Web Mail Not Working After Adding New DNS Zone
-
so what is the best practice here? set everything twice?
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
@JaredBusch So its a bad idea right?
Really - it depends. But I wouldn't say it's bad, it's just a split horizon DNS that you've created.
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so is it better to keep it on rose.internal and register that domain?
is there a .internal TLD? and what good would it do? You wouldn't want to put internal IPs into a global answering DNS server.
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so what is the best practice here? set everything twice?
Best Practice - great question,
I see to options
- do what you did and manage internal IPs and external IPs separately.
- if your router supports hairpin routing, then you can skip the internal hosting of zone roseradiology.com.
Hairpin routing means that your PC wants to go to an internal resource, but DNS declares that it's on the internet somewhere. When the packet gets to the router, it (the router) realizes that the packet is really meant for an internal source, so it sends the packet back to the internal server. Not all routers/firewalls support this.
-
As far as best practice goes, Microsoft has gone back and forth on the issue between split DNS and internal domain name. The last time I looked, they recommended a subdomain for your internal network. So instead of domain.com inside and out, or domain.local inside and domain.com outside, they use ad.domain.com inside and domain.com outside.
I've dealt with them all and they all have their advantages and disadvantages. At the end of the day, I think you just need to understand them and pick the one that works best for that client.
-
@Dashrender so a split horizon DNS would be creating a zone for roseradiology.com and then adding internal records for mail, www, etc
Our new active directory domain is rose.internal so would that be the top level domain?
-
What about creating a CNAME that points to the internal A record?
For example:
A 192.168.1.5 ownlcloud.rose.internal
CNAME owncloud.roseradiology.com owncloud.rose.internal -
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
@Dashrender so a split horizon DNS would be creating a zone for roseradiology.com and then adding internal records for mail, www, etc
Our new active directory domain is rose.internal so would that be the top level domain?
Correct, rose.internal is your internal TLD. But .internal does not exist on the internet, so you asked about registering it, you can't register is for use on the internet. Think of it like the 10.x.x.x network. You can use that internally, but not on the internet. You can have any TLD internally that you want, but when it comes to what is used on the internet, you have to follow the ICANN rules.
-
@Kelly said in Web Mail Not Working After Adding New DNS Zone:
What about creating a CNAME that points to the internal A record?
For example:
A 192.168.1.5 ownlcloud.rose.internal
CNAME owncloud.roseradiology.com owncloud.rose.internalIs of course is the best solution when using Split Horizon DNS because if the internal IP changes, the records will all follow.
-
so whoever hosts the DNS for my domain should be able to create a CNAME to alias owncloud.roseradiology.com to owncloud.rose.internal? Correct?
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so whoever hosts the DNS for my domain should be able to create a CNAME to alias owncloud.roseradiology.com to owncloud.rose.internal? Correct?
No, that is something you would do internally, on the DNS servers you control. In a Split Horizon setup, the two systems, internal DNS and external DNS, they both are handled completely separately.
But, internally, where you have both rose.internal and roseradiology.com, you can create a record from one domain pointing to the other if you want.
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
So if I add a record for mail.roseradiology.com that should fix?
Yes, but it's far from ideal.
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so whoever hosts the DNS for my domain should be able to create a CNAME to alias owncloud.roseradiology.com to owncloud.rose.internal? Correct?
but that would direct ALL external users to the same internal IP address causing them to fail.
-
@scottalanmiller said in Web Mail Not Working After Adding New DNS Zone:
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so whoever hosts the DNS for my domain should be able to create a CNAME to alias owncloud.roseradiology.com to owncloud.rose.internal? Correct?
but that would direct ALL external users to the same internal IP address causing them to fail.
he's talking about doing this on his INTERNAL DNS server, I do believe.
-
people don't normally refers to the internal staff as "whoever hosts my..." That's an odd terminology to use for the guy at the desk next to yours.
-
@scottalanmiller said in Web Mail Not Working After Adding New DNS Zone:
people don't normally refers to the internal staff as "whoever hosts my..." That's an odd terminology to use for the guy at the desk next to yours.
Or your own desk.
-
@scottalanmiller said in Web Mail Not Working After Adding New DNS Zone:
people don't normally refers to the internal staff as "whoever hosts my..." That's an odd terminology to use for the guy at the desk next to yours.
Yes, but if you recall (or go look at) the prior thread, it is clear that he has no understanding of DNS at all.
-
@Kelly said in Web Mail Not Working After Adding New DNS Zone:
What about creating a CNAME that points to the internal A record?
For example:
A 192.168.1.5 ownlcloud.rose.internal
CNAME owncloud.roseradiology.com owncloud.rose.internalI did not think Windows let you do that
-
For you internal DNS server, you have to now setup everything to match what your external DNS shows, except for the items that you want to point to internal addresses.
Here is a live working example from a client
Internal DNS for domain.com
External DNS for domain.com
-
@JaredBusch said in Web Mail Not Working After Adding New DNS Zone:
@Kelly said in Web Mail Not Working After Adding New DNS Zone:
What about creating a CNAME that points to the internal A record?
For example:
A 192.168.1.5 ownlcloud.rose.internal
CNAME owncloud.roseradiology.com owncloud.rose.internalI did not think Windows let you do that
You absolutely can do this.
