Exchange 2010 and Split DNS
Here is the problem:
I want to publish an Exchange server 2010 using TMg 2010Server
and DNS configuration,(this problem)
* Windows 2008 R2 ActiveDirectory domain, with 1 Domain controller: hq.asq.com
* Exchange 2010 messaging with 1 Exchange server : Makhoex01.hq.asq.com (Internl) and mail.asqgrp.net (Extrnal)
* One TMG 2010 Server with 2 network cards
Two networks: local network (hq.asq.com) and the external network (internet)
Now i'm confused, can't find an article or a tutorial on the internet in order to configure Split DNS .how to do?
How can users send/receive emails to/from the internet with the this name mail.asqgrp.com?
How registered the domain and the MX records?
If u have a link to an article or if u can help me that would be great.
Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
May 31st, 2011 10:28pm
Hi!
first of all, you're not really looking at a split-dns. Your internal domain name and your external domain name do not match.
However, since your internal domain is a public routable domain; it might be that you need additional configuration.
MSFT has a great guide on the best practices of publishing Exchange 2010 through Forefront TMG/UAG.
You can download it here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=894bab3e-c910-4c97-ab22-59e91421e022&displaylang=en
Having 2 NICs in your TMG is no problem at all. One will be used for public communications and one will be used for internal communications.
In order to help, I need to get some more information first.
- asqgrp.net is your public domain, right? So this will be the email-domain as well?
If yes, have you configured it as an accepted domain and added it into the e-mail address policy?
- about the MX-records. If your external domain is asqgrp.net than you should have a MX-record for that domain, pointing to the public IP-address of your mail server (or anti-spam appliance, whatsoever). By the looks of it, this will most probably be the
public IP of your TMG.
- The configuration of your TMG really depends on what you want to publish. Are we talking about the Exchange Web Services or also SMTP?
Kind regards,
Michael
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2011 1:00am
thank you for reply Michael
1- first of all, you're not really looking at a split-dns.
ok , but i want internal and extarnal user use one domain name .
2- your internal domain is a public routable domain
What means form this?
3- asqgrp.net is your public domain, right? So this will be the email-domain as well?
Yes.
4- have you configured it as an accepted domain and added it into the e-mail address policy?
Yes.
5-about the MX-records. If your external domain is asqgrp.net than you should have a MX-record for that domain, pointing to the public IP-address of your mail server (or anti-spam appliance, whatsoever). By the looks of it, this will most probably
be the public IP of your TMG
i want expalin for this point step-by-step.
Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
June 1st, 2011 9:13am
Abelhamid,
1. Having an internal domainname that's not equal to the external domainname is common. If you
really want to change that; you'll have to rename your internal domain.
Renaming the internal domain with Exchange installed in it, isn't supported however.
2. Your internal domain ends with .com. This is a so-called TLD (Top-Level-Domain) and is routable over the internet. Extentions like .local .int .corp are
not routable (recognized) on the net. If your internal domainname would match your external domainname; then you'd have a split-dns and you'd have to configure extra records on the internal dns-server.
5. Setting your MX records really depends on how your registrar lets you control your DNS. Where did you register that domainname? Are you using own (public) DNS servers or are you using DNS servers from your registrar?
Greets,
Michael
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2011 9:58am
thank you for reply Michael
the basic problem is we ask DigiCert to make certificate to publish exchange and send this domain name
asqgrp.net
mail.asqgrp.net
autodiscover.asqgrp.net
hq.asq.com
Makhoex01.hq.asq.com
autodiscover.hq.asq.com
all domain contain asgqrp.net accept form Digi Cert but asq.com not accepte because anothe persone own this domain asq.com
so i can use this domain name asq.com in public we try buy it but it's very expansive
so i try used asqgrp.net only for internal and external users.
in this case need split dns to direct internal users to asqgrp.net to use certificat ( i want make record to when user internal type mail.asqgrp.net the ie direct it to makhoec01.hq.asq.com without go out as direct internal
i try explain but maybe you need more information ask any think ? if u can make live chat it's good
i wait reply we reigistar domain name asqgrp.net on ixwebhosting
Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
June 1st, 2011 10:13am
Hi there,
Now I understand where your problem comes from. However; it does not necessarily needs to be much of an issue.
If your certificate cannot hold your internal name (because your internal domain name is owned by someone else publicly); you can configure your internalURL's to match your externalURL's.
Here is a nice article from MSFT that explains how to do that:
http://support.microsoft.com/kb/940726/en-us
Hope this helps now ;-)
Greets!
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2011 10:35am