' at the end of the static nat entry for your Exchange server.
It sounds like what you may need is DNS doctoring. That's where you append the keyword 'dns' at the end of the static nat entry for your Exchange server.
Although somewhat intensive, and nowhere near required to get this to work I give you some credit.. this is the first time I have ever heard anyone doing this in my life but it seems that (in theory) it would work.
I would recommend the following:
- Within local (internal) dns, create a forward lookup zone called "abc.com" and add the A records for mail.abc.com and autodiscover.abc.com. This would in theory point to the internal IP of the CAS role, depending on the version of Exchange you are running (2007+ this is accurate, if its 2003 you point it to the FE server)
- Set the InternalURL to the same values as the ExternalURL
- Set the SCP to autodiscover.abc.com, which can be done with the following command..
Open in new window
That will fix the issue, permanently for you. Since a forward lookup zone exists within internal DNS, the clients will look at that zone for abc.com and only request DNS to refeer outside if the lookup is not within the zone. The clients should be pulling autodiscover, which will point internally and the XML records will pull down the proper InternalURL and ExternalURL since you have them set to the same. This would fix it, and then you can remove the second PIX.
Cheers!