Re: Alias through DNS
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Sun, 6 Aug 2006 12:05:37 -0500
DNSer wrote:
I run a shop with W2K3 AD integrated DNS. I also host an ExchangeTell me you aren't hosting the Public zone for your public domain on your
2003 server.
We have a CISCO Firewall in the network and until recently I used DNS
doctoring (aliasing) to redirect requests from my inside users for the
publicly registered email server In other words, I had a firewall
rule that specified my publicly registered email server (MX), i.e.
mail.mydomain.com, is found at mail.inside.mydomain.com. It worked
great --there were no problems with name resolutions and email. After
maintenance on the firewall, this DNS doctoring stopped working
altogether.
This has become a real annoyance since I have a lot of branch office
and mobile users
who visit the main office and can not access email because the mail
host is named differently on the inside from the public email name.
And without changing settings in their mail client and \ or providing
a "new" address for their OWA, they cannot get to their email.
I've troubleshot the problem with CISCO -- there's no way to recapture
the functionality without changing hardware -- not a very practical
solution. I've thought there may be a way
to do it in DNS with the use of CNAME RR. But I've also heard there
may be problems
using cname references for mail servers.
internal DNS server and whether the internal domain is or is not the same
name as your public domain. MX records should never give a CNAME for an SMTP
server, the MX record should give the A record name that the SMTP server
uses in its EHLO/HELO greeting.
Does anyone have experience with this type of problem and if so, how
did you resolve it?
I'm going to assume that the internal domain name is not the same as your
public domain, you need to create a forward lookup zone with the
fully-qualified name that you use from the external DNS server, e.g.
"mail.mydomain.com" in that zone create one new host, leave the name field
blank and give it the internal IP of the mail server. Make sure you give
this record a TTL of 15 minutes or less, assuming 15 minutes is the minimum
time it takes for mobile users to move from the internal network to an
external network, you might even use a lower TTL or even a 0 TTL so the
internal record does not get cached at all, but that puts extra load on your
DNS server.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- Follow-Ups:
- Re: Alias through DNS
- From: DNSer
- Re: Alias through DNS
- References:
- Alias through DNS
- From: DNSer
- Alias through DNS
- Prev by Date: Re: Cleaning Up netlogon
- Next by Date: Re: Strange dns lookup problem, please help.
- Previous by thread: Re: Alias through DNS
- Next by thread: Re: Alias through DNS
- Index(es):
Relevant Pages
|
