Internal / EXternal DNS

  • Thread starter Thread starter Joe
  • Start date Start date
J

Joe

I'm a bit confused on having separate internal & external dns namespaces.
not sure how to set this up.
I will be setting up a 2 win2003 boxes,1 for file& print & the other with
exchange2003. I had planned on using
the same internal/external name space...for instance abc.com.....now they
want separate names for security...
example ...abc.com and abc.local. Can some one shed some light on what has
to be done or point me towards some papers on the subject...

Thanks in advance...
 
For security? That doesn't have anything to do with security. Can you ask
what they mean before you undertake this process?
 
In Joe <[email protected]> posted a question
Then Kevin replied below:
: I'm a bit confused on having separate internal & external dns
: namespaces. not sure how to set this up.
: I will be setting up a 2 win2003 boxes,1 for file& print & the other
: with exchange2003. I had planned on using
: the same internal/external name space...for instance abc.com.....now
: they want separate names for security...
: example ...abc.com and abc.local. Can some one shed some light on
: what has to be done or point me towards some papers on the subject...
:
: Thanks in advance...

Actually, domain names are really a matter of preference, security is not an
issue when it comes to choosing a domain name. You are just as secure either
way you go. Choosing abc.local over abc.com is not going to make you more
secure in any way. You would set up the domain the same no matter which name
you use.
237675 - Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
 
thanks for the quick response..
But i guess my confusion is for the email (exchange) If internally its
..local and the external name is .com,
dont i have to create alias record in dns or something ?
 
In Joe <[email protected]> posted a question
Then Kevin replied below:
: thanks for the quick response..
: But i guess my confusion is for the email (exchange) If internally its
: .local and the external name is .com,
: dont i have to create alias record in dns or something ?
:
You will if you use OWA and the OWA website has a host header.
Just for example, if the Exchange website is mail.example.com/exchange you
give the site a host header of "mail.example.com" Then internally in your
DNS server create a forward lookup zone named "mail.example.com" then in
that zone put in one host record, leave the name field blank and give the
record the internal IP of the Exchange Server.
Externally, in the public zone for 'example.com' you need a host named
'mail' with the Public IP that you will forward port 25 for SMTP, 80 for
http, 110 for POP3, 143 for IMAP, 443 for https to the Exchange Server. Also
in that public zone you need an MX record, pointing to "mail.example.com",
you don't need an MX record in the private zone. Exchange will never look
for its own MX record.
If you are not using a "Smart host" you will also need a PTR record for the
Public IP that Exchange will be delivering mail to other mail servers from.
In most cases though you are better off using your ISP's Mail server as your
smart host. Then you don't need the reverse lookup and PTR for Exchange.
 
so let me get this straight..(apparently im quite thick) ..(they wont be
using owa)

In using separate zones, local & com, After creating the 'local' zone in AD,
I create a 2nd forward lookup zone with the public name and create an mx
record with the internal ip address of the exchange server ? right ?

Then arent 2 email addresses needed for each user, 1 for internal & 1 for
external ?
I dont mean to keep beating this horse.......Thanks gentlemen.....





"Lanwench [MVP - Exchange]"
 
Just to run Exchange - you don't need an MX record, you don't need to do
anything in DNS.

Just set up your recipient policy so that the default domain is your real
one - make sure all mailboxes inherit the properties and are stamped with
the correct address. Users don't need a .local address in Exchange - you can
even delete it from the recipient policy if you want.


so let me get this straight..(apparently im quite thick) ..(they wont
be using owa)

In using separate zones, local & com, After creating the 'local' zone
in AD, I create a 2nd forward lookup zone with the public name and
create an mx record with the internal ip address of the exchange
server ? right ?

Then arent 2 email addresses needed for each user, 1 for internal & 1
for external ?
I dont mean to keep beating this horse.......Thanks gentlemen.....





"Lanwench [MVP - Exchange]"
....or internally, use http://servername/exchange
Click to expand...
Click to expand...
 
In Joe <[email protected]> posted a question
Then Kevin replied below:
: so let me get this straight..(apparently im quite thick) ..(they wont
: be using owa)
:
: In using separate zones, local & com, After creating the 'local' zone
: in AD, I create a 2nd forward lookup zone with the public name and
: create an mx record with the internal ip address of the exchange
: server ? right ?

No you do not want an MX record in the internal zone. They can only lead to
confusion.
But you do need a record fot the host name to the internal '.com' zone.
If you access exchange by 'mail.example.com' then in your internal
'example.com' zone create a record named 'mail' and give it the internal IP
of Exchange.
You will also need to add the public domain to Exchange, System manager,
Recipients, Select Recipient Policies, then in the Right hand pane, double
click on Default Policies. Select the E-Mail Addresses Tab, Click new, SMTP
address Type in '@example.com', then set the deafult email address, then OK
out.

:
: Then arent 2 email addresses needed for each user, 1 for internal & 1
: for external ?
: I dont mean to keep beating this horse.......Thanks gentlemen.....
:

No, just set the users default email address to the external address.
You can also go in to AD Domains and Trusts and add the email domain as a
UPN logon name, then users can logon by their email address ([email protected]
instead of (e-mail address removed))
I can't find the article here is how to do it.
Go to ADD&T, at the very top highlight and right click on Active Directory
Domains and Trusts, choose properties. Type in the email domain in the
Alternative UPN suffixes field, then click Add.
There is no way I know of to make your email domain the default UPN, but it
will add your external Email domain to the drop down list of the user
account properties on the account tab in ADU&C.
 
In Joe <[email protected]> posted their thoughts, then I offered mine
I dont mean to keep beating this horse.......Thanks gentlemen.....
Click to expand...

Actually, off topic, Lanwench is a lady.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Lanwench [MVP - Exchange]
Some have said otherwise, but you are most kind, sir. <curtseys>
Click to expand...

You're quite welcome ma'am <bows>

:-)




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top