Re: SBS self hosting DNS setup

In news:321A0B4D-E2B7-49D3-8600-83A5F0CB4A47@xxxxxxxxxxxxx,
TheDude(Tom) <TheDudeTom@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I
commented on below:
Thks Ace. I closed other post. I thought I made this question clear
by stating I created a a new FW LUP zone for mycomp.com for external
access to my intranet.
I make the owa, www etc entries at the public DNS provider to point
to my outside router IP. But what entries go in the new mycomp.com
zone? where do they point? 10.x.x.2 or 68.x.x.46, internal nic ?

Yes, for internal users, the internal NIC only.

I created mail.mycomp.com in public dns. Don't I need a matching
record for mail, www, owa etc on my internal dns? My internal mail
server's name is stevie not mail. So do I have this wrong?

Internal machines, assuming they are using Exchange and Outlook, do NOT
require a 'mail' or MX record.

I thought the split dns is the solution to mixing up the dns records.
And prevents looping back.

No. It's just to make the logon names the same as their email addresses. It
complicates matters if you ask me. Also, if the webserver is hosted
elsewhere, or even internally on a different server other than the DCs (in
your case your sole SBS), don't expect to get to it by not using the 'www'
in front of the domain name. If you want to do that, there are more steps
involved.

Also, you've got an issue with the multihomed DC. Multihoming a DC is not
recommended and there are NUMEROUS steps to fix it and ensure AD
functionality and that the DNS SRV registration records for AD are correct.

Why is there no comprehensive MS article/how to for this on SBS? All
i can find are bits and pieces. Nobody self hosts?

Yes, many self host. However, this is an industry thing based on scenario
and not Microsoft specific when it comes to internal/external domains the
same and using private/public (NAT) IPs.


" If you are attempting to host your external domain on your internal
DNS,
then there's an issue with mixing private IPs and public IPs. You
just can't do it. You'll need a separated DNS server just for the
public records. Matter of fact, the registrars want you to have a
minimum of two DNS servers for each domain zone."
Why did you say this? It's blatently obvious.

So is this:

If you want to offer your users OWA, OMA, FTP, WWW, those records
must be
made on the DNS server(s) hosting your public zone and all pointing
to that
68.x.x.46 address. You can't do this internally and expect the
internal clients to connect to the outside IP and be redirected back
in. NAT doesn't work that way, no matter from what manufaturer.

By my mentioning Split dns both of these issues are moot. Can you
please be more specific?
Is there a preferred Microsoft way to set this up? Tom


There is no "Microsoft" specific way of doing any of these other than what's
been practiced in teh industry by many, and depends on your scenario. I
mentioned the above stuff as a 'just-in-case' since many people when they
post DO NOT GIVE all the pertenent info about their scenario and many of us
need to guess, assume or ask questions.

If you say they're moot, then I assume you understand the issues with NAT.
NAT won't do a U-Turn from an internal request to it's outside IP back
internally whether using a Microsoft NAT solution or ANY OTHER name brand
(Cisco, Netscreen, Linksys, Netgear, etc etc etc). It's a NAT limitation.
That is why you need to create your internal records if accessing an
internal resource that you *may* be hosting externally with an iternal
private IP. As for Exchange and Outlook, that is a MAPI connection using AD
resources to authenticate and access the mail server. If you were to be
using POP or IMAP internally, then you would need to specifically stipulate
the internal private IPs.

Does that make sense? Please elaborate on anything that doesn't.

Ace


.

Relevant Pages

  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: exchange server cannot mount mailbox store
    ... Microsoft Support professionals. ... On the Domain Controller, start DNS management tool. ... Specify Primary Zone and use the Domain.Local as the Zone name. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: suddenly strange DNS/Active Directory related symptoms
    ... another client who was also experiencing the outage that SBCGlobal corrected ... The DNS service does not load all its zones on a DNS server that is running ... Domain Zone. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: 5774 errors
    ... As long as you're pointing to the internal DNS servers on all interfaces... ... install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC" ... Microsoft Client Services enabled? ... Primary DNS suffix matches the zone name in DNS and the AD domain name? ...
    (microsoft.public.windows.server.dns)
  • Re: Error while joining Windows XP client to windows 2000 domain
    ... Microsoft MVP - Directory Services ... >> 148.172.135.11 is not a public dns server. ... That appears to be a NAT ...
    (microsoft.public.win2000.dns)