dns-email

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all
Here's my problem: I have a small network with a win2k server. The domain and mail server are hosted by ISP, let's say mydomain.com. The internal domain is also mydomain.com, so if I set my server to be primary DNS, logon to the domain is fast, but email is not working. If I set the ISP DNS to be primary and my server secondary, the email is working but the logon takes forever. Email is set like (e-mail address removed). Any suggestions?
 
In
mike said:
Hi all,
Here's my problem: I have a small network with a win2k server. The
domain and mail server are hosted by ISP, let's say mydomain.com. The
internal domain is also mydomain.com, so if I set my server to be
primary DNS, logon to the domain is fast, but email is not working.
If I set the ISP DNS to be primary and my server secondary, the email
is working but the logon takes forever. Email is set like
(e-mail address removed). Any suggestions?
Click to expand...

Don't use your ISP's DNS at all in your NIC, use only your local DNS.
To fix the email problem, use the DNS managment console, open Forward Lookup
Zones then open mydomain.com Forward Lookup Zone, in the menu select Action
then new host, in the name field type mail or whatever the mail server
hostname is, give it the IP address of the mailserver.
 
Here's my problem: I have a small network with a win2k server. The
Don't use your ISP's DNS at all in your NIC, use only your local DNS.
To fix the email problem, use the DNS managment console, open Forward Lookup
Zones then open mydomain.com Forward Lookup Zone, in the menu select Action
then new host, in the name field type mail or whatever the mail server
hostname is, give it the IP address of the mailserver.
Click to expand...

Well the above isn't enogh :-) you'll also need to add an MX record
otherwise the mail exchange won't work; another solution which will
work and will avoid the problem at all is using a subdomain for your
LAN, for example, if your public domain is "mydomain.com" you may
use "lan.mydomain.com" for your LAN, this means that the machines
on the LAN will have names like (e.g.) server.lan.mydomain.com this
will allow you to configure the DNS as primary for such a zone and
will avoid the problems you're experiencing

Regards


--

* ObiWan

DNS "fail-safe" for Windows 2000 and 9X clients.
http://ntcanuck.com

Support and discussions forum
http://ntcanuck.com/net/board

408 XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm
 
ObiWan wrote:
Well the above isn't enogh :-) you'll also need to add an MX record
otherwise the mail exchange won't work;
Click to expand...

Not quite - they just need to be able to resolve mail.whatnot.com to an IP
address. Don't need to create an internal MX record at all. That's for
external senders trying to send mail *to* the domain in question...the MX
record has to exist for the domain's public DNS.

another solution which will
work and will avoid the problem at all is using a subdomain for your
LAN, for example, if your public domain is "mydomain.com" you may
use "lan.mydomain.com" for your LAN, this means that the machines
on the LAN will have names like (e.g.) server.lan.mydomain.com this
will allow you to configure the DNS as primary for such a zone and
will avoid the problems you're experiencing
Click to expand...

True, but not necessary. Split brain DNS can work just fine. ;-)
 
Not quite - they just need to be able to resolve mail.whatnot.com to an IP
address. Don't need to create an internal MX record at all. That's for
external senders trying to send mail *to* the domain in question...the MX
record has to exist for the domain's public DNS.
Click to expand...

Sure .. or for internal machines implementing their own smtp service
to send mail internally; some printers and other similar devices have
such a capability ... and need an MX :-) so adding it won't hurt imo
True, but not necessary. Split brain DNS can work just fine. ;-)
Click to expand...

Well .. yes, although since the original poster stated that it's a small
network such a change won't require too much to be implemented
and will avoid future problems ... better keeping on the safe side :-)

Regards
 
ObiWan said:
Sure .. or for internal machines implementing their own smtp service
to send mail internally; some printers and other similar devices have
such a capability ... and need an MX :-) so adding it won't hurt imo
Click to expand...

I've yet to run into such a situation. Re internal machines/SMTP servers -
all that should be needed is basic name resolution. Re printers - well, I've
yet to see that, too.
Well .. yes, although since the original poster stated that it's a
small network such a change won't require too much to be implemented
and will avoid future problems ... better keeping on the safe side :-)
Click to expand...

Sure, maybe, if you're starting from scratch. But it really isn't a very big
deal to use your registered Internet domain name as your AD domain name, and
tends to make things like Exchange admin easier. :-)
 
Sure .. or for internal machines implementing their own smtp service
I've yet to run into such a situation. Re internal machines/SMTP servers -
all that should be needed is basic name resolution. Re printers - well, I've
yet to see that, too.
Click to expand...

Well, the fact that you never faced such an issue doesn't mean it
can't happen <g> as I wrote, adding an MX to the internal DNS
won't hurt (nor it will take up so much time) and may be of help in
case such a thing will be needed in a future
Sure, maybe, if you're starting from scratch. But it really isn't a very big
deal to use your registered Internet domain name as your AD domain name, and
tends to make things like Exchange admin easier. :-)
Click to expand...

I suppose you skipped the part of the post about the "small network"
that's why I proposed to use the subdomain since not having too much
machines will make it easy to use the subdomain approach so that the
subdomain will already be in place if/when the network will grow

Regards
 
in message
: Here's my problem: I have a small network with a win2k server. The domain
and mail server are hosted by ISP, let's say mydomain.com. The internal
domain is also mydomain.com, so if I set my server to be primary DNS, logon
to the domain is fast, but email is not working. If I set the ISP DNS to be
primary and my server secondary, the email is working but the logon takes
forever. Email is set like (e-mail address removed). Any suggestions?

Hi Mike...

What you have is called a split horizon. It would be better to not have
external and internal domain names the same, as you already know but here
are the issues.

1. You need to add a record for your SMTP/POP3 server in your internal DNS.
2. Point all of your clients and your server ONLY to your internal DNS
server.
3. Make sure you do not have a root entry in your forward lookup zone, which
you probably do not have or you could not surf the net.
4. You do not need an MX record because your email server is external. You
do not have control over that IP block. Your ISP needs to take care of
that, which they are already doing.
5. If you have a web site and your ISP or someone else is hosting it, then
you need another Address for that in your internal DNS or you will never get
there.
6. Your ISP can also set a blank host record for your domain so anyone
external to your LAN can get to your web site, if one exists, with
http://yourdomain.com/. Anyone on your LAN MUST use
http://www.yourdomain.com/ because other wise it would not get past your
router. DO NOT create a blank host record and point it to the external
site.
7. You will never be able to get to any host with your domain that is
external to your LAN without an entry into your DNS, even if your ISP has
one in their DNS. The reason is you will be pointing all of your systems to
the internal DNS so they will not know it exists. Nobody external to your
network will have this issue because the SOA is your ISP's DNS, not yours.
8. You can set a forwarder in your DNS Server configuration which may speed
up address resolution to any external hosts but it is not required. Without
it, the root hints will be used and this eliminates a single point of
failure in case your ISP's DNS ever goes down.

What Kevin told you is all you need if everything else in place, unless you
have a web site. I set my internal networks as internal.domain.tld so
eliminate the issues you're experiencing. It doesn't matter what you call
it, as long as it is a dotted name.

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
 
Back
Top