Re: Split DNS setup

Hi Philip,
I am going to test this out in a virtual server running windows 2003
standard (not r2, but that shouldnt make a difference).
I used the wizard to create a new role of Domain controller(AD).
I gave this domain the name headquarters.mydomain.local

So now I need to create a new "standard zone" as you stated. Is this new
zone going to be a primary zone or a secondary zone and I should call this
zone mydomain.com?

Thanks

"Phillip Windell" wrote:

"Nuz" <Nuz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C93B8EA4-2A5C-49B5-A36C-7C2545DA4939@xxxxxxxxxxxxxxxx
Hi,
My internal domain is going to be called myDomain.local and my external
domain is called myDomain.com (I have already bought the domain name from
an
isp)

I want to make the web site public via the ISA server and also the
sharepoint web pages public also(but it will be AD users only and not
public
access). I will also publish OWA and mobile OWA via the ISA using my
exchange
server.

Did you register the Hostnames you want the ISP to use?
Has the ISP setup your MX Record for the mail? What name?

I don't think you realize how much information I need,..it will take us days
at this rate. So I will make assumptions,..you will have to translate
between my assumptions and your reality.

It requires 2 DNS Servers. The ISP's counts as the second one, so you only
need to take care of yours.

I will assume Exchange and the Web Server are different machines.
If Sharepoint and WWW are different "sites" then use Host Headers to
distinguish them apart.

Host names:
www (the web server)
webmail (the exchange server)
mail (also the exchange server, and ISP used for MX record)
sharepoint (also the web server)

AD Names
exchange.myDomain.local
webserver.myDomain.local


Create a new Standard Zone in the AD DNS. Call it "myDomain.com"
Create CNAME Records in the "new" zone and point them to the proper HOST
Records in the "original" AD Zone.

CNAME "www" -------> HOST "webserver.myDomain.local"
CNAME "webmail" ----> HOST "exchange.myDomain.local"
CNAME "mail" ---------> HOST "exchange.myDomain.local"
CNAME "sharepoint" ---> HOST "webserver.myDomain.local"

Do not create any MX Records. Only the Public uses that and your ISP is to
take care of that.

I am going to assume that you already know how to configure your AD/DNS to
resolve Internet names and have already configured the DNS Forwarders List
and have the correct permissions for the outbound DNS queries.

Here is the link to the article that is relevant. This one assumes the AD
Domain and the Public domain are spelled differently. The second article
which I won't include assumes the two Domains are spelled the same. The
article is long and kind of tedious so if you don't know enough about it to
know what to focus on and what to not get hung up on you may have a hard
time with it,...that's why I like to give the "short version".

Supporting ISA Firewall Networks Protecting Illegal Top-level Domains: You
Need a Split DNS!
http://www.isaserver.org/tutorials/2004illegaltldsplitdns.html


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------



.

Relevant Pages