Re: Internal and external IP resolution
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 22 Jun 2009 22:48:00 -0400
"JN" <me@xxxxxxxx> wrote in message news:OP$SA%2338JHA.1492@xxxxxxxxxxxxxxxxxxxxxxx
The internal DNS server is correctly resolving names with internal IP addresses. The problem is that if the user for any reason looks for MAILSERVER.OURDOMAIN.COM while off the network "before" connecting internally the name will naturally be resolved by an external DNS from the ISP and will naturally resolve it to the external IP. If they boot up and correctly connect to the VPN before firing up Outlook or addressing MAILSERVER.OURDOMAIN.COM, the IP will be resolved properly by our internal DNS to 192.x.x.x
Example 1:
Boot up at home
Fire up Outlook
Outlook checks if MAILSERVER.OURDOMAIN.COM is available
MAILSERVER.OURDOMAIN.COM is resolve as 65.x.x.x
Connect to VPN
Open Outlook again
Computer checks DNS cache for server, still resolves to 65.x.x.x
Example 2:
Boot up at home
Connect to VPN
Fire up Outlook
Outlook checks if MAILSERVER.OURDOMAIN.COM is available
MAILSERVER.OURDOMAIN.COM is resolved as 192.168.x.x
Outlook functions fine.
As far as RPC over HTTPS I was under the assuption that I had to have the Exchange Server as the Global Catalog. My network has a W2K DC, and the W2k3 Exchange 2003 member server. I did not think I could get RPC over HTTPs to work with this setup.
First, RPC over HTTPS, also known as Outlook Anywhere, works whether Exchange is on a DC or not, but HIGHLY preferable, and HIGHLY recommended to not be on a DC. It sounds like you're ok in this department. But you will need a public certificate for the Exchange server. Since you have Exchange 2003, that's easy. You just need a simple certificate that you can get at GoDaddy, Verisign, Digicert, etc. I like Digicert, but that's up to you. Go into Exchange's Windows Add/Remove, add components, Networking, and add RPC server. Follow the following links to configure it:
How can I configure RPC over HTTP/S on Exchange 2003 (single ...RPC over HTTP/S is a cool method for connecting your Outlook 2003 client to the corporate Exchange Server 2003 from the Internet or WAN, without the need ....
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
Configure Outlook 2003 to use RPC over HTTP/SHow can I configure Outlook 2003 to use RPC over HTTP/S? RPC over HTTP/S is a cool method for connecting your Outlook 2003 client to the corporate Exchange.
http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm
As for the other local DNS cache issue, it looks like a chicken before the egg, or vice versa issue. Normally when a VPN is connected, the VPN connection goes to the top of the binding order. Funny, I've haven't had this issue with any of my customers, but then again, their internal and external names are different.
One way to get around it is a batch file saved on the desktop to run a simple "ipconfig /flushdns." Just instruct them to double click on it after they connect. There are other methods to reset the DNS eligible resolver list, but that is not needed here, because as I said above, the VPN becomes the default connection that the resolver service will use the DNS entries on it to be queried first, so it wouldn't matter to reset the list.
Oh, I wanted to comment on the "[...[ aggressive SPAM filters like crummy
Comcast and Verizon who think they own the Internet [...]" comment. It's actually the fact they use various RBLs, one of which is the SORBS list, which is pretty stringent. I've had to deal with SORBS once in the past at a place I worked that put us on their list when one user's credentials were hijacked and his account sent out over 20,000 emails over night. Of course, without saying, it prevented us from sending to AOL, Verizon, Comcast and a few others. We went through their process to clean it up. If you are having problems sending to these domains, and others, I would suggest to check if your IP is on the SORBS list at www.sorbs.net. I would also check to see if you are on other RBLs just in case, as well as make sure you have a valid and correct SPF configured (http://old.openspf.org/wizard.html).
RBL Checks:
On an RBL? Find out why. Free tool. Instant, no registration required.
http://www.MXToolbox.com
MSRBL - Multi RBL CheckerMulti-RBL Check. Enter the IP address below to check listings in multiple RBLs. ... Checking RBLs (This may take upto a minute to process) ...
http://checker.msrbl.com
Multi-RBL checker, Multi-DNSBL lookupMulti DNS blacklist (DNSBL), Real-time Blackhole List (RBL) lookup :. Whois · Traceroute · Link Popularity · RBL Check Close ...
http://cqcounter.com/rbl_check/
I hope that helps.
Ace
.
- References:
- Internal and external IP resolution
- From: JN
- Re: Internal and external IP resolution
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: Internal and external IP resolution
- From: JN
- Internal and external IP resolution
- Prev by Date: Re: DHCP issuing 2 or more to clients/servers
- Next by Date: Re: Should we disable IPv6 ?
- Previous by thread: Re: Internal and external IP resolution
- Next by thread: Re: PEAP user authentication failed - need help
- Index(es):
Relevant Pages
|
