creative555
asked on
split dns question and using cname instead of A records
Hello,
I am running everything in Azure - 2013 Exchange which is Hybrid and 2010 Sp3 Exchange.
Since IPs might change when machine is shut I was reading somewhere that it is advisable to use CNAME instead of A records so instead of pointing to IP, I could use CNAME and point to Exchange2013 hostname
So, I need two records mail and autodiscover for 2013 server. Also, my internal Domain is contoso.local (non routable) and I setup DNS forward lookup zone for domain that is routable - externaldomain.com
So, I have local domain - contoso.local and external domain setup as forward lookup zone in internal DNS- externaldomain.com
what internal DNS records to I need to setup? Can I setup cname records in both forward lookup zones?
For example:
Contoso.local DNS forward lookup zone
CNAME autodiscover.contoso.local
MX record mail.contoso.local points to exchange2013.contoso.loca
Externaldomain forward lookup zone on internal DNS
CNAME mail.externaldomain.com points to exchange2013.contoso.local
CNAME autodiscover.externaldomai
Please note that because I used digi cert and it doesn't support non-routable domains such as contoso.local, they advise to use external names for exchange server
Please help
I am running everything in Azure - 2013 Exchange which is Hybrid and 2010 Sp3 Exchange.
Since IPs might change when machine is shut I was reading somewhere that it is advisable to use CNAME instead of A records so instead of pointing to IP, I could use CNAME and point to Exchange2013 hostname
So, I need two records mail and autodiscover for 2013 server. Also, my internal Domain is contoso.local (non routable) and I setup DNS forward lookup zone for domain that is routable - externaldomain.com
So, I have local domain - contoso.local and external domain setup as forward lookup zone in internal DNS- externaldomain.com
what internal DNS records to I need to setup? Can I setup cname records in both forward lookup zones?
For example:
Contoso.local DNS forward lookup zone
CNAME autodiscover.contoso.local
MX record mail.contoso.local points to exchange2013.contoso.loca
Externaldomain forward lookup zone on internal DNS
CNAME mail.externaldomain.com points to exchange2013.contoso.local
CNAME autodiscover.externaldomai
Please note that because I used digi cert and it doesn't support non-routable domains such as contoso.local, they advise to use external names for exchange server
Please help
Last Comment
ASKER
Thank you so much.
If I understand you correctly, basically for Internal DNS:
I need CNAME autodiscover record in my Internal DNS external forwad lookup zone externaldomain.com and DONT need CNAME in the DNS internal zone contoso.local?
How about internal DNS MX record? Should I have it in external forward lookup zone or internal forward lookup zone contoso.local in my internal DNS? Please note that all clients FQDN is computername.contoso.local
External DNS:
CNAME Autodiscover pointing to Public IP of the VM as well as CNAME mail pointing to the same PUBLIC IP of the VM. MX record pointing to PUBLIC IP
Thanks for cert and virtual directory notes, I did set them up already.
If I understand you correctly, basically for Internal DNS:
I need CNAME autodiscover record in my Internal DNS external forwad lookup zone externaldomain.com and DONT need CNAME in the DNS internal zone contoso.local?
How about internal DNS MX record? Should I have it in external forward lookup zone or internal forward lookup zone contoso.local in my internal DNS? Please note that all clients FQDN is computername.contoso.local
External DNS:
CNAME Autodiscover pointing to Public IP of the VM as well as CNAME mail pointing to the same PUBLIC IP of the VM. MX record pointing to PUBLIC IP
Thanks for cert and virtual directory notes, I did set them up already.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
If everything truly was hosted in Azure, the only time you would need to worry about that .local domain is if you were using some kind of VDI or DaaS solution on the same hosted network as the Exchange server. Otherwise everything will be external by default. I think it would be easiest to explain best practice if everything was on-prem, then make adjustments for the cloud.
SSL cert should cover mail.domain.com and autodiscover.domain.com unless you want to throw in a pop or smtp subdomain.
DNS should be an A record for mail.domain.com pointing to your Exchange server's WAN IP, and either an SRV, CNAME, or A record for autodiscover.domain.com. I prefer CNAME unless it's a multi-tenant deployment.
All virtual directories should have an internal URL that matches the external URL, ie https://mail.contoso.com/EWS/Exchange.asmx.
Outlook Anywhere should be configured with basic and NTLM auth for IISAuthentication, and NTLM for InternalClientAuthenticati
You can avoid the internal forward lookup zone all together with the right firewall settings. Sonicwalls will do this out of the box, but Cicso requires a little extra configuration called DNS fixup or DNS doctoring. Basically anytime the firewall query a DNS record that points back to itself, it stops the query before it leaves the network and redirects the connection back to the appropriate server. Pretty cool actually.