Edge Transport DNS Suffix Question
I've searched high and low and can't find any real answer to this question. What DNS suffix do I want to use on my Edge Transport server that is sitting in my DMZ? I have found plenty of information on how to set this, but not what it should be set to. Do I just make up some suffix out of the blue? Do I use my main internal AD DNS suffix (which is also the same as our external)? Do I use the suffix that we have setup for our DMZ domain? I'm shocked that there are a load of articles saying the exact same thing on how to set it up, but never on what should be used for this value. Thanks.
August 8th, 2007 9:03pm
I would set it to the main external domain name.
if edge has more NICs I would set the external one to the external domain name and the internal NIC to the AD domain name.
be carefull though that Edge must be able to resolve any HUB servers name to IP correctly
Free Windows Admin Tool Kit Click here and download it now
August 8th, 2007 9:59pm
I guess in that case I'm all set as our internal and external domain is one in the same name-wise, so that's what I'll use.On a seperate note but still related I believe--what is the purpose of having multiple NICs in something like an Edge Transport server if you only have a single Exchange 2007 server, Edge server and firewall with DMZ? The Edge server would sit in the DMZ I would assume and I can't figure out where you would make any second connection to. Not the internal LAN, because that kindof defeats the DMZ, and not the external WAN because the external firewall does that. Is a dual NIC situation more or less for when you aren't putting the Edge server in a DMZ?Thanks for the help. It's much appreciated.
August 8th, 2007 11:36pm
http://blogs.technet.com/haroldwong/Default.aspx?p=3
<snip>
Question: Everything I've seen from Microsoft seems to indicate that the Edge Transport server should be dual homed and in the perimeter network. I've seen discussion which question the logic of doing this, and would prefer to put the Edge Transport Server in the ISA's perimiter DMS as a single homed computer. If the Edge Transport is dual homed it would seem that it would have to run in parallel with an existing ISA Server. Can you clarify this? Thanks.
Answer: The Edge Transport does not have to be dual homed. It will work just fine with a single network interface. Since not all customer use ISA as their firewall solution so we don't automatically assume that.</snip>
Free Windows Admin Tool Kit Click here and download it now
October 5th, 2007 5:13am